geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ashishj...@apache.org
Subject svn commit: r958512 - in /geronimo/server/branches/2.1/plugins/tomcat/geronimo-tomcat6/src/main: java/org/apache/geronimo/tomcat/authenticator/ resources/org/apache/geronimo/tomcat/
Date Mon, 28 Jun 2010 09:20:29 GMT
Author: ashishjain
Date: Mon Jun 28 09:20:28 2010
New Revision: 958512

URL: http://svn.apache.org/viewvc?rev=958512&view=rev
Log:
GERONIMO-5196 Spnego Authenticator for geronimo

Added:
    geronimo/server/branches/2.1/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/authenticator/SpnegoAuthenticator.java
  (with props)
Modified:
    geronimo/server/branches/2.1/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/authenticator/GenericHeaderAuthenticator.java
    geronimo/server/branches/2.1/plugins/tomcat/geronimo-tomcat6/src/main/resources/org/apache/geronimo/tomcat/GeronimoCustomAuthenticator.properties

Modified: geronimo/server/branches/2.1/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/authenticator/GenericHeaderAuthenticator.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/2.1/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/authenticator/GenericHeaderAuthenticator.java?rev=958512&r1=958511&r2=958512&view=diff
==============================================================================
--- geronimo/server/branches/2.1/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/authenticator/GenericHeaderAuthenticator.java
(original)
+++ geronimo/server/branches/2.1/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/authenticator/GenericHeaderAuthenticator.java
Mon Jun 28 09:20:28 2010
@@ -12,8 +12,9 @@ import org.apache.catalina.deploy.LoginC
 import org.apache.geronimo.tomcat.realm.TomcatGeronimoRealm;
 
 /*
- * An Authenticator which utilizes HttpRequest to perform authentication. This authentication
- * is non-interactive and does not require any user intervention.
+ * An Authenticator which utilizes HttpRequest headers to perform authentication.
+ * In web.xml use the <auth-method>GENERIC</auth-method> to invoke this
+ * authenticator.
  */
 public class GenericHeaderAuthenticator extends AuthenticatorBase {
    

