DefaultAuthenticatorFactory.java revision 03928aee4356845252ac6b662d5c72c29903813e
103928aee4356845252ac6b662d5c72c29903813eJake Slack// 203928aee4356845252ac6b662d5c72c29903813eJake Slack// ======================================================================== 303928aee4356845252ac6b662d5c72c29903813eJake Slack// Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd. 403928aee4356845252ac6b662d5c72c29903813eJake Slack// ------------------------------------------------------------------------ 503928aee4356845252ac6b662d5c72c29903813eJake Slack// All rights reserved. This program and the accompanying materials 603928aee4356845252ac6b662d5c72c29903813eJake Slack// are made available under the terms of the Eclipse Public License v1.0 703928aee4356845252ac6b662d5c72c29903813eJake Slack// and Apache License v2.0 which accompanies this distribution. 803928aee4356845252ac6b662d5c72c29903813eJake Slack// 903928aee4356845252ac6b662d5c72c29903813eJake Slack// The Eclipse Public License is available at 1003928aee4356845252ac6b662d5c72c29903813eJake Slack// http://www.eclipse.org/legal/epl-v10.html 1103928aee4356845252ac6b662d5c72c29903813eJake Slack// 1203928aee4356845252ac6b662d5c72c29903813eJake Slack// The Apache License v2.0 is available at 1303928aee4356845252ac6b662d5c72c29903813eJake Slack// http://www.opensource.org/licenses/apache2.0.php 1403928aee4356845252ac6b662d5c72c29903813eJake Slack// 1503928aee4356845252ac6b662d5c72c29903813eJake Slack// You may elect to redistribute this code under either of these licenses. 1603928aee4356845252ac6b662d5c72c29903813eJake Slack// ======================================================================== 1703928aee4356845252ac6b662d5c72c29903813eJake Slack// 1803928aee4356845252ac6b662d5c72c29903813eJake Slack 1903928aee4356845252ac6b662d5c72c29903813eJake Slackpackage org.eclipse.jetty.security; 2003928aee4356845252ac6b662d5c72c29903813eJake Slack 2103928aee4356845252ac6b662d5c72c29903813eJake Slackimport javax.servlet.ServletContext; 2203928aee4356845252ac6b662d5c72c29903813eJake Slack 2303928aee4356845252ac6b662d5c72c29903813eJake Slackimport org.eclipse.jetty.security.Authenticator.AuthConfiguration; 2403928aee4356845252ac6b662d5c72c29903813eJake Slackimport org.eclipse.jetty.security.authentication.BasicAuthenticator; 2503928aee4356845252ac6b662d5c72c29903813eJake Slackimport org.eclipse.jetty.security.authentication.ClientCertAuthenticator; 2603928aee4356845252ac6b662d5c72c29903813eJake Slackimport org.eclipse.jetty.security.authentication.DigestAuthenticator; 2703928aee4356845252ac6b662d5c72c29903813eJake Slackimport org.eclipse.jetty.security.authentication.FormAuthenticator; 2803928aee4356845252ac6b662d5c72c29903813eJake Slackimport org.eclipse.jetty.security.authentication.SpnegoAuthenticator; 2903928aee4356845252ac6b662d5c72c29903813eJake Slackimport org.eclipse.jetty.server.Server; 3003928aee4356845252ac6b662d5c72c29903813eJake Slackimport org.eclipse.jetty.util.security.Constraint; 3103928aee4356845252ac6b662d5c72c29903813eJake Slack 3203928aee4356845252ac6b662d5c72c29903813eJake Slack/* ------------------------------------------------------------ */ 3303928aee4356845252ac6b662d5c72c29903813eJake Slack/** 3403928aee4356845252ac6b662d5c72c29903813eJake Slack * The Default Authenticator Factory. 3503928aee4356845252ac6b662d5c72c29903813eJake Slack * Uses the {@link AuthConfiguration#getAuthMethod()} to select an {@link Authenticator} from: <ul> 3603928aee4356845252ac6b662d5c72c29903813eJake Slack * <li>{@link org.eclipse.jetty.security.authentication.BasicAuthenticator}</li> 3703928aee4356845252ac6b662d5c72c29903813eJake Slack * <li>{@link org.eclipse.jetty.security.authentication.DigestAuthenticator}</li> 3803928aee4356845252ac6b662d5c72c29903813eJake Slack * <li>{@link org.eclipse.jetty.security.authentication.FormAuthenticator}</li> 3903928aee4356845252ac6b662d5c72c29903813eJake Slack * <li>{@link org.eclipse.jetty.security.authentication.ClientCertAuthenticator}</li> 4003928aee4356845252ac6b662d5c72c29903813eJake Slack * </ul> 4103928aee4356845252ac6b662d5c72c29903813eJake Slack * All authenticators derived from {@link org.eclipse.jetty.security.authentication.LoginAuthenticator} are 4203928aee4356845252ac6b662d5c72c29903813eJake Slack * wrapped with a {@link org.eclipse.jetty.security.authentication.DeferredAuthentication} 4303928aee4356845252ac6b662d5c72c29903813eJake Slack * instance, which is used if authentication is not mandatory. 