Debug printlns plus commented out Deferred auth
This commit is contained in:
parent
7bf5f7792b
commit
9678aad6e9
|
@ -42,36 +42,38 @@ import org.eclipse.jetty.server.Authentication.User;
|
||||||
public class JaspiAuthenticator implements Authenticator
|
public class JaspiAuthenticator implements Authenticator
|
||||||
{
|
{
|
||||||
private final ServerAuthConfig _authConfig;
|
private final ServerAuthConfig _authConfig;
|
||||||
|
|
||||||
private final Map _authProperties;
|
private final Map _authProperties;
|
||||||
|
|
||||||
private final ServletCallbackHandler _callbackHandler;
|
private final ServletCallbackHandler _callbackHandler;
|
||||||
|
|
||||||
private final Subject _serviceSubject;
|
private final Subject _serviceSubject;
|
||||||
|
|
||||||
private final boolean _allowLazyAuthentication;
|
private final boolean _allowLazyAuthentication;
|
||||||
|
|
||||||
private final IdentityService _identityService;
|
private final IdentityService _identityService;
|
||||||
|
|
||||||
private final DeferredAuthentication _deferred;
|
private final DeferredAuthentication _deferred;
|
||||||
|
|
||||||
public JaspiAuthenticator(ServerAuthConfig authConfig, Map authProperties, ServletCallbackHandler callbackHandler,
|
public JaspiAuthenticator(ServerAuthConfig authConfig, Map authProperties, ServletCallbackHandler callbackHandler, Subject serviceSubject,
|
||||||
Subject serviceSubject, boolean allowLazyAuthentication, IdentityService identityService)
|
boolean allowLazyAuthentication, IdentityService identityService)
|
||||||
{
|
{
|
||||||
// TODO maybe pass this in via setConfiguration ?
|
// TODO maybe pass this in via setConfiguration ?
|
||||||
if (callbackHandler == null)
|
if (callbackHandler == null) throw new NullPointerException("No CallbackHandler");
|
||||||
throw new NullPointerException("No CallbackHandler");
|
if (authConfig == null) throw new NullPointerException("No AuthConfig");
|
||||||
if (authConfig == null)
|
|
||||||
throw new NullPointerException("No AuthConfig");
|
|
||||||
this._authConfig = authConfig;
|
this._authConfig = authConfig;
|
||||||
this._authProperties = authProperties;
|
this._authProperties = authProperties;
|
||||||
this._callbackHandler = callbackHandler;
|
this._callbackHandler = callbackHandler;
|
||||||
this._serviceSubject = serviceSubject;
|
this._serviceSubject = serviceSubject;
|
||||||
this._allowLazyAuthentication = allowLazyAuthentication;
|
this._allowLazyAuthentication = allowLazyAuthentication;
|
||||||
this._identityService = identityService;
|
this._identityService = identityService;
|
||||||
this._deferred=new DeferredAuthentication(this);
|
this._deferred = new DeferredAuthentication(this);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
public void setConfiguration(AuthConfiguration configuration)
|
public void setConfiguration(AuthConfiguration configuration)
|
||||||
{
|
{
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
public String getAuthMethod()
|
public String getAuthMethod()
|
||||||
{
|
{
|
||||||
return "JASPI";
|
return "JASPI";
|
||||||
|
@ -79,56 +81,67 @@ public class JaspiAuthenticator implements Authenticator
|
||||||
|
|
||||||
public Authentication validateRequest(ServletRequest request, ServletResponse response, boolean mandatory) throws ServerAuthException
|
public Authentication validateRequest(ServletRequest request, ServletResponse response, boolean mandatory) throws ServerAuthException
|
||||||
{
|
{
|
||||||
if (_allowLazyAuthentication && !mandatory)
|
System.err.println("JaspiAuthenticator.validateRequest, uri=" + ((javax.servlet.http.HttpServletRequest) request).getRequestURI()
|
||||||
return _deferred;
|
+ "lazy="
|
||||||
|
+ _allowLazyAuthentication
|
||||||
|
+ " mandatory="
|
||||||
|
+ mandatory);
|
||||||
|
new Throwable().printStackTrace();
|
||||||
|
|
||||||
|
|
||||||
JaspiMessageInfo info = new JaspiMessageInfo(request, response, mandatory);
|
JaspiMessageInfo info = new JaspiMessageInfo(request, response, mandatory);
|
||||||
request.setAttribute("org.eclipse.jetty.security.jaspi.info",info);
|
request.setAttribute("org.eclipse.jetty.security.jaspi.info", info);
|
||||||
|
|
||||||
|
/* if (_allowLazyAuthentication && !mandatory)
|
||||||
|
return _deferred;*/
|
||||||
|
|
||||||
return validateRequest(info);
|
return validateRequest(info);
|
||||||
}
|
}
|
||||||
|
|
||||||
// most likely validatedUser is not needed here.
