View Javadoc
1   /**
2    * Waffle (https://github.com/dblock/waffle)
3    *
4    * Copyright (c) 2010 - 2015 Application Security, Inc.
5    *
6    * All rights reserved. This program and the accompanying materials
7    * are made available under the terms of the Eclipse Public License v1.0
8    * which accompanies this distribution, and is available at
9    * http://www.eclipse.org/legal/epl-v10.html
10   *
11   * Contributors:
12   *     Application Security, Inc.
13   */
14  package waffle.shiro.negotiate;
15  
16  /**
17   * Derived from net.skorgenes.security.jsecurity.negotiate.NegotiateToken.
18   * see: https://bitbucket.org/lothor/shiro-negotiate/src/7b25efde130b9cbcacf579b3f926c532d919aa23/src/main/java/net/skorgenes/security/jsecurity/negotiate/NegotiateAuthenticationFilter.java?at=default
19   *
20   * @author Dan Rollo
21   */
22  import javax.security.auth.Subject;
23  
24  import org.apache.shiro.authc.AuthenticationInfo;
25  import org.apache.shiro.authc.HostAuthenticationToken;
26  import org.apache.shiro.authc.RememberMeAuthenticationToken;
27  
28  /**
29   * An authentication token wrapping a Waffle Negotiate token.
30   * 
31   * @author Dan Rollo
32   * @since 1.0.0
33   */
34  public class NegotiateToken implements HostAuthenticationToken, RememberMeAuthenticationToken {
35      
36      /** The Constant serialVersionUID. */
37      private static final long serialVersionUID = 1345343228636916781L;
38  
39      /** The in. */
40      private final byte[]      in;
41  
42      /** The out. */
43      private byte[]            out;
44  
45      /** The subject. */
46      private Subject           subject;
47  
48      /** The principal. */
49      private Object            principal;
50  
51      /** The connection id. */
52      private final String      connectionId;
53      
54      /** The security package. */
55      private final String      securityPackage;
56      
57      /** The ntlm post. */
58      private final boolean     ntlmPost;
59  
60      /**
61       * Whether or not 'rememberMe' should be enabled for the corresponding login attempt; default is <code>false</code>.
62       */
63      private final boolean     rememberMe;
64  
65      /**
66       * The location from where the login attempt occurs, or <code>null</code> if not known or explicitly omitted.
67       */
68      private final String      host;
69  
70      /**
71       * Instantiates a new negotiate token.
72       *
73       * @param newIn
74       *            the new in
75       * @param newOut
76       *            the new out
77       * @param newConnectionId
78       *            the new connection id
79       * @param newSecurityPackage
80       *            the new security package
81       * @param newNtlmPost
82       *            the new ntlm post
83       * @param newRememberMe
84       *            the new remember me
85       * @param newHost
86       *            the new host
87       */
88      public NegotiateToken(final byte[] newIn, final byte[] newOut, final String newConnectionId,
89              final String newSecurityPackage, final boolean newNtlmPost, final boolean newRememberMe,
90              final String newHost) {
91          this.in = newIn;
92          this.out = newOut;
93          this.connectionId = newConnectionId;
94          this.securityPackage = newSecurityPackage;
95          this.ntlmPost = newNtlmPost;
96  
97          this.rememberMe = newRememberMe;
98          this.host = newHost;
99      }
100 
101     /**
102      * Gets the connection id.
103      *
104      * @return the connection id
105      */
106     public String getConnectionId() {
107         return this.connectionId;
108     }
109 
110     /**
111      * Gets the security package.
112      *
113      * @return the security package
114      */
115     public String getSecurityPackage() {
116         return this.securityPackage;
117     }
118 
119     /**
120      * Checks if is ntlm post.
121      *
122      * @return true, if is ntlm post
123      */
124     public boolean isNtlmPost() {
125         return this.ntlmPost;
126     }
127 
128     /* (non-Javadoc)
129      * @see org.apache.shiro.authc.AuthenticationToken#getCredentials()
130      */
131     @Override
132     public Object getCredentials() {
133         return this.subject;
134     }
135 
136     /* (non-Javadoc)
137      * @see org.apache.shiro.authc.AuthenticationToken#getPrincipal()
138      */
139     @Override
140     public Object getPrincipal() {
141         return this.principal;
142     }
143 
144     /**
145      * Gets the out.
146      *
147      * @return the out
148      */
149     byte[] getOut() {
150         return this.out;
151     }
152 
153     /**
154      * Sets the out.
155      *
156      * @param outToken
157      *            the new out
158      */
159     public void setOut(final byte[] outToken) {
160         this.out = (outToken != null ? outToken.clone() : null);
161     }
162 
163     /**
164      * Sets the subject.
165      *
166      * @param value
167      *            the new subject
168      */
169     public void setSubject(final Subject value) {
170         this.subject = value;
171     }
172 
173     /**
174      * Gets the in.
175      *
176      * @return the in
177      */
178     public byte[] getIn() {
179         return this.in.clone();
180     }
181 
182     /**
183      * Gets the subject.
184      *
185      * @return the subject
186      */
187     public Subject getSubject() {
188         return this.subject;
189     }
190 
191     /**
192      * Creates the info.
193      *
194      * @return the authentication info
195      */
196     public AuthenticationInfo createInfo() {
197         return new NegotiateInfo(this.subject, "NegotiateWaffleRealm");
198     }
199 
200     /**
201      * Sets the principal.
202      *
203      * @param value
204      *            the new principal
205      */
206     public void setPrincipal(final Object value) {
207         this.principal = value;
208     }
209 
210     /**
211      * Returns <tt>true</tt> if the submitting user wishes their identity (principal(s)) to be remembered across
212      * sessions, <tt>false</tt> otherwise. Unless overridden, this value is <tt>false</tt> by default.
213      * 
214      * @return <tt>true</tt> if the submitting user wishes their identity (principal(s)) to be remembered across
215      *         sessions, <tt>false</tt> otherwise (<tt>false</tt> by default).
216      * @since 0.9
217      */
218     @Override
219     public boolean isRememberMe() {
220         return this.rememberMe;
221     }
222 
223     /**
224      * Returns the host name or IP string from where the authentication attempt occurs. May be <tt>null</tt> if the host
225      * name/IP is unknown or explicitly omitted. It is up to the Authenticator implementation processing this token if
226      * an authentication attempt without a host is valid or not.
227      * 
228      * <p>
229      * (Shiro's default Authenticator allows <tt>null</tt> hosts to support localhost and proxy server environments).
230      * </p>
231      * 
232      * @return the host from where the authentication attempt occurs, or <tt>null</tt> if it is unknown or explicitly
233      *         omitted.
234      * @since 1.0
235      */
236     @Override
237     public String getHost() {
238         return this.host;
239     }
240 }