Debug printlns plus commented out Deferred auth

This commit is contained in:
Jan Bartel 2011-10-03 18:21:28 +11:00
parent 7bf5f7792b
commit 9678aad6e9
5 changed files with 86 additions and 48 deletions

View File

@ -42,21 +42,25 @@ import org.eclipse.jetty.server.Authentication.User;
public class JaspiAuthenticator implements Authenticator
{
private final ServerAuthConfig _authConfig;
private final Map _authProperties;
private final ServletCallbackHandler _callbackHandler;
private final Subject _serviceSubject;
private final boolean _allowLazyAuthentication;
private final IdentityService _identityService;
private final DeferredAuthentication _deferred;
public JaspiAuthenticator(ServerAuthConfig authConfig, Map authProperties, ServletCallbackHandler callbackHandler,
Subject serviceSubject, boolean allowLazyAuthentication, IdentityService identityService)
public JaspiAuthenticator(ServerAuthConfig authConfig, Map authProperties, ServletCallbackHandler callbackHandler, Subject serviceSubject,
boolean allowLazyAuthentication, IdentityService identityService)
{
// TODO maybe pass this in via setConfiguration ?
if (callbackHandler == null)
throw new NullPointerException("No CallbackHandler");
if (authConfig == null)
throw new NullPointerException("No AuthConfig");
if (callbackHandler == null) throw new NullPointerException("No CallbackHandler");
if (authConfig == null) throw new NullPointerException("No AuthConfig");
this._authConfig = authConfig;
this._authProperties = authProperties;
this._callbackHandler = callbackHandler;
@ -66,12 +70,10 @@ public class JaspiAuthenticator implements Authenticator
this._deferred = new DeferredAuthentication(this);
}
public void setConfiguration(AuthConfiguration configuration)
{
}
public String getAuthMethod()
{
return "JASPI";
@ -79,19 +81,30 @@ public class JaspiAuthenticator implements Authenticator
public Authentication validateRequest(ServletRequest request, ServletResponse response, boolean mandatory) throws ServerAuthException
{
if (_allowLazyAuthentication && !mandatory)
return _deferred;
System.err.println("JaspiAuthenticator.validateRequest, uri=" + ((javax.servlet.http.HttpServletRequest) request).getRequestURI()
+ "lazy="
+ _allowLazyAuthentication
+ " mandatory="
+ mandatory);
new Throwable().printStackTrace();
JaspiMessageInfo info = new JaspiMessageInfo(request, response, mandatory);
request.setAttribute("org.eclipse.jetty.security.jaspi.info", info);
/* if (_allowLazyAuthentication && !mandatory)
return _deferred;*/
return validateRequest(info);
}
// most likely validatedUser is not needed here.
public boolean secureResponse(ServletRequest req, ServletResponse res, boolean mandatory, User validatedUser) throws ServerAuthException
{
System.err.println("JaspiAuthenticator.secureResponse uri=" + ((javax.servlet.http.HttpServletRequest) req).getRequestURI());
JaspiMessageInfo info = (JaspiMessageInfo) req.getAttribute("org.eclipse.jetty.security.jaspi.info");
if (info==null) throw new NullPointerException("MeesageInfo from request missing: " + req);
