Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Hooked up the LoginCallbackImpl inside ServletCallbackHandler as the FormAuthModule appears to expect to see it; made JaspiAuthenticator return Deferred IFF !mandatory && allowLazyAuth && auth module returned UNAUTHENTICATED. This hinges on the fact that an auth module who is prepared to skip doing authentication (because !mandatory) must return AuthStatus.SUCCESS, which JaspiAuthenticator turns into Authentication.UNAUTHENTICATED.

This commit is contained in:
Jan Bartel 2011-10-04 14:31:34 +11:00
parent 1d6d2b46de
commit 53fa6a0481
4 changed files with 52 additions and 144 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
jetty-jaspi/src/main/java/org/eclipse/jetty/security/jaspi/JaspiAuthenticator.java
View File

@ -81,21 +81,27 @@ public class JaspiAuthenticator implements Authenticator
public Authentication validateRequest(ServletRequest request, ServletResponse response, boolean mandatory) throws ServerAuthException
{
System.err.println("JaspiAuthenticator.validateRequest, uri=" + ((javax.servlet.http.HttpServletRequest) request).getRequestURI()
+ "lazy="
System.err.println("\nJaspiAuthenticator.validateRequest, uri=" + ((javax.servlet.http.HttpServletRequest) request).getRequestURI()
+ " lazy="
+ _allowLazyAuthentication
+ " mandatory="
+ mandatory);
new Throwable().printStackTrace();
JaspiMessageInfo info = new JaspiMessageInfo(request, response, mandatory);
request.setAttribute("org.eclipse.jetty.security.jaspi.info", info);
//TODO janb - removed deferred authentication temporarily
/* if (_allowLazyAuthentication && !mandatory)
return _deferred;*/
return validateRequest(info);
Authentication a = validateRequest(info);
//if its not mandatory to authenticate, and the authenticator returned UNAUTHENTICATED, we treat it as authentication deferred
if (_allowLazyAuthentication && !info.isAuthMandatory() && a == Authentication.UNAUTHENTICATED)
a =_deferred;
System.err.println("JaspiAuthenticator.validateRequest returning "+a);
return a;
}
// most likely validatedUser is not needed here.
@ -108,6 +114,7 @@ public class JaspiAuthenticator implements Authenticator
return secureResponse(info, validatedUser);
}
public Authentication validateRequest(JaspiMessageInfo messageInfo) throws ServerAuthException
{
try

3
jetty-jaspi/src/main/java/org/eclipse/jetty/security/jaspi/ServletCallbackHandler.java
View File

@ -90,8 +90,9 @@ public class ServletCallbackHandler implements CallbackHandler
if (user!=null)
{
loginCallback.setUserPrincipal(user.getUserPrincipal());
credentialValidationCallback.getSubject().getPrivateCredentials().add(loginCallback);
credentialValidationCallback.setResult(true);
credentialValidationCallback.getSubject().getPrincipals().addAll(user.getSubject().getPrincipals());
credentialValidationCallback.getSubject().getPrivateCredentials().add(user);
}

1
jetty-jaspi/src/main/java/org/eclipse/jetty/security/jaspi/modules/BaseAuthModule.java
View File

@ -131,6 +131,7 @@ public class BaseAuthModule implements ServerAuthModule, ServerAuthContext
if (credValidationCallback.getResult())
{
Set<LoginCallbackImpl> loginCallbacks = clientSubject.getPrivateCredentials(LoginCallbackImpl.class);
System.err.println("LoginCallbackImpls.isEmpty="+loginCallbacks.isEmpty());
if (!loginCallbacks.isEmpty())
{
LoginCallbackImpl loginCallback = loginCallbacks.iterator().next();

173
jetty-jaspi/src/main/java/org/eclipse/jetty/security/jaspi/modules/FormAuthModule.java
View File

