jetty-security/src/main/java/org/eclipse/jetty/security/AbstractLoginService.java - gerrit/jetty/org.eclipse.jetty.project - Git at Google

 //
 //  ========================================================================
 //  Copyright (c) 1995-2016 Mort Bay Consulting Pty. Ltd.
 //  ------------------------------------------------------------------------
 //  All rights reserved. This program and the accompanying materials
 //  are made available under the terms of the Eclipse Public License v1.0
 //  and Apache License v2.0 which accompanies this distribution.
 //
 //      The Eclipse Public License is available at
 //      http://www.eclipse.org/legal/epl-v10.html
 //
 //      The Apache License v2.0 is available at
 //      http://www.opensource.org/licenses/apache2.0.php
 //
 //  You may elect to redistribute this code under either of these licenses.
 //  ========================================================================
 //


 package org.eclipse.jetty.security;

 import java.io.Serializable;
 import java.security.Principal;

 import javax.security.auth.Subject;
 import javax.servlet.ServletRequest;


 import org.eclipse.jetty.server.UserIdentity;
 import org.eclipse.jetty.util.component.AbstractLifeCycle;
 import org.eclipse.jetty.util.log.Log;
 import org.eclipse.jetty.util.log.Logger;
 import org.eclipse.jetty.util.security.Credential;

 /**
  * AbstractLoginService
  */
 public abstract class AbstractLoginService extends AbstractLifeCycle implements LoginService
 {
     private static final Logger LOG = Log.getLogger(AbstractLoginService.class);

     protected IdentityService _identityService=new DefaultIdentityService();
     protected String _name;
     protected boolean _fullValidate = false;


     /* ------------------------------------------------------------ */
     /**
      * RolePrincipal
      */
     public static class RolePrincipal implements Principal,Serializable
     {
         private static final long serialVersionUID = 2998397924051854402L;
         private final String _roleName;
         public RolePrincipal(String name)
         {
             _roleName=name;
         }
         public String getName()
         {
             return _roleName;
         }
     }


     /* ------------------------------------------------------------ */
     /**
      * UserPrincipal
      */
     public static class UserPrincipal implements Principal,Serializable
     {
         private static final long serialVersionUID = -6226920753748399662L;
         private final String _name;
         private final Credential _credential;


         /* -------------------------------------------------------- */
         public UserPrincipal(String name,Credential credential)
         {
             _name=name;
             _credential=credential;
         }

         /* -------------------------------------------------------- */
         public boolean authenticate(Object credentials)
         {
             return _credential!=null && _credential.check(credentials);
         }

         /* -------------------------------------------------------- */
         public boolean authenticate (Credential c)
         {
             return(_credential != null && c != null && _credential.equals(c));
         }

         /* ------------------------------------------------------------ */
         public String getName()
         {
             return _name;
         }


         /* -------------------------------------------------------- */
         @Override
         public String toString()
         {
             return _name;
         }
     }

     /* ------------------------------------------------------------ */
     protected abstract String[] loadRoleInfo (UserPrincipal user);

     /* ------------------------------------------------------------ */
     protected abstract UserPrincipal loadUserInfo (String username);

     /* ------------------------------------------------------------ */
     /**
      * @see org.eclipse.jetty.security.LoginService#getName()
      */
     @Override
     public String getName()
     {
        return _name;
     }

     /* ------------------------------------------------------------ */
     /** Set the identityService.
      * @param identityService the identityService to set
      */
     public void setIdentityService(IdentityService identityService)
     {
         if (isRunning())
             throw new IllegalStateException("Running");
         _identityService = identityService;
     }

     /* ------------------------------------------------------------ */
     /** Set the name.
      * @param name the name to set
      */
     public void setName(String name)
     {
         if (isRunning())
             throw new IllegalStateException("Running");
         _name = name;
     }

     /* ------------------------------------------------------------ */
     @Override
     public String toString()
     {
         return this.getClass().getSimpleName()+"["+_name+"]";
     }


     /* ------------------------------------------------------------ */
     /**
      * @see org.eclipse.jetty.security.LoginService#login(java.lang.String, java.lang.Object, javax.servlet.ServletRequest)
      */
     @Override
     public UserIdentity login(String username, Object credentials, ServletRequest request)
     {
         if (username == null)
             return null;