if (info == null) throw new NullPointerException("MessageInfo from request missing: " + req);
return secureResponse(info, validatedUser);
}
@ -99,17 +112,17 @@ public class JaspiAuthenticator implements Authenticator
{
try
{
System.err.println("jaspAuthenticator.validateRequest(info)");
String authContextId = _authConfig.getAuthContextID(messageInfo);
ServerAuthContext authContext = _authConfig.getAuthContext(authContextId, _serviceSubject, _authProperties);
Subject clientSubject = new Subject();
AuthStatus authStatus = authContext.validateRequest(messageInfo, clientSubject, _serviceSubject);
// String authMethod = (String)messageInfo.getMap().get(JaspiMessageInfo.AUTH_METHOD_KEY);
// String authMethod =
// (String)messageInfo.getMap().get(JaspiMessageInfo.AUTH_METHOD_KEY);
if (authStatus == AuthStatus.SEND_CONTINUE)
return Authentication.SEND_CONTINUE;
if (authStatus == AuthStatus.SEND_FAILURE)
return Authentication.SEND_FAILURE;
if (authStatus == AuthStatus.SEND_CONTINUE) return Authentication.SEND_CONTINUE;
if (authStatus == AuthStatus.SEND_FAILURE) return Authentication.SEND_FAILURE;
if (authStatus == AuthStatus.SUCCESS)
{
@ -118,14 +131,14 @@ public class JaspiAuthenticator implements Authenticator
if (ids.size() > 0)
{
userIdentity = ids.iterator().next();
} else {
CallerPrincipalCallback principalCallback = _callbackHandler.getThreadCallerPrincipalCallback();
if (principalCallback == null)
{
return Authentication.UNAUTHENTICATED;
}
else
{
CallerPrincipalCallback principalCallback = _callbackHandler.getThreadCallerPrincipalCallback();
if (principalCallback == null) { return Authentication.UNAUTHENTICATED; }
Principal principal = principalCallback.getPrincipal();
if (principal == null) {
if (principal == null)
{
String principalName = principalCallback.getName();
Set<Principal> principals = principalCallback.getSubject().getPrincipals();
for (Principal p : principals)
@ -136,10 +149,7 @@ public class JaspiAuthenticator implements Authenticator
break;
}
}
if (principal == null)
{
return Authentication.UNAUTHENTICATED;
}
if (principal == null) { return Authentication.UNAUTHENTICATED; }
}
GroupPrincipalCallback groupPrincipalCallback = _callbackHandler.getThreadGroupPrincipalCallback();
String[] groups = groupPrincipalCallback == null ? null : groupPrincipalCallback.getGroups();
@ -167,12 +177,15 @@ public class JaspiAuthenticator implements Authenticator
{
String authContextId = _authConfig.getAuthContextID(messageInfo);
ServerAuthContext authContext = _authConfig.getAuthContext(authContextId, _serviceSubject, _authProperties);
// TODO authContext.cleanSubject(messageInfo,validatedUser.getUserIdentity().getSubject());
// TODO
// authContext.cleanSubject(messageInfo,validatedUser.getUserIdentity().getSubject());
AuthStatus status = authContext.secureResponse(messageInfo, _serviceSubject);
return (AuthStatus.SEND_SUCCESS.equals(status));
}
catch (AuthException e)
{
System.err.println("Error in JaspiAuthenticator.secureResponse");
e.printStackTrace();
throw new ServerAuthException(e);
}
}

