2 // ========================================================================
3 // Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd.
4 // ------------------------------------------------------------------------
5 // All rights reserved. This program and the accompanying materials
6 // are made available under the terms of the Eclipse Public License v1.0
7 // and Apache License v2.0 which accompanies this distribution.
9 // The Eclipse Public License is available at
10 // http://www.eclipse.org/legal/epl-v10.html
12 // The Apache License v2.0 is available at
13 // http://www.opensource.org/licenses/apache2.0.php
15 // You may elect to redistribute this code under either of these licenses.
16 // ========================================================================
19 package org.eclipse.jetty.security;
21 import java.util.Properties;
23 import javax.security.auth.Subject;
25 import org.eclipse.jetty.server.UserIdentity;
26 import org.eclipse.jetty.util.B64Code;
27 import org.eclipse.jetty.util.component.AbstractLifeCycle;
28 import org.eclipse.jetty.util.log.Log;
29 import org.eclipse.jetty.util.log.Logger;
30 import org.eclipse.jetty.util.resource.Resource;
31 import org.ietf.jgss.GSSContext;
32 import org.ietf.jgss.GSSCredential;
33 import org.ietf.jgss.GSSException;
34 import org.ietf.jgss.GSSManager;
35 import org.ietf.jgss.GSSName;
36 import org.ietf.jgss.Oid;
38 public class SpnegoLoginService extends AbstractLifeCycle implements LoginService
40 private static final Logger LOG = Log.getLogger(SpnegoLoginService.class);
42 protected IdentityService _identityService;// = new LdapIdentityService();
43 protected String _name;
44 private String _config;
46 private String _targetName;
48 public SpnegoLoginService()
53 public SpnegoLoginService( String name )
58 public SpnegoLoginService( String name, String config )
65 public String getName()
70 public void setName(String name)
74 throw new IllegalStateException("Running");
80 public String getConfig()
85 public void setConfig( String config )
89 throw new IllegalStateException("Running");
98 protected void doStart() throws Exception
100 Properties properties = new Properties();
101 Resource resource = Resource.newResource(_config);
102 properties.load(resource.getInputStream());
104 _targetName = properties.getProperty("targetName");
106 LOG.debug("Target Name {}", _targetName);
112 * username will be null since the credentials will contain all the relevant info
115 public UserIdentity login(String username, Object credentials)
117 String encodedAuthToken = (String)credentials;
119 byte[] authToken = B64Code.decode(encodedAuthToken);
121 GSSManager manager = GSSManager.getInstance();
124 Oid krb5Oid = new Oid("1.3.6.1.5.5.2"); // http://java.sun.com/javase/6/docs/technotes/guides/security/jgss/jgss-features.html
125 GSSName gssName = manager.createName(_targetName,null);
126 GSSCredential serverCreds = manager.createCredential(gssName,GSSCredential.INDEFINITE_LIFETIME,krb5Oid,GSSCredential.ACCEPT_ONLY);
127 GSSContext gContext = manager.createContext(serverCreds);
129 if (gContext == null)
131 LOG.debug("SpnegoUserRealm: failed to establish GSSContext");
135 while (!gContext.isEstablished())
137 authToken = gContext.acceptSecContext(authToken,0,authToken.length);
139 if (gContext.isEstablished())
141 String clientName = gContext.getSrcName().toString();
142 String role = clientName.substring(clientName.indexOf('@') + 1);
144 LOG.debug("SpnegoUserRealm: established a security context");
145 LOG.debug("Client Principal is: " + gContext.getSrcName());
146 LOG.debug("Server Principal is: " + gContext.getTargName());
147 LOG.debug("Client Default Role: " + role);
149 SpnegoUserPrincipal user = new SpnegoUserPrincipal(clientName,authToken);
151 Subject subject = new Subject();
152 subject.getPrincipals().add(user);
154 return _identityService.newUserIdentity(subject,user, new String[]{role});
159 catch (GSSException gsse)
168 public boolean validate(UserIdentity user)
174 public IdentityService getIdentityService()
176 return _identityService;
180 public void setIdentityService(IdentityService service)
182 _identityService = service;
186 public void logout(UserIdentity user)
188 // TODO Auto-generated method stub