         UserPrincipal userPrincipal = loadUserInfo(username);
         if (userPrincipal != null && userPrincipal.authenticate(credentials))
         {
             //safe to load the roles
             String[] roles = loadRoleInfo(userPrincipal);

             Subject subject = new Subject();
             subject.getPrincipals().add(userPrincipal);
             subject.getPrivateCredentials().add(userPrincipal._credential);
             if (roles!=null)
                 for (String role : roles)
                     subject.getPrincipals().add(new RolePrincipal(role));
             subject.setReadOnly();
             return _identityService.newUserIdentity(subject,userPrincipal,roles);
         }

         return null;

     }


     /* ------------------------------------------------------------ */
     /**
      * @see org.eclipse.jetty.security.LoginService#validate(org.eclipse.jetty.server.UserIdentity)
      */
     @Override
     public boolean validate(UserIdentity user)
     {
         if (!isFullValidate())
             return true; //if we have a user identity it must be valid

         //Do a full validation back against the user store
         UserPrincipal fresh = loadUserInfo(user.getUserPrincipal().getName());
         if (fresh == null)
             return false; //user no longer exists

         if (user.getUserPrincipal() instanceof UserPrincipal)
         {
             System.err.println("VALIDATING user "+fresh.getName());
             return fresh.authenticate(((UserPrincipal)user.getUserPrincipal())._credential);
         }

         throw new IllegalStateException("UserPrincipal not KnownUser"); //can't validate
     }


     /* ------------------------------------------------------------ */
     /**
      * @see org.eclipse.jetty.security.LoginService#getIdentityService()
      */
     @Override
     public IdentityService getIdentityService()
     {
         return _identityService;
     }


     /* ------------------------------------------------------------ */
     /**
      * @see org.eclipse.jetty.security.LoginService#logout(org.eclipse.jetty.server.UserIdentity)
      */
     @Override
     public void logout(UserIdentity user)
     {
         //Override in subclasses

     }

     /* ------------------------------------------------------------ */
     public boolean isFullValidate()
     {
         return _fullValidate;
     }

     /* ------------------------------------------------------------ */
     public void setFullValidate(boolean fullValidate)
     {
         _fullValidate = fullValidate;
     }

 }
	//
	// ========================================================================
	// Copyright (c) 1995-2016 Mort Bay Consulting Pty. Ltd.
	// ------------------------------------------------------------------------
	// All rights reserved. This program and the accompanying materials
	// are made available under the terms of the Eclipse Public License v1.0
	// and Apache License v2.0 which accompanies this distribution.
	//
	// The Eclipse Public License is available at
	// http://www.eclipse.org/legal/epl-v10.html
	//
	// The Apache License v2.0 is available at
	// http://www.opensource.org/licenses/apache2.0.php
	//
	// You may elect to redistribute this code under either of these licenses.
	// ========================================================================
	//


	package org.eclipse.jetty.security;

	import java.io.Serializable;
	import java.security.Principal;

	import javax.security.auth.Subject;
	import javax.servlet.ServletRequest;


	import org.eclipse.jetty.server.UserIdentity;
	import org.eclipse.jetty.util.component.AbstractLifeCycle;
	import org.eclipse.jetty.util.log.Log;
	import org.eclipse.jetty.util.log.Logger;
	import org.eclipse.jetty.util.security.Credential;

	/**
	* AbstractLoginService
	*/
	public abstract class AbstractLoginService extends AbstractLifeCycle implements LoginService
	{
	private static final Logger LOG = Log.getLogger(AbstractLoginService.class);

	protected IdentityService _identityService=new DefaultIdentityService();
	protected String _name;
	protected boolean _fullValidate = false;


	/* ------------------------------------------------------------ */
	/**
	* RolePrincipal
	*/
	public static class RolePrincipal implements Principal,Serializable
	{
	private static final long serialVersionUID = 2998397924051854402L;
	private final String _roleName;
	public RolePrincipal(String name)
	{
	_roleName=name;
	}
	public String getName()
	{
	return _roleName;
	}
	}


	/* ------------------------------------------------------------ */
	/**
	* UserPrincipal
	*/
	public static class UserPrincipal implements Principal,Serializable
	{
	private static final long serialVersionUID = -6226920753748399662L;
	private final String _name;
	private final Credential _credential;