View File

@ -98,9 +98,13 @@ public class JaspiAuthenticatorFactory extends DefaultAuthenticatorFactory
Subject serviceSubject=findServiceSubject(server);
String serverName=findServerName(server,serviceSubject);
System.err.println("authconfigfactory="+authConfigFactory+" serviceSubject="+serviceSubject+" serverName="+serverName);
String appContext = serverName + " " + context.getContextPath();
System.err.println("appcontext="+appContext);
AuthConfigProvider authConfigProvider = authConfigFactory.getConfigProvider(MESSAGE_LAYER,appContext,listener);
System.err.println("authconfigProvider="+authConfigProvider);
if (authConfigProvider != null)
{
ServletCallbackHandler servletCallbackHandler = new ServletCallbackHandler(loginService);

View File

@ -90,12 +90,12 @@ public class BaseAuthModule implements ServerAuthModule, ServerAuthContext
public AuthStatus secureResponse(MessageInfo messageInfo, Subject serviceSubject) throws AuthException
{
// servlets do not need secured responses
return AuthStatus.SUCCESS;
return AuthStatus.SEND_SUCCESS;
}
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException
{
return AuthStatus.FAILURE;
return AuthStatus.SEND_FAILURE;
}
/**

View File

@ -146,22 +146,25 @@ public class FormAuthModule extends BaseAuthModule
@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException
{
System.err.println("FormAuthModule.validateRequest(info,subject,serviceSubject)");
HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage();
HttpSession session = request.getSession(isMandatory(messageInfo));
String uri = request.getPathInfo();
String uri = request.getRequestURI();
// not mandatory and not authenticated
if (session == null || isLoginOrErrorPage(uri)) return AuthStatus.SUCCESS;
System.err.println("FormAuthModule.validateRequest(info,subect,serviceSubject), uri="+uri);
try
{
// Handle a request for authentication.
// TODO perhaps j_securitycheck can be uri suffix?
if (uri.endsWith(__J_SECURITY_CHECK))
if (uri != null && isJSecurityCheck(uri))
{
final String username = request.getParameter(__J_USERNAME);
final String password = request.getParameter(__J_PASSWORD);
System.err.println("Try login username="+username+" password="+password);
boolean success = tryLogin(messageInfo, clientSubject, response, session, username, new Password(password));
if (success)
{
@ -199,6 +202,7 @@ public class FormAuthModule extends BaseAuthModule
if (form_cred != null)
{
System.err.println("Form cred: form.username="+form_cred._jUserName+" form.pwd="+new String(form_cred._jPassword));
boolean success = tryLogin(messageInfo, clientSubject, response, session, form_cred._jUserName, new Password(new String(form_cred._jPassword)));
if (success) { return AuthStatus.SUCCESS; }
// CallbackHandler loginCallbackHandler = new
@ -300,6 +304,7 @@ public class FormAuthModule extends BaseAuthModule
return AuthStatus.SUCCESS;
// redirect to login page
System.err.println("Redirecting to login page");
if (request.getQueryString() != null) uri += "?" + request.getQueryString();
session.setAttribute(__J_URI, request.getScheme() + "://"
+ request.getServerName()
@ -321,6 +326,20 @@ public class FormAuthModule extends BaseAuthModule
}
/* ------------------------------------------------------------ */
public boolean isJSecurityCheck(String uri)
{
int jsc = uri.indexOf(__J_SECURITY_CHECK);
if (jsc<0)
return false;
int e=jsc+__J_SECURITY_CHECK.length();
if (e==uri.length())
return true;
char c = uri.charAt(e);
return c==';'||c=='#'||c=='/'||c=='?';
}
private boolean tryLogin(MessageInfo messageInfo, Subject clientSubject,
HttpServletResponse response, HttpSession session,
String username, Password password)

View File

@ -318,11 +318,13 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
if (!_loginServiceShared && _loginService instanceof LifeCycle)
((LifeCycle)_loginService).start();
System.err.println("authenticator="+_authenticator+" authenticatorFactory="+_authenticatorFactory+" identityService="+_identityService);
if (_authenticator==null && _authenticatorFactory!=null && _identityService!=null)
{
_authenticator=_authenticatorFactory.getAuthenticator(getServer(),ContextHandler.getCurrentContext(),this, _identityService, _loginService);
if (_authenticator!=null)
_authMethod=_authenticator.getAuthMethod();
System.err.println("Called auth factory, authenticator="+_authenticator);
}
if (_authenticator==null)
@ -477,7 +479,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
deferred.setIdentityService(_identityService);
deferred.setLoginService(_loginService);
baseRequest.setAuthentication(authentication);
System.err.println("uri="+baseRequest.getUri()+" Auth is deferred");
try
{
handler.handle(pathInContext, baseRequest, request, response);
@ -487,7 +489,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
previousIdentity = deferred.getPreviousAssociation();
deferred.setIdentityService(null);
}
System.err.println("Securityhandler calling secureResponse, for Authentication.User");
Authentication auth=baseRequest.getAuthentication();
if (auth instanceof Authentication.User)
{