[jboss-cvs] JBossAS SVN: r109519 - in projects/security/security-negotiation/trunk: jboss-negotiation-toolkit/src/main/webapp and 1 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Sun Nov 28 07:58:56 EST 2010
Author: darran.lofthouse at jboss.com
Date: 2010-11-28 07:58:55 -0500 (Sun, 28 Nov 2010)
New Revision: 109519
Added:
projects/security/security-negotiation/trunk/jboss-negotiation-toolkit/src/main/webapp/error.html
projects/security/security-negotiation/trunk/jboss-negotiation-toolkit/src/main/webapp/login.html
Modified:
projects/security/security-negotiation/trunk/jboss-negotiation-common/src/main/java/org/jboss/security/negotiation/NegotiationAuthenticator.java
projects/security/security-negotiation/trunk/jboss-negotiation-toolkit/src/main/webapp/WEB-INF/web.xml
Log:
[SECURITY-141] Fallback to FORM authentication if SPNEGO not available.
If a <form-login-config> is defined for the web application the login page will also
be sent with the challenge for SPNEGO.
Modified: projects/security/security-negotiation/trunk/jboss-negotiation-common/src/main/java/org/jboss/security/negotiation/NegotiationAuthenticator.java
===================================================================
--- projects/security/security-negotiation/trunk/jboss-negotiation-common/src/main/java/org/jboss/security/negotiation/NegotiationAuthenticator.java 2010-11-27 19:13:28 UTC (rev 109518)
+++ projects/security/security-negotiation/trunk/jboss-negotiation-common/src/main/java/org/jboss/security/negotiation/NegotiationAuthenticator.java 2010-11-28 12:58:55 UTC (rev 109519)
@@ -22,27 +22,34 @@
*/
package org.jboss.security.negotiation;
+import static org.apache.catalina.authenticator.Constants.FORM_ACTION;
+import static org.apache.catalina.authenticator.Constants.FORM_PASSWORD;
+import static org.apache.catalina.authenticator.Constants.FORM_PRINCIPAL_NOTE;
+import static org.apache.catalina.authenticator.Constants.FORM_USERNAME;
+import static org.apache.catalina.authenticator.Constants.SESS_PASSWORD_NOTE;
+import static org.apache.catalina.authenticator.Constants.SESS_USERNAME_NOTE;
+
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.Principal;
+import javax.servlet.RequestDispatcher;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.Realm;
import org.apache.catalina.Session;
-import org.apache.catalina.authenticator.AuthenticatorBase;
+import org.apache.catalina.authenticator.FormAuthenticator;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
-
import org.apache.catalina.deploy.LoginConfig;
import org.apache.log4j.Logger;
import org.jboss.security.negotiation.common.MessageTrace;
import org.jboss.security.negotiation.common.NegotiationContext;
import org.jboss.util.Base64;
-
-
/**
* An authenticator to manage Negotiation based authentication in connection with the
* Negotiation login module.
@@ -50,7 +57,7 @@
* @author darran.lofthouse at jboss.com
* @version $Revision$
*/
-public class NegotiationAuthenticator extends AuthenticatorBase
+public class NegotiationAuthenticator extends FormAuthenticator
{
private static final Logger log = Logger.getLogger(NegotiationAuthenticator.class);
@@ -59,6 +66,8 @@
private static final String NEGOTIATION_CONTEXT = "NEGOTIATION_CONTEXT";
+ private static final String FORM_METHOD = "FORM";
+
protected String getNegotiateScheme()
{
return NEGOTIATE;
@@ -80,6 +89,45 @@
return true;
}
+ String contextPath = request.getContextPath();
+ String requestURI = request.getDecodedRequestURI();
+ boolean loginAction = requestURI.startsWith(contextPath) && requestURI.endsWith(FORM_ACTION);
+ if (loginAction)
+ {
+ Realm realm = context.getRealm();
+ String username = request.getParameter(FORM_USERNAME);
+ String password = request.getParameter(FORM_PASSWORD);
+ principal = realm.authenticate(username, password);
+ if (principal == null)
+ {
+ RequestDispatcher disp = context.getServletContext().getRequestDispatcher(config.getErrorPage());
+ try
+ {
+ disp.forward(request.getRequest(), response);
+ }
+ catch (ServletException e)
+ {
+ IOException ex = new IOException("Unable to forward to error page.");
+ ex.initCause(e);
+
+ throw ex;
+ }
+ return false;
+ }
+
+ Session session = request.getSessionInternal();
+ requestURI = savedRequestURL(session);
+
+ session.setNote(FORM_PRINCIPAL_NOTE, principal);
+ session.setNote(SESS_USERNAME_NOTE, username);
+ session.setNote(SESS_PASSWORD_NOTE, password);
+
+ register(request, response, principal, FORM_METHOD, username, password);
+ response.sendRedirect(response.encodeRedirectURL(requestURI));
+
+ return false;
+ }
+
String negotiateScheme = getNegotiateScheme();
if (DEBUG)
@@ -88,9 +136,8 @@
if (authHeader == null)
{
- log.debug("No Authorization Header, sending 401");
- response.setHeader("WWW-Authenticate", negotiateScheme);
- response.sendError(401);
+ log.debug("No Authorization Header, initiating negotiation");
+ initiateNegotiation(request, response, config);
return false;
}
@@ -175,4 +222,41 @@
return (principal != null);
}
+
+ private void initiateNegotiation(final Request request, final HttpServletResponse response, final LoginConfig config)
+ throws IOException
+ {
+ String loginPage = config.getLoginPage();
+ if (loginPage != null)
+ {
+ // TODO - Logic to cache and restore request.