	/* -------------------------------------------------------- */
	public UserPrincipal(String name,Credential credential)
	{
	_name=name;
	_credential=credential;
	}

	/* -------------------------------------------------------- */
	public boolean authenticate(Object credentials)
	{
	return _credential!=null && _credential.check(credentials);
	}

	/* -------------------------------------------------------- */
	public boolean authenticate (Credential c)
	{
	return(_credential != null && c != null && _credential.equals(c));
	}

	/* ------------------------------------------------------------ */
	public String getName()
	{
	return _name;
	}



	/* -------------------------------------------------------- */
	@Override
	public String toString()
	{
	return _name;
	}
	}

	/* ------------------------------------------------------------ */
	protected abstract String[] loadRoleInfo (UserPrincipal user);

	/* ------------------------------------------------------------ */
	protected abstract UserPrincipal loadUserInfo (String username);

	/* ------------------------------------------------------------ */
	/**
	* @see org.eclipse.jetty.security.LoginService#getName()
	*/
	@Override
	public String getName()
	{
	return _name;
	}

	/* ------------------------------------------------------------ */
	/** Set the identityService.
	* @param identityService the identityService to set
	*/
	public void setIdentityService(IdentityService identityService)
	{
	if (isRunning())
	throw new IllegalStateException("Running");
	_identityService = identityService;
	}

	/* ------------------------------------------------------------ */
	/** Set the name.
	* @param name the name to set
	*/
	public void setName(String name)
	{
	if (isRunning())
	throw new IllegalStateException("Running");
	_name = name;
	}

	/* ------------------------------------------------------------ */
	@Override
	public String toString()
	{
	return this.getClass().getSimpleName()+"["+_name+"]";
	}


	/* ------------------------------------------------------------ */
	/**
	* @see org.eclipse.jetty.security.LoginService#login(java.lang.String, java.lang.Object, javax.servlet.ServletRequest)
	*/
	@Override
	public UserIdentity login(String username, Object credentials, ServletRequest request)
	{
	if (username == null)
	return null;

	UserPrincipal userPrincipal = loadUserInfo(username);
	if (userPrincipal != null && userPrincipal.authenticate(credentials))
	{
	//safe to load the roles
	String[] roles = loadRoleInfo(userPrincipal);

	Subject subject = new Subject();
	subject.getPrincipals().add(userPrincipal);
	subject.getPrivateCredentials().add(userPrincipal._credential);
	if (roles!=null)
	for (String role : roles)
	subject.getPrincipals().add(new RolePrincipal(role));
	subject.setReadOnly();
	return _identityService.newUserIdentity(subject,userPrincipal,roles);
	}

	return null;

	}


	/* ------------------------------------------------------------ */
	/**
	* @see org.eclipse.jetty.security.LoginService#validate(org.eclipse.jetty.server.UserIdentity)
	*/
	@Override
	public boolean validate(UserIdentity user)
	{
	if (!isFullValidate())
	return true; //if we have a user identity it must be valid

	//Do a full validation back against the user store
	UserPrincipal fresh = loadUserInfo(user.getUserPrincipal().getName());
	if (fresh == null)
	return false; //user no longer exists

	if (user.getUserPrincipal() instanceof UserPrincipal)
	{
	System.err.println("VALIDATING user "+fresh.getName());
	return fresh.authenticate(((UserPrincipal)user.getUserPrincipal())._credential);
	}

	throw new IllegalStateException("UserPrincipal not KnownUser"); //can't validate
	}


	/* ------------------------------------------------------------ */
	/**
	* @see org.eclipse.jetty.security.LoginService#getIdentityService()
	*/
	@Override
	public IdentityService getIdentityService()
	{
	return _identityService;
	}


	/* ------------------------------------------------------------ */
	/**
	* @see org.eclipse.jetty.security.LoginService#logout(org.eclipse.jetty.server.UserIdentity)
	*/
	@Override
	public void logout(UserIdentity user)
	{
	//Override in subclasses

	}

	/* ------------------------------------------------------------ */
	public boolean isFullValidate()
	{
	return _fullValidate;
	}

	/* ------------------------------------------------------------ */
	public void setFullValidate(boolean fullValidate)
	{
	_fullValidate = fullValidate;
	}

	}