Examples with UserIdentity - org.eclipse.jetty.server.UserIdentity

Example 21 with UserIdentity

use of org.eclipse.jetty.server.UserIdentity in project jetty.project by eclipse.

the class ClientCertAuthenticator method validateRequest.

@Override
public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory) throws ServerAuthException {
    if (!mandatory)
        return new DeferredAuthentication(this);
    HttpServletRequest request = (HttpServletRequest) req;
    HttpServletResponse response = (HttpServletResponse) res;
    X509Certificate[] certs = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
    try {
        // Need certificates.
        if (certs != null && certs.length > 0) {
            if (_validateCerts) {
                KeyStore trustStore = getKeyStore(_trustStorePath, _trustStoreType, _trustStoreProvider, _trustStorePassword == null ? null : _trustStorePassword.toString());
                Collection<? extends CRL> crls = loadCRL(_crlPath);
                CertificateValidator validator = new CertificateValidator(trustStore, crls);
                validator.validate(certs);
            }
            for (X509Certificate cert : certs) {
                if (cert == null)
                    continue;
                Principal principal = cert.getSubjectDN();
                if (principal == null)
                    principal = cert.getIssuerDN();
                final String username = principal == null ? "clientcert" : principal.getName();
                final char[] credential = B64Code.encode(cert.getSignature());
                UserIdentity user = login(username, credential, req);
                if (user != null) {
                    return new UserAuthentication(getAuthMethod(), user);
                }
            }
        }
        if (!DeferredAuthentication.isDeferred(response)) {
            response.sendError(HttpServletResponse.SC_FORBIDDEN);
            return Authentication.SEND_FAILURE;
        }
        return Authentication.UNAUTHENTICATED;
    } catch (Exception e) {
        throw new ServerAuthException(e.getMessage());
    }
}

Also used : CertificateValidator(org.eclipse.jetty.util.security.CertificateValidator) UserIdentity(org.eclipse.jetty.server.UserIdentity) HttpServletResponse(javax.servlet.http.HttpServletResponse) ServerAuthException(org.eclipse.jetty.security.ServerAuthException) UserAuthentication(org.eclipse.jetty.security.UserAuthentication) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate) ServerAuthException(org.eclipse.jetty.security.ServerAuthException) HttpServletRequest(javax.servlet.http.HttpServletRequest) Principal(java.security.Principal)

Example 22 with UserIdentity

use of org.eclipse.jetty.server.UserIdentity in project jetty.project by eclipse.

the class HashLoginService method loadRoleInfo.

/* ------------------------------------------------------------ */
@Override
protected String[] loadRoleInfo(UserPrincipal user) {
    UserIdentity id = _propertyUserStore.getUserIdentity(user.getName());
    if (id == null)
        return null;
    Set<RolePrincipal> roles = id.getSubject().getPrincipals(RolePrincipal.class);
    if (roles == null)
        return null;
    List<String> list = new ArrayList<>();
    for (RolePrincipal r : roles) list.add(r.getName());
    return list.toArray(new String[roles.size()]);
}

Also used : UserIdentity(org.eclipse.jetty.server.UserIdentity) ArrayList(java.util.ArrayList)

Example 23 with UserIdentity

use of org.eclipse.jetty.server.UserIdentity in project elasticsearch-jetty by sonian.

the class ESLoginService method login.

@Override
public UserIdentity login(String username, Object credentials) {
    if (cacheTime >= 0) {
        long now = System.currentTimeMillis();
        if (now - lastHashPurge > cacheTime || cacheTime == 0) {
            _users.clear();
            lastHashPurge = now;
        }
    }
    UserIdentity u = super.login(username, credentials);
    if (u != null) {
        Log.info("authenticating user [{}]", username);
    } else {
        Log.info("did not find user [{}]", username);
    }
    return u;
}

Also used : UserIdentity(org.eclipse.jetty.server.UserIdentity)

Example 24 with UserIdentity

use of org.eclipse.jetty.server.UserIdentity in project zm-mailbox by Zimbra.

the class ZimbraAuthenticator method validateRequest.