|
// most likely validatedUser is not needed here.
|
||||||
public boolean secureResponse(ServletRequest req, ServletResponse res, boolean mandatory, User validatedUser) throws ServerAuthException
|
public boolean secureResponse(ServletRequest req, ServletResponse res, boolean mandatory, User validatedUser) throws ServerAuthException
|
||||||
{
|
{
|
||||||
JaspiMessageInfo info = (JaspiMessageInfo)req.getAttribute("org.eclipse.jetty.security.jaspi.info");
|
System.err.println("JaspiAuthenticator.secureResponse uri=" + ((javax.servlet.http.HttpServletRequest) req).getRequestURI());
|
||||||
if (info==null) throw new NullPointerException("MeesageInfo from request missing: " + req);
|
|
||||||
return secureResponse(info,validatedUser);
|
JaspiMessageInfo info = (JaspiMessageInfo) req.getAttribute("org.eclipse.jetty.security.jaspi.info");
|
||||||
|
if (info == null) throw new NullPointerException("MessageInfo from request missing: " + req);
|
||||||
|
return secureResponse(info, validatedUser);
|
||||||
}
|
}
|
||||||
|
|
||||||
public Authentication validateRequest(JaspiMessageInfo messageInfo) throws ServerAuthException
|
public Authentication validateRequest(JaspiMessageInfo messageInfo) throws ServerAuthException
|
||||||
{
|
{
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
|
System.err.println("jaspAuthenticator.validateRequest(info)");
|
||||||
String authContextId = _authConfig.getAuthContextID(messageInfo);
|
String authContextId = _authConfig.getAuthContextID(messageInfo);
|
||||||
ServerAuthContext authContext = _authConfig.getAuthContext(authContextId,_serviceSubject,_authProperties);
|
ServerAuthContext authContext = _authConfig.getAuthContext(authContextId, _serviceSubject, _authProperties);
|
||||||
Subject clientSubject = new Subject();
|
Subject clientSubject = new Subject();
|
||||||
|
|
||||||
AuthStatus authStatus = authContext.validateRequest(messageInfo,clientSubject,_serviceSubject);
|
AuthStatus authStatus = authContext.validateRequest(messageInfo, clientSubject, _serviceSubject);
|
||||||
// String authMethod = (String)messageInfo.getMap().get(JaspiMessageInfo.AUTH_METHOD_KEY);
|
// String authMethod =
|
||||||
|
// (String)messageInfo.getMap().get(JaspiMessageInfo.AUTH_METHOD_KEY);
|
||||||
|
|
||||||
|
if (authStatus == AuthStatus.SEND_CONTINUE) return Authentication.SEND_CONTINUE;
|
||||||
|
if (authStatus == AuthStatus.SEND_FAILURE) return Authentication.SEND_FAILURE;
|
||||||
|
|
||||||
if (authStatus == AuthStatus.SEND_CONTINUE)
|
|
||||||
return Authentication.SEND_CONTINUE;
|
|
||||||
if (authStatus == AuthStatus.SEND_FAILURE)
|
|
||||||
return Authentication.SEND_FAILURE;
|
|
||||||
|
|
||||||
if (authStatus == AuthStatus.SUCCESS)
|
if (authStatus == AuthStatus.SUCCESS)
|
||||||
{
|
{
|
||||||
Set<UserIdentity> ids = clientSubject.getPrivateCredentials(UserIdentity.class);
|
Set<UserIdentity> ids = clientSubject.getPrivateCredentials(UserIdentity.class);
|
||||||
UserIdentity userIdentity;
|
UserIdentity userIdentity;
|
||||||
if (ids.size() > 0)
|
if (ids.size() > 0)
|
||||||
{
|
{
|
||||||
userIdentity = ids.iterator().next();
|
userIdentity = ids.iterator().next();
|
||||||
} else {
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
CallerPrincipalCallback principalCallback = _callbackHandler.getThreadCallerPrincipalCallback();
|
CallerPrincipalCallback principalCallback = _callbackHandler.getThreadCallerPrincipalCallback();
|
||||||
if (principalCallback == null)
|
if (principalCallback == null) { return Authentication.UNAUTHENTICATED; }
|
||||||
{
|
|
||||||
return Authentication.UNAUTHENTICATED;
|
|
||||||
}
|
|
||||||
Principal principal = principalCallback.getPrincipal();
|
Principal principal = principalCallback.getPrincipal();
|
||||||
if (principal == null) {
|
if (principal == null)
|
||||||
|
{
|
||||||
String principalName = principalCallback.getName();
|
String principalName = principalCallback.getName();
|
||||||
Set<Principal> principals = principalCallback.getSubject().getPrincipals();
|
