1
2
3
4
5
6
7
8
9
10
11
12
13
14 package waffle.apache;
15
16 import java.io.IOException;
17 import java.security.Principal;
18 import java.util.Arrays;
19 import java.util.LinkedHashSet;
20 import java.util.Locale;
21 import java.util.Set;
22
23 import javax.servlet.ServletException;
24 import javax.servlet.http.HttpServletResponse;
25
26 import org.apache.catalina.authenticator.AuthenticatorBase;
27 import org.apache.catalina.connector.Request;
28 import org.slf4j.Logger;
29
30 import waffle.windows.auth.IWindowsAuthProvider;
31 import waffle.windows.auth.IWindowsIdentity;
32 import waffle.windows.auth.PrincipalFormat;
33 import waffle.windows.auth.impl.WindowsAuthProviderImpl;
34
35
36
37
38
39
40 abstract class WaffleAuthenticatorBase extends AuthenticatorBase {
41
42
43 private static final Set<String> SUPPORTED_PROTOCOLS = new LinkedHashSet<String>(Arrays.asList("Negotiate", "NTLM"));
44
45
46 protected String info;
47
48
49 protected Logger log;
50
51
52 protected PrincipalFormat principalFormat = PrincipalFormat.FQN;
53
54
55 protected PrincipalFormat roleFormat = PrincipalFormat.FQN;
56
57
58 protected boolean allowGuestLogin = true;
59
60
61 protected Set<String> protocols = WaffleAuthenticatorBase.SUPPORTED_PROTOCOLS;
62
63
64 protected IWindowsAuthProvider auth = new WindowsAuthProviderImpl();
65
66
67
68
69
70
71 public IWindowsAuthProvider getAuth() {
72 return this.auth;
73 }
74
75
76
77
78
79
80
81 public void setAuth(final IWindowsAuthProvider provider) {
82 this.auth = provider;
83 }
84
85
86
87
88
89
90 public String getInfo() {
91 return this.info;
92 }
93
94
95
96
97
98
99
100 public void setPrincipalFormat(final String format) {
101 this.principalFormat = PrincipalFormat.valueOf(format.toUpperCase(Locale.ENGLISH));
102 this.log.debug("principal format: {}", this.principalFormat);
103 }
104
105
106
107
108
109
110 public PrincipalFormat getPrincipalFormat() {
111 return this.principalFormat;
112 }
113
114
115
116
117
118
119
120 public void setRoleFormat(final String format) {
121 this.roleFormat = PrincipalFormat.valueOf(format.toUpperCase(Locale.ENGLISH));
122 this.log.debug("role format: {}", this.roleFormat);
123 }
124
125
126
127
128
129
130 public PrincipalFormat getRoleFormat() {
131 return this.roleFormat;
132 }
133
134
135
136
137
138
139 public boolean isAllowGuestLogin() {
140 return this.allowGuestLogin;
141 }
142
143
144
145
146
147
148
149
150 public void setAllowGuestLogin(final boolean value) {
151 this.allowGuestLogin = value;
152 }
153
154
155
156
157
158
159
160 public void setProtocols(final String value) {
161 this.protocols = new LinkedHashSet<String>();
162 final String[] protocolNames = value.split(",");
163 for (String protocolName : protocolNames) {
164 protocolName = protocolName.trim();
165 if (!protocolName.isEmpty()) {
166 this.log.debug("init protocol: {}", protocolName);
167 if (WaffleAuthenticatorBase.SUPPORTED_PROTOCOLS.contains(protocolName)) {
168 this.protocols.add(protocolName);
169 } else {
170 this.log.error("unsupported protocol: {}", protocolName);
171 throw new RuntimeException("Unsupported protocol: " + protocolName);
172 }
173 }
174 }
175 }
176
177
178
179
180
181
182
183 protected void sendUnauthorized(final HttpServletResponse response) {
184 try {
185 for (final String protocol : this.protocols) {
186 response.addHeader("WWW-Authenticate", protocol);
187 }
188 response.setHeader("Connection", "close");
189 response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
190 response.flushBuffer();
191 } catch (final IOException e) {
192 throw new RuntimeException(e);
193 }
194 }
195
196
197
198
199
200
201
202
203
204 protected void sendError(final HttpServletResponse response, final int code) {
205 try {
206 response.sendError(code);
207 } catch (final IOException e) {
208 this.log.error(e.getMessage());
209 this.log.trace("{}", e);
210 throw new RuntimeException(e);
211 }
212 }
213
214
215
216
217 @Override
218 protected String getAuthMethod() {
219 return null;
220 }
221
222
223
224
225 @Override
226 protected Principal doLogin(final Request request, final String username, final String password)
227 throws ServletException {
228 this.log.debug("logging in: {}", username);
229 IWindowsIdentity windowsIdentity;
230 try {
231 windowsIdentity = this.auth.logonUser(username, password);
232 } catch (final Exception e) {
233 this.log.error(e.getMessage());
234 this.log.trace("{}", e);
235 return super.doLogin(request, username, password);
236 }
237
238 if (!this.allowGuestLogin && windowsIdentity.isGuest()) {
239 this.log.warn("guest login disabled: {}", windowsIdentity.getFqn());
240 return super.doLogin(request, username, password);
241 }
242 try {
243 this.log.debug("successfully logged in {} ({})", username, windowsIdentity.getSidString());
244 final GenericWindowsPrincipal windowsPrincipal = new GenericWindowsPrincipal(windowsIdentity,
245 this.principalFormat, this.roleFormat);
246 this.log.debug("roles: {}", windowsPrincipal.getRolesString());
247 return windowsPrincipal;
248 } finally {
249 windowsIdentity.dispose();
250 }
251 }
252
253 }