1 /**
2 * Waffle (https://github.com/dblock/waffle)
3 *
4 * Copyright (c) 2010 - 2015 Application Security, Inc.
5 *
6 * All rights reserved. This program and the accompanying materials
7 * are made available under the terms of the Eclipse Public License v1.0
8 * which accompanies this distribution, and is available at
9 * http://www.eclipse.org/legal/epl-v10.html
10 *
11 * Contributors:
12 * Application Security, Inc.
13 */
14 package waffle.shiro.negotiate;
15
16 /**
17 * Derived from net.skorgenes.security.jsecurity.negotiate.NegotiateToken.
18 * see: https://bitbucket.org/lothor/shiro-negotiate/src/7b25efde130b9cbcacf579b3f926c532d919aa23/src/main/java/net/skorgenes/security/jsecurity/negotiate/NegotiateAuthenticationFilter.java?at=default
19 *
20 * @author Dan Rollo
21 */
22 import javax.security.auth.Subject;
23
24 import org.apache.shiro.authc.AuthenticationInfo;
25 import org.apache.shiro.authc.HostAuthenticationToken;
26 import org.apache.shiro.authc.RememberMeAuthenticationToken;
27
28 /**
29 * An authentication token wrapping a Waffle Negotiate token.
30 *
31 * @author Dan Rollo
32 * @since 1.0.0
33 */
34 public class NegotiateToken implements HostAuthenticationToken, RememberMeAuthenticationToken {
35
36 /** The Constant serialVersionUID. */
37 private static final long serialVersionUID = 1345343228636916781L;
38
39 /** The in. */
40 private final byte[] in;
41
42 /** The out. */
43 private byte[] out;
44
45 /** The subject. */
46 private Subject subject;
47
48 /** The principal. */
49 private Object principal;
50
51 /** The connection id. */
52 private final String connectionId;
53
54 /** The security package. */
55 private final String securityPackage;
56
57 /** The ntlm post. */
58 private final boolean ntlmPost;
59
60 /**
61 * Whether or not 'rememberMe' should be enabled for the corresponding login attempt; default is <code>false</code>.
62 */
63 private final boolean rememberMe;
64
65 /**
66 * The location from where the login attempt occurs, or <code>null</code> if not known or explicitly omitted.
67 */
68 private final String host;
69
70 /**
71 * Instantiates a new negotiate token.
72 *
73 * @param newIn
74 * the new in
75 * @param newOut
76 * the new out
77 * @param newConnectionId
78 * the new connection id
79 * @param newSecurityPackage
80 * the new security package
81 * @param newNtlmPost
82 * the new ntlm post
83 * @param newRememberMe
84 * the new remember me
85 * @param newHost
86 * the new host
87 */
88 public NegotiateToken(final byte[] newIn, final byte[] newOut, final String newConnectionId,
89 final String newSecurityPackage, final boolean newNtlmPost, final boolean newRememberMe,
90 final String newHost) {
91 this.in = newIn;
92 this.out = newOut;
93 this.connectionId = newConnectionId;
94 this.securityPackage = newSecurityPackage;
95 this.ntlmPost = newNtlmPost;
96
97 this.rememberMe = newRememberMe;
98 this.host = newHost;
99 }
100
101 /**
102 * Gets the connection id.
103 *
104 * @return the connection id
105 */
106 public String getConnectionId() {
107 return this.connectionId;
108 }
109
110 /**
111 * Gets the security package.
112 *
113 * @return the security package
114 */
115 public String getSecurityPackage() {
116 return this.securityPackage;
117 }
118
119 /**
120 * Checks if is ntlm post.
121 *
122 * @return true, if is ntlm post
123 */
124 public boolean isNtlmPost() {
125 return this.ntlmPost;
126 }
127
128 /* (non-Javadoc)
129 * @see org.apache.shiro.authc.AuthenticationToken#getCredentials()
130 */
131 @Override
132 public Object getCredentials() {
133 return this.subject;
134 }
135
136 /* (non-Javadoc)
137 * @see org.apache.shiro.authc.AuthenticationToken#getPrincipal()
138 */
139 @Override
140 public Object getPrincipal() {
141 return this.principal;
142 }
143
144 /**
145 * Gets the out.
146 *
147 * @return the out
148 */
149 byte[] getOut() {
150 return this.out;
151 }
152
153 /**
154 * Sets the out.
155 *
156 * @param outToken
157 * the new out
158 */
159 public void setOut(final byte[] outToken) {
160 this.out = (outToken != null ? outToken.clone() : null);
161 }
162
163 /**
164 * Sets the subject.
165 *
166 * @param value
167 * the new subject
168 */
169 public void setSubject(final Subject value) {
170 this.subject = value;
171 }
172
173 /**
174 * Gets the in.
175 *
176 * @return the in
177 */
178 public byte[] getIn() {
179 return this.in.clone();
180 }
181
182 /**
183 * Gets the subject.
184 *
185 * @return the subject
186 */
187 public Subject getSubject() {
188 return this.subject;
189 }
190
191 /**
192 * Creates the info.
193 *
194 * @return the authentication info
195 */
196 public AuthenticationInfo createInfo() {
197 return new NegotiateInfo(this.subject, "NegotiateWaffleRealm");
198 }
199
200 /**
201 * Sets the principal.
202 *
203 * @param value
204 * the new principal
205 */
206 public void setPrincipal(final Object value) {
207 this.principal = value;
208 }
209
210 /**
211 * Returns <tt>true</tt> if the submitting user wishes their identity (principal(s)) to be remembered across
212 * sessions, <tt>false</tt> otherwise. Unless overridden, this value is <tt>false</tt> by default.
213 *
214 * @return <tt>true</tt> if the submitting user wishes their identity (principal(s)) to be remembered across
215 * sessions, <tt>false</tt> otherwise (<tt>false</tt> by default).
216 * @since 0.9
217 */
218 @Override
219 public boolean isRememberMe() {
220 return this.rememberMe;
221 }
222
223 /**
224 * Returns the host name or IP string from where the authentication attempt occurs. May be <tt>null</tt> if the host
225 * name/IP is unknown or explicitly omitted. It is up to the Authenticator implementation processing this token if
226 * an authentication attempt without a host is valid or not.
227 *
228 * <p>
229 * (Shiro's default Authenticator allows <tt>null</tt> hosts to support localhost and proxy server environments).
230 * </p>
231 *
232 * @return the host from where the authentication attempt occurs, or <tt>null</tt> if it is unknown or explicitly
233 * omitted.
234 * @since 1.0
235 */
236 @Override
237 public String getHost() {
238 return this.host;
239 }
240 }