@ -146,40 +146,50 @@ public class FormAuthModule extends BaseAuthModule
@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException
{
System.err.println("FormAuthModule.validateRequest(info,subject,serviceSubject)");
HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage();
HttpSession session = request.getSession(isMandatory(messageInfo));
String uri = request.getRequestURI();
// not mandatory and not authenticated
if (session == null || isLoginOrErrorPage(uri)) return AuthStatus.SUCCESS;
if (uri==null)
uri=URIUtil.SLASH;
boolean mandatory = isMandatory(messageInfo);
mandatory |= isJSecurityCheck(uri);
HttpSession session = request.getSession(mandatory);
System.err.println("FormAuthModule.validateRequest(info,subject,serviceSubject) for uri="+uri+" mandatory="+mandatory+" isLoginOrError="+isLoginOrErrorPage(uri));
// not mandatory or its the login or login error page don't authenticate
if (!mandatory || isLoginOrErrorPage(uri)) return AuthStatus.SUCCESS;
System.err.println("FormAuthModule.validateRequest(info,subect,serviceSubject), uri="+uri);
try
{
// Handle a request for authentication.
// TODO perhaps j_securitycheck can be uri suffix?
if (uri != null && isJSecurityCheck(uri))
if (isJSecurityCheck(uri))
{
final String username = request.getParameter(__J_USERNAME);
final String password = request.getParameter(__J_PASSWORD);
System.err.println("Try login username="+username+" password="+password);
boolean success = tryLogin(messageInfo, clientSubject, response, session, username, new Password(password));
if (success)
{
// Redirect to original request
String nuri = (String) session.getAttribute(__J_URI);
// Redirect to original request
String nuri=null;
synchronized(session)
{
nuri = (String) session.getAttribute(__J_URI);
}
if (nuri == null || nuri.length() == 0)
{
nuri = request.getContextPath();
if (nuri.length() == 0) nuri = URIUtil.SLASH;
if (nuri.length() == 0)
nuri = URIUtil.SLASH;
}
session.removeAttribute(__J_URI); // Remove popped return
// URI.
response.setContentLength(0);
System.err.println("FormAuthModule succesful login, sending redirect to "+nuri);
response.setContentLength(0);
response.sendRedirect(response.encodeRedirectURL(nuri));
return AuthStatus.SEND_CONTINUE;
}
// not authenticated
@ -205,88 +215,6 @@ public class FormAuthModule extends BaseAuthModule
System.err.println("Form cred: form.username="+form_cred._jUserName+" form.pwd="+new String(form_cred._jPassword));
boolean success = tryLogin(messageInfo, clientSubject, response, session, form_cred._jUserName, new Password(new String(form_cred._jPassword)));
if (success) { return AuthStatus.SUCCESS; }
// CallbackHandler loginCallbackHandler = new
// UserPasswordCallbackHandler(form_cred._jUserName,
// form_cred._jPassword);
// LoginResult loginResult = loginService.login(clientSubject,
// loginCallbackHandler);
// //TODO what should happen if !isMandatory but credentials
// exist and are wrong?
// if (loginResult.isSuccess())
// {
// callbackHandler.handle(new
// Callback[]{loginResult.getCallerPrincipalCallback(),
// loginResult.getGroupPrincipalCallback()});
// messageInfo.getMap().put(JettyMessageInfo.AUTH_METHOD_KEY,
// Constraint.__FORM_AUTH);
//
// form_cred = new FormCredential(form_cred._jUserName,
// form_cred._jPassword,
// loginResult.getCallerPrincipalCallback().getPrincipal());
//
// session.setAttribute(__J_AUTHENTICATED, form_cred);
// if (ssoSource != null && ssoSource.fetch(request) == null)
// {
// UserInfo userInfo = new UserInfo(form_cred._jUserName,
// form_cred._jPassword);
// ssoSource.store(userInfo, response);
// }
// messageInfo.getMap().put(JettyMessageInfo.AUTH_METHOD_KEY,
// Constraint.__FORM_AUTH);
// return AuthStatus.SUCCESS;
// }
// // We have a form credential. Has it been distributed?
// if (form_cred._userPrincipal==null)
// {
// // This form_cred appears to have been distributed. Need to
// reauth
// form_cred.authenticate(realm, request);
//
// // Sign-on to SSO mechanism
// if (form_cred._userPrincipal!=null && realm instanceof
// SSORealm)