Added: geronimo/server/branches/2.1/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/authenticator/SpnegoAuthenticator.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/2.1/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/authenticator/SpnegoAuthenticator.java?rev=958512&view=auto
==============================================================================
--- geronimo/server/branches/2.1/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/authenticator/SpnegoAuthenticator.java
(added)
+++ geronimo/server/branches/2.1/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/authenticator/SpnegoAuthenticator.java
Mon Jun 28 09:20:28 2010
@@ -0,0 +1,112 @@
+package org.apache.geronimo.tomcat.authenticator;
+
+import java.io.IOException;
+import java.security.Principal;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.catalina.authenticator.AuthenticatorBase;
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
+import org.apache.catalina.deploy.LoginConfig;
+import org.apache.catalina.util.Base64;
+import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.buf.ByteChunk;
+import org.apache.tomcat.util.buf.CharChunk;
+import org.apache.tomcat.util.buf.MessageBytes;
+
+/**
+ * A custom authenticator which provides Spnego Login capabilities in Geronimo.
+ * In web.xml use the <auth-method>SPNEGO</auth-method> to invoke this
+ * authenticator.
+ * 
+ */
+public class SpnegoAuthenticator extends AuthenticatorBase {
+
+    private static Log log = LogFactory.getLog(SpnegoAuthenticator.class);
+
+    private static final String SPNEGO_METHOD = "SPNEGO";
+
+    /**
+     * Authenticate bytes.
+     */
+    public static final byte[] AUTHENTICATE_BYTES = { (byte) 'W', (byte) 'W', (byte) 'W',
(byte) '-', (byte) 'A',
+            (byte) 'u', (byte) 't', (byte) 'h', (byte) 'e', (byte) 'n', (byte) 't', (byte)
'i', (byte) 'c', (byte) 'a',
+            (byte) 't', (byte) 'e' };
+
+    @Override
+    protected boolean authenticate(Request request, Response response, LoginConfig config)
throws IOException {
+        HttpServletResponse httpResponse = response.getResponse();
+        HttpServletRequest httpRequest = request.getRequest();
+        String header = httpRequest.getHeader("Authorization");
+        if (header == null) {
+            httpResponse.setHeader("WWW-Authenticate", "Negotiate");
+            httpResponse.setStatus(401);
+            return (false);
+        } else if (header != null && header.startsWith("Negotiate")) {
+            Principal principal = request.getUserPrincipal();
+            String username = header.substring(10);
+            String password = null;
+            principal = context.getRealm().authenticate(username, password);
+            if (principal != null) {
+                register(request, response, principal, SPNEGO_METHOD, username, password);
+                return (true);
+            } else
+                request.getCoyoteRequest().getMimeHeaders().removeHeader("authorization");
+        }
+
+        // Validate any credentials already included with this request
+        String username = null;
+        String password = null;
+        Principal principal = request.getUserPrincipal();
+        MessageBytes authorization = request.getCoyoteRequest().getMimeHeaders().getValue("authorization");
+        if (authorization != null) {
+            authorization.toBytes();
+            ByteChunk authorizationBC = authorization.getByteChunk();
+            if (authorizationBC.startsWithIgnoreCase("basic ", 0)) {
+                authorizationBC.setOffset(authorizationBC.getOffset() + 6);
+                // FIXME: Add trimming
+                // authorizationBC.trim();
+                CharChunk authorizationCC = authorization.getCharChunk();
+                Base64.decode(authorizationBC, authorizationCC);
+
+                // Get username and password
+                int colon = authorizationCC.indexOf(':');
+                if (colon < 0) {
+                    username = authorizationCC.toString();
+                } else {
+                    char[] buf = authorizationCC.getBuffer();
+                    username = new String(buf, 0, colon);
+                    password = new String(buf, colon + 1, authorizationCC.getEnd() - colon
- 1);
+                }
+
+                authorizationBC.setOffset(authorizationBC.getOffset() - 6);
+            }
+            principal = context.getRealm().authenticate(username, password);
+            if (principal != null) {
+                register(request, response, principal, SPNEGO_METHOD, username, password);
+                return (true);
+            }
+        }
+
+        // Send an "unauthorized" response and an appropriate challenge
+        MessageBytes authenticate = response.getCoyoteResponse().getMimeHeaders().addValue(AUTHENTICATE_BYTES,
0,
+                AUTHENTICATE_BYTES.length);
+        CharChunk authenticateCC = authenticate.getCharChunk();
+        authenticateCC.append("Basic realm=\"");
+        if (config.getRealmName() == null) {
+            authenticateCC.append(request.getServerName());
+            authenticateCC.append(':');
+            authenticateCC.append(Integer.toString(request.getServerPort()));
+        } else {
+            authenticateCC.append(config.getRealmName());
+        }
+        authenticateCC.append('\"');
+        authenticate.toChars();
+        response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+        // response.flushBuffer();
+        return (false);
+    }
+}
\ No newline at end of file

Propchange: geronimo/server/branches/2.1/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/authenticator/SpnegoAuthenticator.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/branches/2.1/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/authenticator/SpnegoAuthenticator.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/branches/2.1/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/authenticator/SpnegoAuthenticator.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Modified: geronimo/server/branches/2.1/plugins/tomcat/geronimo-tomcat6/src/main/resources/org/apache/geronimo/tomcat/GeronimoCustomAuthenticator.properties
URL: http://svn.apache.org/viewvc/geronimo/server/branches/2.1/plugins/tomcat/geronimo-tomcat6/src/main/resources/org/apache/geronimo/tomcat/GeronimoCustomAuthenticator.properties?rev=958512&r1=958511&r2=958512&view=diff
==============================================================================
--- geronimo/server/branches/2.1/plugins/tomcat/geronimo-tomcat6/src/main/resources/org/apache/geronimo/tomcat/GeronimoCustomAuthenticator.properties
(original)
+++ geronimo/server/branches/2.1/plugins/tomcat/geronimo-tomcat6/src/main/resources/org/apache/geronimo/tomcat/GeronimoCustomAuthenticator.properties
Mon Jun 28 09:20:28 2010
@@ -1 +1,2 @@
-GENERIC=org.apache.geronimo.tomcat.authenticator.GenericHeaderAuthenticator
\ No newline at end of file
+GENERIC=org.apache.geronimo.tomcat.authenticator.GenericHeaderAuthenticator
+SPNEGO=org.apache.geronimo.tomcat.authenticator.SpnegoAuthenticator
\ No newline at end of file



Mime
View raw message