Package org.eclipse.jetty.security
Class ConfigurableSpnegoLoginService
- java.lang.Object
-
- org.eclipse.jetty.util.component.AbstractLifeCycle
-
- org.eclipse.jetty.util.component.ContainerLifeCycle
-
- org.eclipse.jetty.security.ConfigurableSpnegoLoginService
-
- All Implemented Interfaces:
LoginService
,Container
,Destroyable
,Dumpable
,Dumpable.DumpableContainer
,LifeCycle
public class ConfigurableSpnegoLoginService extends ContainerLifeCycle implements LoginService
A configurable (as opposed to using system properties) SPNEGO LoginService.
At startup, this LoginService will login via JAAS the service principal, composed of the
service name
and thehost name
, for exampleHTTP/wonder.com
, using akeyTab
file as the service principal credentials.Upon receiving an HTTP request, the server tries to authenticate the client calling
login(String, Object, ServletRequest)
where the GSS APIs are used to verify client tokens and (perhaps after a few round-trips) aGSSContext
is established.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description private static class
ConfigurableSpnegoLoginService.GSSContextHolder
private class
ConfigurableSpnegoLoginService.SpnegoConfiguration
private static class
ConfigurableSpnegoLoginService.SpnegoContext
-
Nested classes/interfaces inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle
AbstractLifeCycle.AbstractLifeCycleListener
-
Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.Container
Container.InheritedListener, Container.Listener
-
Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.Dumpable
Dumpable.DumpableContainer
-
Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.LifeCycle
LifeCycle.Listener
-
-
Field Summary
Fields Modifier and Type Field Description private AuthorizationService
_authorizationService
private ConfigurableSpnegoLoginService.SpnegoContext
_context
private org.ietf.jgss.GSSManager
_gssManager
private java.lang.String
_hostName
private IdentityService
_identityService
private java.nio.file.Path
_keyTabPath
private java.lang.String
_realm
private java.lang.String
_serviceName
private static Logger
LOG
-
Constructor Summary
Constructors Constructor Description ConfigurableSpnegoLoginService(java.lang.String realm, AuthorizationService authorizationService)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description private java.security.PrivilegedAction<byte[]>
acceptGSSContext(org.ietf.jgss.GSSContext gssContext, byte[] token)
protected void
doStart()
Starts the managed lifecycle beans in the order they were added.java.lang.String
getHostName()
IdentityService
getIdentityService()
Get the IdentityService associated with this Login Service.java.nio.file.Path
getKeyTabPath()
java.lang.String
getName()
java.lang.String
getServiceName()
UserIdentity
login(java.lang.String username, java.lang.Object credentials, javax.servlet.ServletRequest req)
Login a user.void
logout(UserIdentity user)
private java.security.PrivilegedAction<org.ietf.jgss.GSSContext>
newGSSContext()
private java.security.PrivilegedAction<ConfigurableSpnegoLoginService.SpnegoContext>
newSpnegoContext(javax.security.auth.Subject subject)
void
setHostName(java.lang.String hostName)
void
setIdentityService(IdentityService identityService)
Set the IdentityService associated with this Login Service.void
setKeyTabPath(java.nio.file.Path keyTabFile)
void
setServiceName(java.lang.String serviceName)
private java.lang.String
toUserName(org.ietf.jgss.GSSContext gssContext)
boolean
validate(UserIdentity user)
Validate a user identity.-
Methods inherited from class org.eclipse.jetty.util.component.ContainerLifeCycle
addBean, addBean, addEventListener, addManaged, contains, destroy, doStop, dump, dump, dump, dump, dump, dumpBeans, dumpObject, dumpObjects, dumpStdErr, dumpThis, getBean, getBeans, getBeans, getContainedBeans, getContainedBeans, isAuto, isManaged, isUnmanaged, manage, removeBean, removeBeans, removeEventListener, setBeans, setStopTimeout, start, stop, unmanage, updateBean, updateBean, updateBeans
-
Methods inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle
addLifeCycleListener, getState, getState, getStopTimeout, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, stop, toString
