package org.jolokia.osgi.security;
import javax.security.auth.callback.*;
import javax.security.auth.login.*;
import javax.servlet.http.HttpServletRequest;
import org.jolokia.config.ConfigKey;
import org.jolokia.util.UserPasswordCallbackHandler;
import org.osgi.service.http.HttpContext;
/**
* @author roland
* @since 26.05.14
*/
public class JaasAuthenticator extends Authenticator {
private final String realm;
public JaasAuthenticator(String pRealm) {
realm = pRealm;
}
@Override
protected boolean doAuthenticate(HttpServletRequest pRequest, AuthorizationHeaderParser.Result pAuthInfo) {
try {
String user = pAuthInfo.getUser();
String password = pAuthInfo.getPassword();
final CallbackHandler handler = new UserPasswordCallbackHandler(user, password);
LoginContext loginContext = new LoginContext(realm, handler);
loginContext.login();
pRequest.setAttribute(HttpContext.AUTHENTICATION_TYPE,HttpServletRequest.BASIC_AUTH);
pRequest.setAttribute(HttpContext.REMOTE_USER, user);
pRequest.setAttribute(ConfigKey.JAAS_SUBJECT_REQUEST_ATTRIBUTE,loginContext.getSubject());
return true;
} catch (LoginException e) {
return false;
}
}
}