org.eclipse.jetty.security.jaspi.ServletCallbackHandler Maven / Gradle / Ivy
The newest version!
//
// ========================================================================
// Copyright (c) 1995-2012 Mort Bay Consulting Pty. Ltd.
// ------------------------------------------------------------------------
// All rights reserved. This program and the accompanying materials
// are made available under the terms of the Eclipse Public License v1.0
// and Apache License v2.0 which accompanies this distribution.
//
// The Eclipse Public License is available at
// http://www.eclipse.org/legal/epl-v10.html
//
// The Apache License v2.0 is available at
// http://www.opensource.org/licenses/apache2.0.php
//
// You may elect to redistribute this code under either of these licenses.
// ========================================================================
//
package org.eclipse.jetty.security.jaspi;
import java.io.IOException;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.message.callback.CallerPrincipalCallback;
import javax.security.auth.message.callback.CertStoreCallback;
import javax.security.auth.message.callback.GroupPrincipalCallback;
import javax.security.auth.message.callback.PasswordValidationCallback;
import javax.security.auth.message.callback.PrivateKeyCallback;
import javax.security.auth.message.callback.SecretKeyCallback;
import javax.security.auth.message.callback.TrustStoreCallback;
import org.eclipse.jetty.security.LoginService;
import org.eclipse.jetty.security.authentication.LoginCallback;
import org.eclipse.jetty.security.authentication.LoginCallbackImpl;
import org.eclipse.jetty.security.jaspi.callback.CredentialValidationCallback;
import org.eclipse.jetty.server.UserIdentity;
/**
*
* Idiot class required by jaspi stupidity
*
* @version $Rev: 4793 $ $Date: 2009-03-19 00:00:01 +0100 (Thu, 19 Mar 2009) $
*/
public class ServletCallbackHandler implements CallbackHandler
{
private final LoginService _loginService;
private final ThreadLocal _callerPrincipals = new ThreadLocal();
private final ThreadLocal _groupPrincipals = new ThreadLocal();
public ServletCallbackHandler(LoginService loginService)
{
_loginService = loginService;
}
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException
{
for (Callback callback : callbacks)
{
// jaspi to server communication
if (callback instanceof CallerPrincipalCallback)
{
_callerPrincipals.set((CallerPrincipalCallback) callback);
}
else if (callback instanceof GroupPrincipalCallback)
{
_groupPrincipals.set((GroupPrincipalCallback) callback);
}
else if (callback instanceof PasswordValidationCallback)
{
PasswordValidationCallback passwordValidationCallback = (PasswordValidationCallback) callback;
Subject subject = passwordValidationCallback.getSubject();
UserIdentity user = _loginService.login(passwordValidationCallback.getUsername(),passwordValidationCallback.getPassword());
if (user!=null)
{
passwordValidationCallback.setResult(true);
passwordValidationCallback.getSubject().getPrincipals().addAll(user.getSubject().getPrincipals());
passwordValidationCallback.getSubject().getPrivateCredentials().add(user);
}
}
else if (callback instanceof CredentialValidationCallback)
{
CredentialValidationCallback credentialValidationCallback = (CredentialValidationCallback) callback;
Subject subject = credentialValidationCallback.getSubject();
LoginCallback loginCallback = new LoginCallbackImpl(subject,
credentialValidationCallback.getUsername(),
credentialValidationCallback.getCredential());
UserIdentity user = _loginService.login(credentialValidationCallback.getUsername(),credentialValidationCallback.getCredential());
if (user!=null)
{
loginCallback.setUserPrincipal(user.getUserPrincipal());
credentialValidationCallback.getSubject().getPrivateCredentials().add(loginCallback);
credentialValidationCallback.setResult(true);
credentialValidationCallback.getSubject().getPrincipals().addAll(user.getSubject().getPrincipals());
credentialValidationCallback.getSubject().getPrivateCredentials().add(user);
}
}
// server to jaspi communication
// TODO implement these
else if (callback instanceof CertStoreCallback)
{
}
else if (callback instanceof PrivateKeyCallback)
{
}
else if (callback instanceof SecretKeyCallback)
{
}
else if (callback instanceof TrustStoreCallback)
{
}
else
{
throw new UnsupportedCallbackException(callback);
}
}
}
public CallerPrincipalCallback getThreadCallerPrincipalCallback()
{
CallerPrincipalCallback callerPrincipalCallback = _callerPrincipals.get();
_callerPrincipals.remove();
return callerPrincipalCallback;
}
public GroupPrincipalCallback getThreadGroupPrincipalCallback()
{
GroupPrincipalCallback groupPrincipalCallback = _groupPrincipals.get();
_groupPrincipals.remove();
return groupPrincipalCallback;
}
}