/
DefaultAuthenticatorFactory.java
114 lines (103 loc) · 5.03 KB
/
DefaultAuthenticatorFactory.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
//
// ========================================================================
// Copyright (c) 1995-2021 Mort Bay Consulting Pty Ltd and others.
//
// This program and the accompanying materials are made available under the
// terms of the Eclipse Public License v. 2.0 which is available at
// https://www.eclipse.org/legal/epl-2.0, or the Apache License, Version 2.0
// which is available at https://www.apache.org/licenses/LICENSE-2.0.
//
// SPDX-License-Identifier: EPL-2.0 OR Apache-2.0
// ========================================================================
//
package org.eclipse.jetty.security;
import java.util.Collection;
import javax.servlet.ServletContext;
import org.eclipse.jetty.security.Authenticator.AuthConfiguration;
import org.eclipse.jetty.security.authentication.BasicAuthenticator;
import org.eclipse.jetty.security.authentication.ClientCertAuthenticator;
import org.eclipse.jetty.security.authentication.ConfigurableSpnegoAuthenticator;
import org.eclipse.jetty.security.authentication.DigestAuthenticator;
import org.eclipse.jetty.security.authentication.FormAuthenticator;
import org.eclipse.jetty.security.authentication.SslClientCertAuthenticator;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.util.security.Constraint;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* The Default Authenticator Factory.
* Uses the {@link AuthConfiguration#getAuthMethod()} to select an {@link Authenticator} from: <ul>
* <li>{@link org.eclipse.jetty.security.authentication.BasicAuthenticator}</li>
* <li>{@link org.eclipse.jetty.security.authentication.DigestAuthenticator}</li>
* <li>{@link org.eclipse.jetty.security.authentication.FormAuthenticator}</li>
* <li>{@link org.eclipse.jetty.security.authentication.ClientCertAuthenticator}</li>
* <li>{@link org.eclipse.jetty.security.authentication.SslClientCertAuthenticator}</li>
* </ul>
* All authenticators derived from {@link org.eclipse.jetty.security.authentication.LoginAuthenticator} are
* wrapped with a {@link org.eclipse.jetty.security.authentication.DeferredAuthentication}
* instance, which is used if authentication is not mandatory.
*
* The Authentications from the {@link org.eclipse.jetty.security.authentication.FormAuthenticator} are always wrapped in a
* {@link org.eclipse.jetty.security.authentication.SessionAuthentication}
* <p>
* If a {@link LoginService} has not been set on this factory, then
* the service is selected by searching the {@link Server#getBeans(Class)} results for
* a service that matches the realm name, else the first LoginService found is used.
*/
public class DefaultAuthenticatorFactory implements Authenticator.Factory
{
private static final Logger LOG = LoggerFactory.getLogger(DefaultAuthenticatorFactory.class);
LoginService _loginService;
@Override
public Authenticator getAuthenticator(Server server, ServletContext context, AuthConfiguration configuration, IdentityService identityService, LoginService loginService)
{
String auth = configuration.getAuthMethod();
Authenticator authenticator = null;
if (auth == null || Constraint.__BASIC_AUTH.equalsIgnoreCase(auth))
authenticator = new BasicAuthenticator();
else if (Constraint.__DIGEST_AUTH.equalsIgnoreCase(auth))
authenticator = new DigestAuthenticator();
else if (Constraint.__FORM_AUTH.equalsIgnoreCase(auth))
authenticator = new FormAuthenticator();
else if (Constraint.__SPNEGO_AUTH.equalsIgnoreCase(auth))
authenticator = new ConfigurableSpnegoAuthenticator();
else if (Constraint.__NEGOTIATE_AUTH.equalsIgnoreCase(auth)) // see Bug #377076
authenticator = new ConfigurableSpnegoAuthenticator(Constraint.__NEGOTIATE_AUTH);
if (Constraint.__CERT_AUTH.equalsIgnoreCase(auth) || Constraint.__CERT_AUTH2.equalsIgnoreCase(auth))
{
Collection<SslContextFactory> sslContextFactories = server.getBeans(SslContextFactory.class);
if (sslContextFactories.size() != 1)
{
if (sslContextFactories.size() > 1)
{
LOG.info("Multiple SslContextFactory instances discovered. Directly configure a SslClientCertAuthenticator to use one.");
}
else
{
LOG.debug("No SslContextFactory instances discovered. Directly configure a SslClientCertAuthenticator to use one.");
}
authenticator = new ClientCertAuthenticator();
}
else
{
authenticator = new SslClientCertAuthenticator(sslContextFactories.iterator().next());
}
}
return authenticator;
}
/**
* @return the loginService
*/
public LoginService getLoginService()
{
return _loginService;
}
/**
* @param loginService the loginService to set
*/
public void setLoginService(LoginService loginService)
{
_loginService = loginService;
}
}