4403928aee4356845252ac6b662d5c72c29903813eJake Slack * 4503928aee4356845252ac6b662d5c72c29903813eJake Slack * The Authentications from the {@link org.eclipse.jetty.security.authentication.FormAuthenticator} are always wrapped in a 4603928aee4356845252ac6b662d5c72c29903813eJake Slack * {@link org.eclipse.jetty.security.authentication.SessionAuthentication} 4703928aee4356845252ac6b662d5c72c29903813eJake Slack * <p> 4803928aee4356845252ac6b662d5c72c29903813eJake Slack * If a {@link LoginService} has not been set on this factory, then 4903928aee4356845252ac6b662d5c72c29903813eJake Slack * the service is selected by searching the {@link Server#getBeans(Class)} results for 5003928aee4356845252ac6b662d5c72c29903813eJake Slack * a service that matches the realm name, else the first LoginService found is used. 5103928aee4356845252ac6b662d5c72c29903813eJake Slack * 5203928aee4356845252ac6b662d5c72c29903813eJake Slack */ 5303928aee4356845252ac6b662d5c72c29903813eJake Slackpublic class DefaultAuthenticatorFactory implements Authenticator.Factory 5403928aee4356845252ac6b662d5c72c29903813eJake Slack{ 5503928aee4356845252ac6b662d5c72c29903813eJake Slack LoginService _loginService; 5603928aee4356845252ac6b662d5c72c29903813eJake Slack 5703928aee4356845252ac6b662d5c72c29903813eJake Slack public Authenticator getAuthenticator(Server server, ServletContext context, AuthConfiguration configuration, IdentityService identityService, LoginService loginService) 5803928aee4356845252ac6b662d5c72c29903813eJake Slack { 5903928aee4356845252ac6b662d5c72c29903813eJake Slack String auth=configuration.getAuthMethod(); 6003928aee4356845252ac6b662d5c72c29903813eJake Slack Authenticator authenticator=null; 6103928aee4356845252ac6b662d5c72c29903813eJake Slack 6203928aee4356845252ac6b662d5c72c29903813eJake Slack if (auth==null || Constraint.__BASIC_AUTH.equalsIgnoreCase(auth)) 6303928aee4356845252ac6b662d5c72c29903813eJake Slack authenticator=new BasicAuthenticator(); 6403928aee4356845252ac6b662d5c72c29903813eJake Slack else if (Constraint.__DIGEST_AUTH.equalsIgnoreCase(auth)) 6503928aee4356845252ac6b662d5c72c29903813eJake Slack authenticator=new DigestAuthenticator(); 6603928aee4356845252ac6b662d5c72c29903813eJake Slack else if (Constraint.__FORM_AUTH.equalsIgnoreCase(auth)) 6703928aee4356845252ac6b662d5c72c29903813eJake Slack authenticator=new FormAuthenticator(); 6803928aee4356845252ac6b662d5c72c29903813eJake Slack else if ( Constraint.__SPNEGO_AUTH.equalsIgnoreCase(auth) ) 6903928aee4356845252ac6b662d5c72c29903813eJake Slack authenticator = new SpnegoAuthenticator(); 7003928aee4356845252ac6b662d5c72c29903813eJake Slack else if ( Constraint.__NEGOTIATE_AUTH.equalsIgnoreCase(auth) ) // see Bug #377076 7103928aee4356845252ac6b662d5c72c29903813eJake Slack authenticator = new SpnegoAuthenticator(Constraint.__NEGOTIATE_AUTH); 7203928aee4356845252ac6b662d5c72c29903813eJake Slack if (Constraint.__CERT_AUTH.equalsIgnoreCase(auth)||Constraint.__CERT_AUTH2.equalsIgnoreCase(auth)) 7303928aee4356845252ac6b662d5c72c29903813eJake Slack authenticator=new ClientCertAuthenticator(); 7403928aee4356845252ac6b662d5c72c29903813eJake Slack 7503928aee4356845252ac6b662d5c72c29903813eJake Slack return authenticator; 7603928aee4356845252ac6b662d5c72c29903813eJake Slack } 7703928aee4356845252ac6b662d5c72c29903813eJake Slack 7803928aee4356845252ac6b662d5c72c29903813eJake Slack /* ------------------------------------------------------------ */ 7903928aee4356845252ac6b662d5c72c29903813eJake Slack /** 8003928aee4356845252ac6b662d5c72c29903813eJake Slack * @return the loginService 8103928aee4356845252ac6b662d5c72c29903813eJake Slack */ 8203928aee4356845252ac6b662d5c72c29903813eJake Slack public LoginService getLoginService() 8303928aee4356845252ac6b662d5c72c29903813eJake Slack { 8403928aee4356845252ac6b662d5c72c29903813eJake Slack return _loginService; 8503928aee4356845252ac6b662d5c72c29903813eJake Slack } 8603928aee4356845252ac6b662d5c72c29903813eJake Slack 8703928aee4356845252ac6b662d5c72c29903813eJake Slack /* ------------------------------------------------------------ */ 8803928aee4356845252ac6b662d5c72c29903813eJake Slack /** 8903928aee4356845252ac6b662d5c72c29903813eJake Slack * @param loginService the loginService to set 9003928aee4356845252ac6b662d5c72c29903813eJake Slack */ 9103928aee4356845252ac6b662d5c72c29903813eJake Slack public void setLoginService(LoginService loginService) 9203928aee4356845252ac6b662d5c72c29903813eJake Slack { 9303928aee4356845252ac6b662d5c72c29903813eJake Slack _loginService = loginService; 9403928aee4356845252ac6b662d5c72c29903813eJake Slack } 9503928aee4356845252ac6b662d5c72c29903813eJake Slack 9603928aee4356845252ac6b662d5c72c29903813eJake Slack} 97