View Javadoc
1   /*
2    * Copyright 2013–2019 Michael Osipov
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package net.sf.michaelo.tomcat.realm;
17  
18  import java.security.Principal;
19  
20  import org.apache.catalina.realm.UserDatabaseRealm;
21  import org.apache.juli.logging.Log;
22  import org.apache.juli.logging.LogFactory;
23  import org.apache.tomcat.util.res.StringManager;
24  import org.ietf.jgss.GSSContext;
25  import org.ietf.jgss.GSSCredential;
26  import org.ietf.jgss.GSSException;
27  import org.ietf.jgss.GSSName;
28  
29  /**
30   * A GSS-aware {@link UserDatabaseRealm}.
31   *
32   * @version $Id: GSSUserDatabaseRealm.java 317 2019-03-09 21:26:28Z michael-o $
33   */
34  public class GSSUserDatabaseRealm extends UserDatabaseRealm implements GSSRealm {
35  
36  	protected final Log logger = LogFactory.getLog(getClass());
37  	protected final StringManager sm = StringManager.getManager(getClass());
38  
39  	/**
40  	 * Descriptive information about this Realm implementation.
41  	 */
42  	protected static final String name = "GSSUserDatabaseRealm";
43  
44  	@Override
45  	protected String getName() {
46  		return name;
47  	}
48  
49  	public Principal authenticate(GSSName gssName, GSSCredential gssCredential) {
50  		return getPrincipal(String.valueOf(gssName), gssCredential);
51  	}
52  
53  	@Override
54  	public Principal authenticate(GSSContext gssContext, boolean storeCreds) {
55  		if (gssContext.isEstablished()) {
56  			GSSName gssName = null;
57  			try {
58  				gssName = gssContext.getSrcName();
59  			} catch (GSSException e) {
60  				logger.error(sm.getString("activeDirectoryRealm.gssNameFailed"), e);
61  			}
62  
63  			if (gssName != null) {
64  				GSSCredential gssCredential = null;
65  				if (storeCreds) {
66  					if (gssContext.getCredDelegState()) {
67  						try {
68  							gssCredential = gssContext.getDelegCred();
69  						} catch (GSSException e) {
70  							logger.warn(sm.getString(
71  									"activeDirectoryRealm.delegatedCredentialFailed", gssName), e);
72  						}
73  					} else {
74  						if (logger.isDebugEnabled())
75  							logger.debug(sm.getString(
76  									"activeDirectoryRealm.credentialNotDelegable", gssName));
77  					}
78  				}
79  
80  				return getPrincipal(String.valueOf(gssName), gssCredential);
81  			}
82  		} else
83  			logger.error(sm.getString("activeDirectoryRealm.securityContextNotEstablished"));
84  
85  		return null;
86  	}
87  
88  }