Debug printlns plus commented out Deferred auth

jetty-jaspi/src/main/java/org/eclipse/jetty/security/jaspi/JaspiAuthenticator.java

@@ -42,36 +42,38 @@ import org.eclipse.jetty.server.Authentication.User;
 public class JaspiAuthenticator implements Authenticator
 {
     private final ServerAuthConfig _authConfig;
+
     private final Map _authProperties;
+
     private final ServletCallbackHandler _callbackHandler;
+
     private final Subject _serviceSubject;
+
     private final boolean _allowLazyAuthentication;
+
     private final IdentityService _identityService;
+
     private final DeferredAuthentication _deferred;
 
-    public JaspiAuthenticator(ServerAuthConfig authConfig, Map authProperties, ServletCallbackHandler callbackHandler,
+    public JaspiAuthenticator(ServerAuthConfig authConfig, Map authProperties, ServletCallbackHandler callbackHandler, Subject serviceSubject,
-                              Subject serviceSubject, boolean allowLazyAuthentication, IdentityService identityService)
+                              boolean allowLazyAuthentication, IdentityService identityService)
     {
         // TODO maybe pass this in via setConfiguration ?
-        if (callbackHandler == null)
+        if (callbackHandler == null) throw new NullPointerException("No CallbackHandler");
-            throw new NullPointerException("No CallbackHandler");
+        if (authConfig == null) throw new NullPointerException("No AuthConfig");
-        if (authConfig == null)
-            throw new NullPointerException("No AuthConfig");
         this._authConfig = authConfig;
         this._authProperties = authProperties;
         this._callbackHandler = callbackHandler;
         this._serviceSubject = serviceSubject;
         this._allowLazyAuthentication = allowLazyAuthentication;
         this._identityService = identityService;
-        this._deferred=new DeferredAuthentication(this);
+        this._deferred = new DeferredAuthentication(this);
     }
 
-
     public void setConfiguration(AuthConfiguration configuration)
     {
     }
 
-    
     public String getAuthMethod()
     {
         return "JASPI";
@@ -79,56 +81,67 @@ public class JaspiAuthenticator implements Authenticator
 
     public Authentication validateRequest(ServletRequest request, ServletResponse response, boolean mandatory) throws ServerAuthException
     {
-        if (_allowLazyAuthentication && !mandatory)
+        System.err.println("JaspiAuthenticator.validateRequest, uri=" + ((javax.servlet.http.HttpServletRequest) request).getRequestURI()
-            return _deferred;
+                           + "lazy="
+                           + _allowLazyAuthentication
+                           + " mandatory="
+                           + mandatory);
+        new Throwable().printStackTrace();
+        
 
         JaspiMessageInfo info = new JaspiMessageInfo(request, response, mandatory);
-        request.setAttribute("org.eclipse.jetty.security.jaspi.info",info);
+        request.setAttribute("org.eclipse.jetty.security.jaspi.info", info);
+        
+       /* if (_allowLazyAuthentication && !mandatory)
+            return _deferred;*/
+
         return validateRequest(info);
     }
 
     // most likely validatedUser is not needed here.
     public boolean secureResponse(ServletRequest req, ServletResponse res, boolean mandatory, User validatedUser) throws ServerAuthException
     {
-        JaspiMessageInfo info = (JaspiMessageInfo)req.getAttribute("org.eclipse.jetty.security.jaspi.info");
+        System.err.println("JaspiAuthenticator.secureResponse uri=" + ((javax.servlet.http.HttpServletRequest) req).getRequestURI());
-        if (info==null) throw new NullPointerException("MeesageInfo from request missing: " + req);
+
-        return secureResponse(info,validatedUser);
+        JaspiMessageInfo info = (JaspiMessageInfo) req.getAttribute("org.eclipse.jetty.security.jaspi.info");
+        if (info == null) throw new NullPointerException("MessageInfo from request missing: " + req);
+        return secureResponse(info, validatedUser);
     }
 
     public Authentication validateRequest(JaspiMessageInfo messageInfo) throws ServerAuthException
     {
         try
         {
+            System.err.println("jaspAuthenticator.validateRequest(info)");
             String authContextId = _authConfig.getAuthContextID(messageInfo);
-            ServerAuthContext authContext = _authConfig.getAuthContext(authContextId,_serviceSubject,_authProperties);
+            ServerAuthContext authContext = _authConfig.getAuthContext(authContextId, _serviceSubject, _authProperties);
             Subject clientSubject = new Subject();
 
-            AuthStatus authStatus = authContext.validateRequest(messageInfo,clientSubject,_serviceSubject);
+            AuthStatus authStatus = authContext.validateRequest(messageInfo, clientSubject, _serviceSubject);
-//            String authMethod = (String)messageInfo.getMap().get(JaspiMessageInfo.AUTH_METHOD_KEY);
+            // String authMethod =
+            // (String)messageInfo.getMap().get(JaspiMessageInfo.AUTH_METHOD_KEY);
 