Set<Principal> principals = principalCallback.getSubject().getPrincipals();
|
||||||
for (Principal p: principals)
|
for (Principal p : principals)
|
||||||
{
|
{
|
||||||
if (p.getName().equals(principalName))
|
if (p.getName().equals(principalName))
|
||||||
{
|
{
|
||||||
|
@ -136,10 +149,7 @@ public class JaspiAuthenticator implements Authenticator
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (principal == null)
|
if (principal == null) { return Authentication.UNAUTHENTICATED; }
|
||||||
{
|
|
||||||
return Authentication.UNAUTHENTICATED;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
GroupPrincipalCallback groupPrincipalCallback = _callbackHandler.getThreadGroupPrincipalCallback();
|
GroupPrincipalCallback groupPrincipalCallback = _callbackHandler.getThreadGroupPrincipalCallback();
|
||||||
String[] groups = groupPrincipalCallback == null ? null : groupPrincipalCallback.getGroups();
|
String[] groups = groupPrincipalCallback == null ? null : groupPrincipalCallback.getGroups();
|
||||||
|
@ -149,10 +159,10 @@ public class JaspiAuthenticator implements Authenticator
|
||||||
}
|
}
|
||||||
if (authStatus == AuthStatus.SEND_SUCCESS)
|
if (authStatus == AuthStatus.SEND_SUCCESS)
|
||||||
{
|
{
|
||||||
//we are processing a message in a secureResponse dialog.
|
// we are processing a message in a secureResponse dialog.
|
||||||
return Authentication.SEND_SUCCESS;
|
return Authentication.SEND_SUCCESS;
|
||||||
}
|
}
|
||||||
//should not happen
|
// should not happen
|
||||||
throw new NullPointerException("No AuthStatus returned");
|
throw new NullPointerException("No AuthStatus returned");
|
||||||
}
|
}
|
||||||
catch (AuthException e)
|
catch (AuthException e)
|
||||||
|
@ -166,13 +176,16 @@ public class JaspiAuthenticator implements Authenticator
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
String authContextId = _authConfig.getAuthContextID(messageInfo);
|
String authContextId = _authConfig.getAuthContextID(messageInfo);
|
||||||
ServerAuthContext authContext = _authConfig.getAuthContext(authContextId,_serviceSubject,_authProperties);
|
ServerAuthContext authContext = _authConfig.getAuthContext(authContextId, _serviceSubject, _authProperties);
|
||||||
// TODO authContext.cleanSubject(messageInfo,validatedUser.getUserIdentity().getSubject());
|
// TODO
|
||||||
AuthStatus status = authContext.secureResponse(messageInfo,_serviceSubject);
|
// authContext.cleanSubject(messageInfo,validatedUser.getUserIdentity().getSubject());
|
||||||
|
AuthStatus status = authContext.secureResponse(messageInfo, _serviceSubject);
|
||||||
return (AuthStatus.SEND_SUCCESS.equals(status));
|
return (AuthStatus.SEND_SUCCESS.equals(status));
|
||||||
}
|
}
|
||||||
catch (AuthException e)
|
catch (AuthException e)
|
||||||
{
|
{
|
||||||
|
System.err.println("Error in JaspiAuthenticator.secureResponse");
|
||||||
|
e.printStackTrace();
|
||||||
throw new ServerAuthException(e);
|
throw new ServerAuthException(e);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -98,9 +98,13 @@ public class JaspiAuthenticatorFactory extends DefaultAuthenticatorFactory
|
||||||
Subject serviceSubject=findServiceSubject(server);
|
Subject serviceSubject=findServiceSubject(server);
|
||||||
String serverName=findServerName(server,serviceSubject);
|
String serverName=findServerName(server,serviceSubject);
|
||||||
|
|
||||||
|
System.err.println("authconfigfactory="+authConfigFactory+" serviceSubject="+serviceSubject+" serverName="+serverName);
|
||||||
|
|
||||||
String appContext = serverName + " " + context.getContextPath();
|
String appContext = serverName + " " + context.getContextPath();
|
||||||
|
|
||||||
|
System.err.println("appcontext="+appContext);
|
||||||
AuthConfigProvider authConfigProvider = authConfigFactory.getConfigProvider(MESSAGE_LAYER,appContext,listener);
|
AuthConfigProvider authConfigProvider = authConfigFactory.getConfigProvider(MESSAGE_LAYER,appContext,listener);
|
||||||
|
System.err.println("authconfigProvider="+authConfigProvider);
|
||||||
if (authConfigProvider != null)
|