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
-
Methods inherited from interface org.eclipse.jetty.util.component.Dumpable.DumpableContainer
isDumpable
-
-
-
-
Field Detail
-
LOG
private static final Logger LOG
-
_gssManager
private final org.ietf.jgss.GSSManager _gssManager
-
_realm
private final java.lang.String _realm
-
_authorizationService
private final AuthorizationService _authorizationService
-
_identityService
private IdentityService _identityService
-
_serviceName
private java.lang.String _serviceName
-
_keyTabPath
private java.nio.file.Path _keyTabPath
-
_hostName
private java.lang.String _hostName
-
_context
private ConfigurableSpnegoLoginService.SpnegoContext _context
-
-
Constructor Detail
-
ConfigurableSpnegoLoginService
public ConfigurableSpnegoLoginService(java.lang.String realm, AuthorizationService authorizationService)
-
-
Method Detail
-
getName
public java.lang.String getName()
- Specified by:
getName
in interfaceLoginService
- Returns:
- the realm name
-
getKeyTabPath
public java.nio.file.Path getKeyTabPath()
- Returns:
- the path of the keyTab file containing service credentials
-
setKeyTabPath
public void setKeyTabPath(java.nio.file.Path keyTabFile)
- Parameters:
keyTabFile
- the path of the keyTab file containing service credentials
-
getServiceName
public java.lang.String getServiceName()
- Returns:
- the service name, typically "HTTP"
- See Also:
getHostName()
-
setServiceName
public void setServiceName(java.lang.String serviceName)
- Parameters:
serviceName
- the service name- See Also:
setHostName(String)
-
getHostName
public java.lang.String getHostName()
- Returns:
- the host name of the service
- See Also:
setServiceName(String)
-
setHostName
public void setHostName(java.lang.String hostName)
- Parameters:
hostName
- the host name of the service
-
doStart
protected void doStart() throws java.lang.Exception
Description copied from class:ContainerLifeCycle
Starts the managed lifecycle beans in the order they were added.- Overrides:
doStart
in classContainerLifeCycle
- Throws:
java.lang.Exception
-
newSpnegoContext
private java.security.PrivilegedAction<ConfigurableSpnegoLoginService.SpnegoContext> newSpnegoContext(javax.security.auth.Subject subject)
-
login
public UserIdentity login(java.lang.String username, java.lang.Object credentials, javax.servlet.ServletRequest req)
Description copied from interface:LoginService
Login a user.- Specified by:
login
in interfaceLoginService
- Parameters:
username
- The user namecredentials
- The users credentialsreq
- TODO- Returns:
- A UserIdentity if the credentials matched, otherwise null
-
newGSSContext
private java.security.PrivilegedAction<org.ietf.jgss.GSSContext> newGSSContext()
-
acceptGSSContext
private java.security.PrivilegedAction<byte[]> acceptGSSContext(org.ietf.jgss.GSSContext gssContext, byte[] token)
-
toUserName
private java.lang.String toUserName(org.ietf.jgss.GSSContext gssContext)
-
validate
public boolean validate(UserIdentity user)
Description copied from interface:LoginService
Validate a user identity. Validate that a UserIdentity previously created by a call toLoginService.login(String, Object, ServletRequest)
is still valid.- Specified by:
validate
in interfaceLoginService
- Parameters:
user
- The user to validate- Returns:
- true if authentication has not been revoked for the user.
-
getIdentityService
public IdentityService getIdentityService()
Description copied from interface:LoginService
Get the IdentityService associated with this Login Service.- Specified by:
getIdentityService
in interfaceLoginService
- Returns:
- the IdentityService associated with this Login Service.
-
setIdentityService
public void setIdentityService(IdentityService identityService)
Description copied from interface:LoginService
Set the IdentityService associated with this Login Service.- Specified by:
setIdentityService
in interfaceLoginService
- Parameters:
identityService
- the IdentityService associated with this Login Service.
-
logout
public void logout(UserIdentity user)
- Specified by:
logout
in interfaceLoginService
-
-