// ((SSORealm)realm).setSingleSignOn(request,response,form_cred._userPrincipal,new
// Password(form_cred._jPassword));
//
// }
// else if (!realm.reauthenticate(form_cred._userPrincipal))
// // Else check that it is still authenticated.
// form_cred._userPrincipal=null;
//
// // If this credential is still authenticated
// if (form_cred._userPrincipal!=null)
// {
// if(LOG.isDebugEnabled())LOG.debug("FORM Authenticated for
// "+form_cred._userPrincipal.getName());
// request.setAuthType(Constraint.__FORM_AUTH);
// //jaspi
// // request.setUserPrincipal(form_cred._userPrincipal);
// return form_cred._userPrincipal;
// }
// else
// session.setAttribute(__J_AUTHENTICATED,null);
// }
// else if (realm instanceof SSORealm)
// {
// // Try a single sign on.
// Credential cred =
// ((SSORealm)realm).getSingleSignOn(request,response);
//
// if (request.getUserPrincipal()!=null)
// {
// form_cred=new FormCredential();
// form_cred._userPrincipal=request.getUserPrincipal();
// form_cred._jUserName=form_cred._userPrincipal.getName();
// if (cred!=null)
// form_cred._jPassword=cred.toString();
// if(LOG.isDebugEnabled())LOG.debug("SSO for
// "+form_cred._userPrincipal);
//
// request.setAuthType(Constraint.__FORM_AUTH);
// session.setAttribute(__J_AUTHENTICATED,form_cred);
// return form_cred._userPrincipal;
// }
}
else if (ssoSource != null)
{
@ -298,19 +226,17 @@ public class FormAuthModule extends BaseAuthModule
}
}
// Don't authenticate authform or errorpage
if (!isMandatory(messageInfo) || isLoginOrErrorPage(uri))
// TODO verify this is correct action
return AuthStatus.SUCCESS;
// redirect to login page
StringBuffer buf = request.getRequestURL();
if (request.getQueryString() != null)
buf.append("?").append(request.getQueryString());
// redirect to login page
System.err.println("Redirecting to login page");
if (request.getQueryString() != null) uri += "?" + request.getQueryString();
session.setAttribute(__J_URI, request.getScheme() + "://"
+ request.getServerName()
+ ":"
+ request.getServerPort()
+ URIUtil.addPaths(request.getContextPath(), uri));
synchronized (session)
{
session.setAttribute(__J_URI, buf.toString());
}
System.err.println("Redirecting to login page "+_formLoginPage+" and remembering juri="+buf.toString());
response.setContentLength(0);
response.sendRedirect(response.encodeRedirectURL(URIUtil.addPaths(request.getContextPath(), _formLoginPage)));
return AuthStatus.SEND_CONTINUE;
@ -349,6 +275,7 @@ public class FormAuthModule extends BaseAuthModule
{
char[] pwdChars = password.toString().toCharArray();
Set<LoginCallbackImpl> loginCallbacks = clientSubject.getPrivateCredentials(LoginCallbackImpl.class);
System.err.println("FormAuthModule, LoginCallbackImpl.isEmpty="+loginCallbacks.isEmpty());
if (!loginCallbacks.isEmpty())
{
LoginCallbackImpl loginCallback = loginCallbacks.iterator().next();
@ -366,34 +293,6 @@ public class FormAuthModule extends BaseAuthModule
return true;
}
return false;
// LoginCallback loginCallback = new LoginCallback(clientSubject,
// username, password);
// loginService.login(loginCallback);
// if (loginCallback.isSuccess())
// {
// CallerPrincipalCallback callerPrincipalCallback = new
// CallerPrincipalCallback(clientSubject,
// loginCallback.getUserPrincipal());
// GroupPrincipalCallback groupPrincipalCallback = new
// GroupPrincipalCallback(clientSubject,
// loginCallback.getGroups().toArray(new
// String[loginCallback.getGroups().size()]));
// callbackHandler.handle(new Callback[] {callerPrincipalCallback,
// groupPrincipalCallback});
// messageInfo.getMap().put(JettyMessageInfo.AUTH_METHOD_KEY,
// Constraint.__FORM_AUTH);
// FormCredential form_cred = new FormCredential(username, password,
// loginCallback.getUserPrincipal());
//
// session.setAttribute(__J_AUTHENTICATED, form_cred);
// // Sign-on to SSO mechanism
// if (ssoSource != null)
// {
// UserInfo userInfo = new UserInfo(username, password);
// ssoSource.store(userInfo, response);
// }
// }
// return loginCallback.isSuccess();
}
public boolean isLoginOrErrorPage(String pathInContext)