-            if (authStatus == AuthStatus.SEND_CONTINUE)
+            if (authStatus == AuthStatus.SEND_CONTINUE) return Authentication.SEND_CONTINUE;
-                return Authentication.SEND_CONTINUE;
+            if (authStatus == AuthStatus.SEND_FAILURE) return Authentication.SEND_FAILURE;
-            if (authStatus == AuthStatus.SEND_FAILURE)
-                return Authentication.SEND_FAILURE;
 
             if (authStatus == AuthStatus.SUCCESS)
             {
-            Set<UserIdentity> ids = clientSubject.getPrivateCredentials(UserIdentity.class);
+                Set<UserIdentity> ids = clientSubject.getPrivateCredentials(UserIdentity.class);
                 UserIdentity userIdentity;
                 if (ids.size() > 0)
                 {
                     userIdentity = ids.iterator().next();
-                } else {
+                }
+                else
+                {
                     CallerPrincipalCallback principalCallback = _callbackHandler.getThreadCallerPrincipalCallback();
-                    if (principalCallback == null)
+                    if (principalCallback == null) { return Authentication.UNAUTHENTICATED; }
-                    {
-                        return Authentication.UNAUTHENTICATED;
-                    }
                     Principal principal = principalCallback.getPrincipal();
-                    if (principal == null) {
+                    if (principal == null)
+                    {
                         String principalName = principalCallback.getName();
                         Set<Principal> principals = principalCallback.getSubject().getPrincipals();
-                        for (Principal p: principals)
+                        for (Principal p : principals)
                         {
                             if (p.getName().equals(principalName))
                             {
@@ -136,10 +149,7 @@ public class JaspiAuthenticator implements Authenticator
                                 break;
                             }
                         }
-                        if (principal == null)
+                        if (principal == null) { return Authentication.UNAUTHENTICATED; }
-                        {
-                            return Authentication.UNAUTHENTICATED;
-                        }
                     }
                     GroupPrincipalCallback groupPrincipalCallback = _callbackHandler.getThreadGroupPrincipalCallback();
                     String[] groups = groupPrincipalCallback == null ? null : groupPrincipalCallback.getGroups();
@@ -149,10 +159,10 @@ public class JaspiAuthenticator implements Authenticator
             }
             if (authStatus == AuthStatus.SEND_SUCCESS)
             {
-                //we are processing a message in a secureResponse dialog.
+                // we are processing a message in a secureResponse dialog.
                 return Authentication.SEND_SUCCESS;
             }
-            //should not happen
+            // should not happen
             throw new NullPointerException("No AuthStatus returned");
         }
         catch (AuthException e)
@@ -166,13 +176,16 @@ public class JaspiAuthenticator implements Authenticator
         try
         {
             String authContextId = _authConfig.getAuthContextID(messageInfo);
-            ServerAuthContext authContext = _authConfig.getAuthContext(authContextId,_serviceSubject,_authProperties);
+            ServerAuthContext authContext = _authConfig.getAuthContext(authContextId, _serviceSubject, _authProperties);
-            // TODO authContext.cleanSubject(messageInfo,validatedUser.getUserIdentity().getSubject());
+            // TODO
-            AuthStatus status = authContext.secureResponse(messageInfo,_serviceSubject);
+            // authContext.cleanSubject(messageInfo,validatedUser.getUserIdentity().getSubject());
+            AuthStatus status = authContext.secureResponse(messageInfo, _serviceSubject);
             return (AuthStatus.SEND_SUCCESS.equals(status));
         }
         catch (AuthException e)
         {
+            System.err.println("Error in JaspiAuthenticator.secureResponse");
+            e.printStackTrace();
             throw new ServerAuthException(e);
         }
     }

jetty-jaspi/src/main/java/org/eclipse/jetty/security/jaspi/JaspiAuthenticatorFactory.java

@@ -98,9 +98,13 @@ public class JaspiAuthenticatorFactory extends DefaultAuthenticatorFactory
             Subject serviceSubject=findServiceSubject(server);
             String serverName=findServerName(server,serviceSubject);
             
+            System.err.println("authconfigfactory="+authConfigFactory+" serviceSubject="+serviceSubject+" serverName="+serverName);
             
             String appContext = serverName + " " + context.getContextPath();
+            
+            System.err.println("appcontext="+appContext);
             AuthConfigProvider authConfigProvider = authConfigFactory.getConfigProvider(MESSAGE_LAYER,appContext,listener);
+            System.err.println("authconfigProvider="+authConfigProvider);
             if (authConfigProvider != null)
             {
                 ServletCallbackHandler servletCallbackHandler = new ServletCallbackHandler(loginService);

jetty-jaspi/src/main/java/org/eclipse/jetty/security/jaspi/modules/BaseAuthModule.java

