Package org.mortbay.jetty.security

Examples of org.mortbay.jetty.security.Authenticator

161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
                substitutedPathInContext = substitutedPathInContext.replaceAll("%3A", "%3A%3A");
            if (substitutedPathInContext.indexOf(":") > -1)
                substitutedPathInContext = substitutedPathInContext.replaceAll(":", "%3A");


            Authenticator authenticator = getAuthenticator();
            boolean isAuthenticated = false;

            if (authenticator instanceof FormAuthenticator
                    && pathInContext.endsWith(FormAuthenticator.__J_SECURITY_CHECK)) {
                /**
                 * This is a post request to __J_SECURITY_CHECK. Stop now after authentication.
                 * Whether or not authentication succeeded, we return.
                 */
                authenticator.authenticate(realm, pathInContext, request, response);
                return false;
            }
            // attempt to access an unprotected resource that is not the
            // j_security_check.
            // if we are logged in, return the logged in principal.
            if (request != null) {
                // null response appears to prevent redirect to login page
                Principal user = authenticator.authenticate(realm, pathInContext,
                        request, null);
                if (user == null || user == SecurityHandler.__NOBODY) {
                    //TODO use run-as as nextCaller if present
                    ContextManager.setCallers(defaultPrincipal.getSubject(), defaultPrincipal.getSubject());
                    request.setUserPrincipal(new NotChecked());
                } else if (user != null) {
                    isAuthenticated = true;
                }
            }


            AccessControlContext acc = ContextManager.getCurrentContext();

            /**
             * JACC v1.0 section 4.1.1
             */
            WebUserDataPermission wudp = new WebUserDataPermission(substitutedPathInContext, new String[]{request.getMethod()}, transportType);
            acc.checkPermission(wudp);

            WebResourcePermission webResourcePermission = new WebResourcePermission(request);
            /**
             * JACC v1.0 section 4.1.2
             */
            if (isAuthenticated) {
                //current user is logged in, this is the actual check
                acc.checkPermission(webResourcePermission);
            } else {
                //user is not logged in: if access denied, try to log them in.
                try {
                    acc.checkPermission(webResourcePermission);
                } catch (AccessControlException e) {
                    //not logged in: try to log them in.
                    Principal user = authenticator.authenticate(realm, pathInContext, request, response);
                    if (user == SecurityHandler.__NOBODY) {
                        return true;
                    }
                    if (user == null) {
                        throw e;
View Full Code Here
79
80
81
82
83
84
85
86
87
88
89
        this.defaultPrincipal = generateDefaultPrincipal(defaultPrincipal,classLoader);
        this.checked = checkedPermissions;
        this.excludedPermissions = excludedPermissions;

        Authenticator authenticator = getAuthenticator();
        if (authenticator instanceof FormAuthenticator) {
            String formLoginPath = ((FormAuthenticator) authenticator).getLoginPage();
            if (formLoginPath.indexOf('?') > 0) {
                formLoginPath = formLoginPath.substring(0, formLoginPath.indexOf('?'));
            }
View Full Code Here
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
            Response response, WebResourcePermission resourcePermission,
            WebUserDataPermission dataPermission) throws IOException {
        boolean unauthenticated = !(checked.implies(resourcePermission) || checked.implies(dataPermission));
        boolean forbidden = excludedPermissions.implies(resourcePermission) || excludedPermissions.implies(dataPermission);

        Authenticator authenticator = getAuthenticator();
        if (!unauthenticated && !forbidden) {
            return authenticator.authenticate(realm, pathInContext, request,
                    response);
        } else if (authenticator instanceof FormAuthenticator
                && pathInContext.endsWith(FormAuthenticator.__J_SECURITY_CHECK)) {
            /**
             * This could be a post request to __J_SECURITY_CHECK.
             */
            return authenticator.authenticate(realm, pathInContext, request,
                    response);
        }

        // attempt to access an unprotected resource that is not the
        // j_security_check.
        // if we are logged in, return the logged in principal.
        if (request != null) {
            // null response appears to prevent redirect to login page
            Principal user = authenticator.authenticate(realm, pathInContext,
                    request, null);
            if (user != null) {
                return user;
            }
        }
View Full Code Here
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
        if (_userPrincipal != null && _userPrincipal instanceof SecurityHandler.NotChecked)
        {
            SecurityHandler.NotChecked not_checked=(SecurityHandler.NotChecked)_userPrincipal;
            _userPrincipal = SecurityHandler.__NO_USER;
           