+ ServletContext servletContext = context.getServletContext();
+ RequestDispatcher disp = servletContext.getRequestDispatcher(loginPage);
+
+ try
+ {
+ Session session = request.getSessionInternal();
+ saveRequest(request, session);
+
+ disp.include(request.getRequest(), response);
+ response.setHeader("WWW-Authenticate", getNegotiateScheme());
+ response.setStatus(Response.SC_UNAUTHORIZED);
+ }
+ catch (ServletException e)
+ {
+ IOException ex = new IOException("Unable to include loginPage");
+ ex.initCause(e);
+
+ throw ex;
+ }
+
+ }
+ else
+ {
+ response.setHeader("WWW-Authenticate", getNegotiateScheme());
+ response.sendError(Response.SC_UNAUTHORIZED);
+ }
+
+ response.flushBuffer();
+ }
}
Modified: projects/security/security-negotiation/trunk/jboss-negotiation-toolkit/src/main/webapp/WEB-INF/web.xml
===================================================================
--- projects/security/security-negotiation/trunk/jboss-negotiation-toolkit/src/main/webapp/WEB-INF/web.xml 2010-11-27 19:13:28 UTC (rev 109518)
+++ projects/security/security-negotiation/trunk/jboss-negotiation-toolkit/src/main/webapp/WEB-INF/web.xml 2010-11-28 12:58:55 UTC (rev 109519)
@@ -65,7 +65,11 @@
<login-config>
<auth-method>SPNEGO</auth-method>
- <realm-name>SPNEGO</realm-name>
+ <realm-name>SPNEGO</realm-name>
+ <form-login-config>
+ <form-login-page>/login.html</form-login-page>
+ <form-error-page>/error.html</form-error-page>
+ </form-login-config>
</login-config>
<security-role>
Copied: projects/security/security-negotiation/trunk/jboss-negotiation-toolkit/src/main/webapp/error.html (from rev 89298, projects/security/security-negotiation/branches/SECURITY-141/jboss-negotiation-toolkit/src/main/webapp/error.html)
===================================================================
--- projects/security/security-negotiation/trunk/jboss-negotiation-toolkit/src/main/webapp/error.html (rev 0)
+++ projects/security/security-negotiation/trunk/jboss-negotiation-toolkit/src/main/webapp/error.html 2010-11-28 12:58:55 UTC (rev 109519)
@@ -0,0 +1,13 @@
+<html>
+ <head>
+ <title>Error - Username/Password Failure</title>
+ </head>
+ <body>
+ <h1>Error - Username/Password Failure</h1>
+ <p>
+ If this error page is displayed the fallback to username/password
+ authentication failed, please check your server.log and update
+ your configuration accordingly.
+ </p>
+ </body>
+</html>
\ No newline at end of file
Copied: projects/security/security-negotiation/trunk/jboss-negotiation-toolkit/src/main/webapp/login.html (from rev 89298, projects/security/security-negotiation/branches/SECURITY-141/jboss-negotiation-toolkit/src/main/webapp/login.html)
===================================================================
--- projects/security/security-negotiation/trunk/jboss-negotiation-toolkit/src/main/webapp/login.html (rev 0)
+++ projects/security/security-negotiation/trunk/jboss-negotiation-toolkit/src/main/webapp/login.html 2010-11-28 12:58:55 UTC (rev 109519)
@@ -0,0 +1,31 @@
+<html>
+ <head>
+ <title>Form Authentication</title>
+ </head>
+ <body>
+ <h1>Form Authentication</h1>
+
+ <p>If this page is displayed your web broweser is not taking part in the
+ SPNEGO process, a username and password can be entered instead to fall
+ back to username/password authentication.</p>
+ <hr>
+ <p>
+ <form method=post action="j_security_check" >
+ <table>
+ <tr>
+ <td>Username</td><td>-</td>
+ <td><input type="text" name= "j_username" ></td>
+ </tr>
+ <tr>
+ <td>Password</td><td>-</td>
+ <td><input type="password" name= "j_password" ></td>
+ </tr>
+ <tr>
+ <td colspan="2"><input type="submit"></td>
+ </tr>
+ </table>
+ </form>
+ </p>
+ <hr>
+ </body>
+</html>
\ No newline at end of file
More information about the jboss-cvs-commits
mailing list