if (authConfigProvider != null)
|
||||||
{
|
{
|
||||||
ServletCallbackHandler servletCallbackHandler = new ServletCallbackHandler(loginService);
|
ServletCallbackHandler servletCallbackHandler = new ServletCallbackHandler(loginService);
|
||||||
|
|
|
@ -90,12 +90,12 @@ public class BaseAuthModule implements ServerAuthModule, ServerAuthContext
|
||||||
public AuthStatus secureResponse(MessageInfo messageInfo, Subject serviceSubject) throws AuthException
|
public AuthStatus secureResponse(MessageInfo messageInfo, Subject serviceSubject) throws AuthException
|
||||||
{
|
{
|
||||||
// servlets do not need secured responses
|
// servlets do not need secured responses
|
||||||
return AuthStatus.SUCCESS;
|
return AuthStatus.SEND_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException
|
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException
|
||||||
{
|
{
|
||||||
return AuthStatus.FAILURE;
|
return AuthStatus.SEND_FAILURE;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -146,22 +146,25 @@ public class FormAuthModule extends BaseAuthModule
|
||||||
@Override
|
@Override
|
||||||
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException
|
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException
|
||||||
{
|
{
|
||||||
|
System.err.println("FormAuthModule.validateRequest(info,subject,serviceSubject)");
|
||||||
HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
|
HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
|
||||||
HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage();
|
HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage();
|
||||||
HttpSession session = request.getSession(isMandatory(messageInfo));
|
HttpSession session = request.getSession(isMandatory(messageInfo));
|
||||||
String uri = request.getPathInfo();
|
String uri = request.getRequestURI();
|
||||||
// not mandatory and not authenticated
|
// not mandatory and not authenticated
|
||||||
if (session == null || isLoginOrErrorPage(uri)) return AuthStatus.SUCCESS;
|
if (session == null || isLoginOrErrorPage(uri)) return AuthStatus.SUCCESS;
|
||||||
|
|
||||||
|
System.err.println("FormAuthModule.validateRequest(info,subect,serviceSubject), uri="+uri);
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
// Handle a request for authentication.
|
// Handle a request for authentication.
|
||||||
// TODO perhaps j_securitycheck can be uri suffix?
|
// TODO perhaps j_securitycheck can be uri suffix?
|
||||||
if (uri.endsWith(__J_SECURITY_CHECK))
|
if (uri != null && isJSecurityCheck(uri))
|
||||||
{
|
{
|
||||||
|
|
||||||
final String username = request.getParameter(__J_USERNAME);
|
final String username = request.getParameter(__J_USERNAME);
|
||||||
final String password = request.getParameter(__J_PASSWORD);
|
final String password = request.getParameter(__J_PASSWORD);
|
||||||
|
System.err.println("Try login username="+username+" password="+password);
|
||||||
boolean success = tryLogin(messageInfo, clientSubject, response, session, username, new Password(password));
|
boolean success = tryLogin(messageInfo, clientSubject, response, session, username, new Password(password));
|
||||||
if (success)
|
if (success)
|
||||||
{
|
{
|
||||||
|
@ -199,6 +202,7 @@ public class FormAuthModule extends BaseAuthModule
|
||||||
|
|
||||||
if (form_cred != null)
|
if (form_cred != null)
|
||||||
{
|
{
|
||||||
|
System.err.println("Form cred: form.username="+form_cred._jUserName+" form.pwd="+new String(form_cred._jPassword));
|
||||||
boolean success = tryLogin(messageInfo, clientSubject, response, session, form_cred._jUserName, new Password(new String(form_cred._jPassword)));
|
boolean success = tryLogin(messageInfo, clientSubject, response, session, form_cred._jUserName, new Password(new String(form_cred._jPassword)));
|
||||||
if (success) { return AuthStatus.SUCCESS; }
|
if (success) { return AuthStatus.SUCCESS; }
|
||||||
// CallbackHandler loginCallbackHandler = new
|
// CallbackHandler loginCallbackHandler = new
|
||||||
|
@ -300,6 +304,7 @@ public class FormAuthModule extends BaseAuthModule