@Override
public Authentication validateRequest(ServletRequest req, ServletResponse resp, boolean mandatory) throws ServerAuthException {
    if (mandatory && req instanceof HttpServletRequest) {
        HttpServletRequest httpReq = (HttpServletRequest) req;
        //we want to just ignore rather than potentially flooding auth provider (which may be external)
        if (PathMap.match(urlPattern, httpReq.getRequestURI())) {
            Cookie[] cookies = httpReq.getCookies();
            if (cookies != null) {
                for (Cookie cookie : cookies) {
                    if (ZimbraCookie.authTokenCookieName(true).equalsIgnoreCase(cookie.getName()) || ZimbraCookie.authTokenCookieName(false).equalsIgnoreCase(cookie.getName())) {
                        String encoded = cookie.getValue();
                        AuthToken token;
                        try {
                            token = AuthProvider.getAuthToken(encoded);
                            Account authAcct = AuthProvider.validateAuthToken(Provisioning.getInstance(), token, false);
                            if (authAcct != null) {
                                if (_loginService instanceof ZimbraLoginService) {
                                    UserIdentity user = ((ZimbraLoginService) _loginService).makeUserIdentity(authAcct.getMail());
                                    ZimbraLog.security.debug("Auth token validated");
                                    return new UserAuthentication(getAuthMethod(), user);
                                } else {
                                    ZimbraLog.security.warn("Misconfigured? _loginService not ZimbraLoginService");
                                    assert (false);
                                }
                            }
                        } catch (AuthTokenException e) {
                            ZimbraLog.security.error("Unable to authenticate due to AuthTokenException", e);
                        } catch (ServiceException e) {
                            ZimbraLog.security.error("Unable to authenticate due to ServiceException", e);
                        }
                    }
                }
                ZimbraLog.security.debug("no valid auth token, fallback to basic");
            }
        }
    }
    return super.validateRequest(req, resp, mandatory);
}

Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) ZimbraCookie(com.zimbra.common.util.ZimbraCookie) Cookie(javax.servlet.http.Cookie) Account(com.zimbra.cs.account.Account) ServiceException(com.zimbra.common.service.ServiceException) UserIdentity(org.eclipse.jetty.server.UserIdentity) AuthTokenException(com.zimbra.cs.account.AuthTokenException) AuthToken(com.zimbra.cs.account.AuthToken) UserAuthentication(org.eclipse.jetty.security.UserAuthentication)

Example 25 with UserIdentity

use of org.eclipse.jetty.server.UserIdentity in project zm-mailbox by Zimbra.

the class ZimbraLoginService method makeUserIdentity.

UserIdentity makeUserIdentity(String userName) {
    // blank password/credentials. this is just a placeholder; we always
    // check credentials via prov on each login
    Credential credential = Credential.getCredential("");
    // only need 'user' role for current implementation protecting
    // /zimbra/downloads - expand to admin if needed later
    String roleName = "user";
    Principal userPrincipal = new KnownUser(userName, credential);
    Subject subject = new Subject();
    subject.getPrincipals().add(userPrincipal);
    subject.getPrivateCredentials().add(credential);
    subject.getPrincipals().add(new RolePrincipal(roleName));
    subject.setReadOnly();
    UserIdentity identity = identityService.newUserIdentity(subject, userPrincipal, new String[] { roleName });
    return identity;
}

Also used : Credential(org.eclipse.jetty.util.security.Credential) KnownUser(org.eclipse.jetty.security.MappedLoginService.KnownUser) UserIdentity(org.eclipse.jetty.server.UserIdentity) RolePrincipal(org.eclipse.jetty.security.MappedLoginService.RolePrincipal) RolePrincipal(org.eclipse.jetty.security.MappedLoginService.RolePrincipal) Principal(java.security.Principal) Subject(javax.security.auth.Subject)

Aggregations

UserIdentity (org.eclipse.jetty.server.UserIdentity)26 UserAuthentication (org.eclipse.jetty.security.UserAuthentication)17 HttpServletRequest (javax.servlet.http.HttpServletRequest)15 HttpServletResponse (javax.servlet.http.HttpServletResponse)11 ServerAuthException (org.eclipse.jetty.security.ServerAuthException)11 IOException (java.io.IOException)10 Principal (java.security.Principal)7 HttpSession (javax.servlet.http.HttpSession)6 Authentication (org.eclipse.jetty.server.Authentication)6 Constraint (org.eclipse.jetty.util.security.Constraint)6 Subject (javax.security.auth.Subject)4 ServletRequest (javax.servlet.ServletRequest)4 Request (org.eclipse.jetty.server.Request)4 ArrayList (java.util.ArrayList)3 SessionAuthentication (org.eclipse.jetty.security.authentication.SessionAuthentication)3 Account (com.zimbra.cs.account.Account)2 KeyStore (java.security.KeyStore)2 MessageDigest (java.security.MessageDigest)2 X509Certificate (java.security.cert.X509Certificate)2 CallerPrincipalCallback (javax.security.auth.message.callback.CallerPrincipalCallback)2