//
// ========================================================================
// Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd.
// ------------------------------------------------------------------------
// All rights reserved. This program and the accompanying materials
// are made available under the terms of the Eclipse Public License v1.0
// and Apache License v2.0 which accompanies this distribution.
//
// The Eclipse Public License is available at
// http://www.eclipse.org/legal/epl-v10.html
//
// The Apache License v2.0 is available at
// http://www.opensource.org/licenses/apache2.0.php
//
// You may elect to redistribute this code under either of these licenses.
// ========================================================================
//
package org.eclipse.jetty.security;
import java.io.IOException;
import java.io.Serializable;
import java.security.Principal;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import javax.security.auth.Subject;
import org.eclipse.jetty.server.UserIdentity;
import org.eclipse.jetty.util.component.AbstractLifeCycle;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.log.Logger;
import org.eclipse.jetty.util.security.Credential;
/* ------------------------------------------------------------ */
/**
* A login service that keeps UserIdentities in a concurrent map
* either as the source or a cache of the users.
*
*/
public abstract class MappedLoginService extends AbstractLifeCycle implements LoginService
{
private static final Logger LOG = Log.getLogger(MappedLoginService.class);
protected IdentityService _identityService=new DefaultIdentityService();
protected String _name;
protected final ConcurrentMap<String, UserIdentity> _users=new ConcurrentHashMap<String, UserIdentity>();
/* ------------------------------------------------------------ */
protected MappedLoginService()
{
}
/* ------------------------------------------------------------ */
/** Get the name.
* @return the name
*/
public String getName()
{
return _name;
}
/* ------------------------------------------------------------ */
/** Get the identityService.
* @return the identityService
*/
public IdentityService getIdentityService()
{
return _identityService;
}
/* ------------------------------------------------------------ */
/** Get the users.
* @return the users
*/
public ConcurrentMap<String, UserIdentity> getUsers()
{
return _users;
}
/* ------------------------------------------------------------ */
/** Set the identityService.
* @param identityService the identityService to set
*/
public void setIdentityService(IdentityService identityService)
{
if (isRunning())
throw new IllegalStateException("Running");
_identityService = identityService;
}
/* ------------------------------------------------------------ */
/** Set the name.
* @param name the name to set
*/
public void setName(String name)
{
if (isRunning())
throw new IllegalStateException("Running");
_name = name;
}
/* ------------------------------------------------------------ */
/** Set the users.
* @param users the users to set
*/
public void setUsers(Map<String, UserIdentity> users)
{
if (isRunning())
throw new IllegalStateException("Running");
_users.clear();
_users.putAll(users);
}
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.util.component.AbstractLifeCycle#doStart()
*/
@Override
protected void doStart() throws Exception
{
loadUsers();
super.doStart();
}
/* ------------------------------------------------------------ */
@Override
protected void doStop() throws Exception
{
super.doStop();
}
/* ------------------------------------------------------------ */
public void logout(UserIdentity identity)
{
LOG.debug("logout {}",identity);
}
/* ------------------------------------------------------------ */
@Override
public String toString()
{
return this.getClass().getSimpleName()+"["+_name+"]";
}
/* ------------------------------------------------------------ */
/** Put user into realm.
* Called by implementations to put the user data loaded from
* file/db etc into the user structure.
* @param userName User name
* @param info a UserIdentity instance, or a String password or Credential instance
* @return User instance
*/
protected synchronized UserIdentity putUser(String userName, Object info)
{
final UserIdentity identity;
if (info instanceof UserIdentity)
identity=(UserIdentity)info;
else
{
Credential credential = (info instanceof Credential)?(Credential)info:Credential.getCredential(info.toString());
Principal userPrincipal = new KnownUser(userName,credential);
Subject subject = new Subject();
subject.getPrincipals().add(userPrincipal);
subject.getPrivateCredentials().add(credential);
subject.setReadOnly();
identity=_identityService.newUserIdentity(subject,userPrincipal,IdentityService.NO_ROLES);
}
_users.put(userName,identity);
return identity;
}
/* ------------------------------------------------------------ */
/** Put user into realm.
* @param userName The user to add
* @param credential The users Credentials
* @param roles The users roles
* @return UserIdentity
*/
public synchronized UserIdentity putUser(String userName, Credential credential, String[] roles)
{
Principal userPrincipal = new KnownUser(userName,credential);
Subject subject = new Subject();
subject.getPrincipals().add(userPrincipal);
subject.getPrivateCredentials().add(credential);
if (roles!=null)
for (String role : roles)
subject.getPrincipals().add(new RolePrincipal(role));
subject.setReadOnly();
UserIdentity identity=_identityService.newUserIdentity(subject,userPrincipal,roles);
_users.put(userName,identity);
return identity;
}
/* ------------------------------------------------------------ */
public void removeUser(String username)
{
_users.remove(username);
}
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.security.LoginService#login(java.lang.String, java.lang.Object)
*/
public UserIdentity login(String username, Object credentials)
{
if (username == null)
return null;
UserIdentity user = _users.get(username);
if (user==null)
user = loadUser(username);
if (user!=null)
{
UserPrincipal principal = (UserPrincipal)user.getUserPrincipal();
if (principal.authenticate(credentials))
return user;
}
return null;
}
/* ------------------------------------------------------------ */
public boolean validate(UserIdentity user)
{
if (_users.containsKey(user.getUserPrincipal().getName()))
return true;
if (loadUser(user.getUserPrincipal().getName())!=null)
return true;
return false;
}
/* ------------------------------------------------------------ */
protected abstract UserIdentity loadUser(String username);
/* ------------------------------------------------------------ */
protected abstract void loadUsers() throws IOException;
/* ------------------------------------------------------------ */
/* ------------------------------------------------------------ */
/* ------------------------------------------------------------ */
public interface UserPrincipal extends Principal,Serializable
{
boolean authenticate(Object credentials);
public boolean isAuthenticated();
}
/* ------------------------------------------------------------ */
/* ------------------------------------------------------------ */
/* ------------------------------------------------------------ */
public static class RolePrincipal implements Principal,Serializable
{
private static final long serialVersionUID = 2998397924051854402L;
private final String _roleName;
public RolePrincipal(String name)
{
_roleName=name;
}
public String getName()
{
return _roleName;
}
}
/* ------------------------------------------------------------ */
/* ------------------------------------------------------------ */
/* ------------------------------------------------------------ */
public static class Anonymous implements UserPrincipal,Serializable
{
private static final long serialVersionUID = 1097640442553284845L;
public boolean isAuthenticated()
{
return false;
}
public String getName()
{
return "Anonymous";
}
public boolean authenticate(Object credentials)
{
return false;
}
}
/* ------------------------------------------------------------ */
/* ------------------------------------------------------------ */
/* ------------------------------------------------------------ */
public static class KnownUser implements UserPrincipal,Serializable
{
private static final long serialVersionUID = -6226920753748399662L;
private final String _name;
private final Credential _credential;
/* -------------------------------------------------------- */
public KnownUser(String name,Credential credential)
{
_name=name;
_credential=credential;
}
/* -------------------------------------------------------- */
public boolean authenticate(Object credentials)
{
return _credential!=null && _credential.check(credentials);
}
/* ------------------------------------------------------------ */
public String getName()
{
return _name;
}
/* -------------------------------------------------------- */
public boolean isAuthenticated()
{
return true;
}
/* -------------------------------------------------------- */
@Override
public String toString()
{
return _name;
}
}
}