            Authenticator auth=not_checked.getSecurityHandler().getAuthenticator();
            UserRealm realm=not_checked.getSecurityHandler().getUserRealm();
            String pathInContext=getPathInfo()==null?getServletPath():(getServletPath()+getPathInfo());
           
            if (realm != null && auth != null)
            {
                try
                {
                    auth.authenticate(realm, pathInContext, this, null);
                }
                catch (Exception e)
                {
                    Log.ignore(e);
                }
View Full Code Here
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
        if (_userPrincipal != null && _userPrincipal instanceof SecurityHandler.NotChecked)
        {
            SecurityHandler.NotChecked not_checked=(SecurityHandler.NotChecked)_userPrincipal;
            _userPrincipal = SecurityHandler.__NO_USER;
           
            Authenticator auth=not_checked.getSecurityHandler().getAuthenticator();
            UserRealm realm=not_checked.getSecurityHandler().getUserRealm();
            String pathInContext=getPathInfo()==null?getServletPath():(getServletPath()+getPathInfo());
           
            if (realm != null && auth != null)
            {
                try
                {
                    auth.authenticate(realm, pathInContext, this, null);
                }
                catch (Exception e)
                {
                    Log.ignore(e);
                }
View Full Code Here
861
862
863
864
865
866
867
868
869
870
871
    {
        XmlParser.Node method=node.get("auth-method");
        FormAuthenticator _formAuthenticator=null;
        if(method!=null)
        {
            Authenticator authenticator=null;
            String m=method.toString(false,true);
            if(Constraint.__FORM_AUTH.equals(m))
                authenticator=_formAuthenticator=new FormAuthenticator();
            else if(Constraint.__BASIC_AUTH.equals(m))
                authenticator=new BasicAuthenticator();
View Full Code Here
860
861
862
863
864
865
866
867
868
869
870
    {
        XmlParser.Node method=node.get("auth-method");
        FormAuthenticator _formAuthenticator=null;
        if(method!=null)
        {
            Authenticator authenticator=null;
            String m=method.toString(false,true);
            if(Constraint.__FORM_AUTH.equals(m))
                authenticator=_formAuthenticator=new FormAuthenticator();
            else if(Constraint.__BASIC_AUTH.equals(m))
                authenticator=new BasicAuthenticator();
View Full Code Here
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
        if (_userPrincipal != null && _userPrincipal instanceof SecurityHandler.NotChecked)
        {
            SecurityHandler.NotChecked not_checked=(SecurityHandler.NotChecked)_userPrincipal;
            _userPrincipal = SecurityHandler.__NO_USER;
           
            Authenticator auth=not_checked.getSecurityHandler().getAuthenticator();
            UserRealm realm=not_checked.getSecurityHandler().getUserRealm();
            String pathInContext=getPathInfo()==null?getServletPath():(getServletPath()+getPathInfo());
           
            if (realm != null && auth != null)
            {
                try
                {
                    auth.authenticate(realm, pathInContext, this, null);
                }
                catch (Exception e)
                {
                    Log.ignore(e);
                }
View Full Code Here
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
        if (_userPrincipal != null && _userPrincipal instanceof SecurityHandler.NotChecked)
        {
            SecurityHandler.NotChecked not_checked=(SecurityHandler.NotChecked)_userPrincipal;
            _userPrincipal = SecurityHandler.__NO_USER;
           
            Authenticator auth=not_checked.getSecurityHandler().getAuthenticator();
            UserRealm realm=not_checked.getSecurityHandler().getUserRealm();
            String pathInContext=getPathInfo()==null?getServletPath():(getServletPath()+getPathInfo());
           
            if (realm != null && auth != null)
            {
                try
                {
                    auth.authenticate(realm, pathInContext, this, null);
                }
                catch (Exception e)
                {
                    Log.ignore(e);
                }
View Full Code Here
79
80
81
82
83
84
85
86
87
88
89
        this.defaultPrincipal = generateDefaultPrincipal(defaultPrincipal,classLoader);
        this.checked = checkedPermissions;
        this.excludedPermissions = excludedPermissions;

        Authenticator authenticator = getAuthenticator();
        if (authenticator instanceof FormAuthenticator) {
            String formLoginPath = ((FormAuthenticator) authenticator).getLoginPage();
            if (formLoginPath.indexOf('?') > 0) {
                formLoginPath = formLoginPath.substring(0, formLoginPath.indexOf('?'));
            }
View Full Code Here
TOP

Related Classes of org.mortbay.jetty.security.Authenticator

  • org.apache.geronimo.jetty6.handler.JettySecurityHandler
  • org.mortbay.jetty.Request
  • org.mortbay.jetty.webapp.WebXmlConfiguration
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.