|
||||||
return AuthStatus.SUCCESS;
|
return AuthStatus.SUCCESS;
|
||||||
|
|
||||||
// redirect to login page
|
// redirect to login page
|
||||||
|
System.err.println("Redirecting to login page");
|
||||||
if (request.getQueryString() != null) uri += "?" + request.getQueryString();
|
if (request.getQueryString() != null) uri += "?" + request.getQueryString();
|
||||||
session.setAttribute(__J_URI, request.getScheme() + "://"
|
session.setAttribute(__J_URI, request.getScheme() + "://"
|
||||||
+ request.getServerName()
|
+ request.getServerName()
|
||||||
|
@ -320,6 +325,20 @@ public class FormAuthModule extends BaseAuthModule
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* ------------------------------------------------------------ */
|
||||||
|
public boolean isJSecurityCheck(String uri)
|
||||||
|
{
|
||||||
|
int jsc = uri.indexOf(__J_SECURITY_CHECK);
|
||||||
|
|
||||||
|
if (jsc<0)
|
||||||
|
return false;
|
||||||
|
int e=jsc+__J_SECURITY_CHECK.length();
|
||||||
|
if (e==uri.length())
|
||||||
|
return true;
|
||||||
|
char c = uri.charAt(e);
|
||||||
|
return c==';'||c=='#'||c=='/'||c=='?';
|
||||||
|
}
|
||||||
|
|
||||||
private boolean tryLogin(MessageInfo messageInfo, Subject clientSubject,
|
private boolean tryLogin(MessageInfo messageInfo, Subject clientSubject,
|
||||||
HttpServletResponse response, HttpSession session,
|
HttpServletResponse response, HttpSession session,
|
||||||
|
|
|
@ -318,11 +318,13 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
|
||||||
if (!_loginServiceShared && _loginService instanceof LifeCycle)
|
if (!_loginServiceShared && _loginService instanceof LifeCycle)
|
||||||
((LifeCycle)_loginService).start();
|
((LifeCycle)_loginService).start();
|
||||||
|
|
||||||
|
System.err.println("authenticator="+_authenticator+" authenticatorFactory="+_authenticatorFactory+" identityService="+_identityService);
|
||||||
if (_authenticator==null && _authenticatorFactory!=null && _identityService!=null)
|
if (_authenticator==null && _authenticatorFactory!=null && _identityService!=null)
|
||||||
{
|
{
|
||||||
_authenticator=_authenticatorFactory.getAuthenticator(getServer(),ContextHandler.getCurrentContext(),this, _identityService, _loginService);
|
_authenticator=_authenticatorFactory.getAuthenticator(getServer(),ContextHandler.getCurrentContext(),this, _identityService, _loginService);
|
||||||
if (_authenticator!=null)
|
if (_authenticator!=null)
|
||||||
_authMethod=_authenticator.getAuthMethod();
|
_authMethod=_authenticator.getAuthMethod();
|
||||||
|
System.err.println("Called auth factory, authenticator="+_authenticator);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (_authenticator==null)
|
if (_authenticator==null)
|
||||||
|
@ -477,7 +479,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
|
||||||
deferred.setIdentityService(_identityService);
|
deferred.setIdentityService(_identityService);
|
||||||
deferred.setLoginService(_loginService);
|
deferred.setLoginService(_loginService);
|
||||||
baseRequest.setAuthentication(authentication);
|
baseRequest.setAuthentication(authentication);
|
||||||
|
System.err.println("uri="+baseRequest.getUri()+" Auth is deferred");
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
handler.handle(pathInContext, baseRequest, request, response);
|
handler.handle(pathInContext, baseRequest, request, response);
|
||||||
|
@ -487,7 +489,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
|
||||||
previousIdentity = deferred.getPreviousAssociation();
|
previousIdentity = deferred.getPreviousAssociation();
|
||||||
deferred.setIdentityService(null);
|
deferred.setIdentityService(null);
|
||||||
}
|
}
|
||||||
|
System.err.println("Securityhandler calling secureResponse, for Authentication.User");
|
||||||
Authentication auth=baseRequest.getAuthentication();
|
Authentication auth=baseRequest.getAuthentication();
|
||||||
if (auth instanceof Authentication.User)
|
if (auth instanceof Authentication.User)
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in New Issue