@@ -90,12 +90,12 @@ public class BaseAuthModule implements ServerAuthModule, ServerAuthContext
     public AuthStatus secureResponse(MessageInfo messageInfo, Subject serviceSubject) throws AuthException
     {
         // servlets do not need secured responses
-        return AuthStatus.SUCCESS;
+        return AuthStatus.SEND_SUCCESS;
     }
 
     public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException
     {
-        return AuthStatus.FAILURE;
+        return AuthStatus.SEND_FAILURE;
     }
 
     /**

jetty-jaspi/src/main/java/org/eclipse/jetty/security/jaspi/modules/FormAuthModule.java

@@ -146,22 +146,25 @@ public class FormAuthModule extends BaseAuthModule
     @Override
     public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException
     {
+        System.err.println("FormAuthModule.validateRequest(info,subject,serviceSubject)");
         HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
         HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage();
         HttpSession session = request.getSession(isMandatory(messageInfo));
-        String uri = request.getPathInfo();
+        String uri = request.getRequestURI();
         // not mandatory and not authenticated
         if (session == null || isLoginOrErrorPage(uri)) return AuthStatus.SUCCESS;
 
+        System.err.println("FormAuthModule.validateRequest(info,subect,serviceSubject), uri="+uri);
         try
         {
             // Handle a request for authentication.
             // TODO perhaps j_securitycheck can be uri suffix?
-            if (uri.endsWith(__J_SECURITY_CHECK))
+            if (uri != null && isJSecurityCheck(uri))
             {
 
                 final String username = request.getParameter(__J_USERNAME);
                 final String password = request.getParameter(__J_PASSWORD);
+                System.err.println("Try login username="+username+" password="+password);
                 boolean success = tryLogin(messageInfo, clientSubject, response, session, username, new Password(password));
                 if (success)
                 {
@@ -199,6 +202,7 @@ public class FormAuthModule extends BaseAuthModule
 
             if (form_cred != null)
             {
+                System.err.println("Form cred: form.username="+form_cred._jUserName+" form.pwd="+new String(form_cred._jPassword));
                 boolean success = tryLogin(messageInfo, clientSubject, response, session, form_cred._jUserName, new Password(new String(form_cred._jPassword)));
                 if (success) { return AuthStatus.SUCCESS; }
                 // CallbackHandler loginCallbackHandler = new
@@ -300,6 +304,7 @@ public class FormAuthModule extends BaseAuthModule
                 return AuthStatus.SUCCESS;
 
             // redirect to login page
+            System.err.println("Redirecting to login page");
             if (request.getQueryString() != null) uri += "?" + request.getQueryString();
             session.setAttribute(__J_URI, request.getScheme() + "://"
                                           + request.getServerName()
@@ -321,6 +326,20 @@ public class FormAuthModule extends BaseAuthModule
 
     }
     
+    /* ------------------------------------------------------------ */
+    public boolean isJSecurityCheck(String uri)
+    {
+        int jsc = uri.indexOf(__J_SECURITY_CHECK);
+        
+        if (jsc<0)
+            return false;
+        int e=jsc+__J_SECURITY_CHECK.length();
+        if (e==uri.length())
+            return true;
+        char c = uri.charAt(e);
+        return c==';'||c=='#'||c=='/'||c=='?';
+    }
+
     private boolean tryLogin(MessageInfo messageInfo, Subject clientSubject, 
                              HttpServletResponse response, HttpSession session, 
                              String username, Password password) 

jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java

@@ -318,11 +318,13 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
         if (!_loginServiceShared && _loginService instanceof LifeCycle)
             ((LifeCycle)_loginService).start();        
         
+        System.err.println("authenticator="+_authenticator+" authenticatorFactory="+_authenticatorFactory+" identityService="+_identityService);
         if (_authenticator==null && _authenticatorFactory!=null && _identityService!=null)
         {
             _authenticator=_authenticatorFactory.getAuthenticator(getServer(),ContextHandler.getCurrentContext(),this, _identityService, _loginService);
             if (_authenticator!=null)
                 _authMethod=_authenticator.getAuthMethod();
+            System.err.println("Called auth factory, authenticator="+_authenticator);
         }
 
         if (_authenticator==null)
@@ -477,7 +479,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
                     deferred.setIdentityService(_identityService);
                     deferred.setLoginService(_loginService);
                     baseRequest.setAuthentication(authentication);
-
+System.err.println("uri="+baseRequest.getUri()+" Auth is deferred");
                     try
                     {
                         handler.handle(pathInContext, baseRequest, request, response);
@@ -487,7 +489,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
                         previousIdentity = deferred.getPreviousAssociation();
                         deferred.setIdentityService(null);
                     }
-                    
+                    System.err.println("Securityhandler calling secureResponse, for Authentication.User");
                     Authentication auth=baseRequest.getAuthentication();
                     if (auth instanceof Authentication.User)
                     {