View Javadoc

1   /*
2    * Copyright 2006 University Corporation for Advanced Internet Development, Inc.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package edu.internet2.middleware.shibboleth.idp.authn.provider;
18  
19  import java.io.IOException;
20  
21  import javax.servlet.http.HttpServletRequest;
22  import javax.servlet.http.HttpServletResponse;
23  
24  import org.opensaml.util.URLBuilder;
25  import org.slf4j.Logger;
26  import org.slf4j.LoggerFactory;
27  
28  /**
29   * Authenticate a username and password against a JAAS source.
30   * 
31   * This login handler creates a {@link javax.security.auth.Subject} and binds it to the request as described in the
32   * {@link edu.internet2.middleware.shibboleth.idp.authn.LoginHandler} documentation. If the JAAS module does not create
33   * a principal for the user a {@link edu.internet2.middleware.shibboleth.idp.authn.UsernamePrincipal} is created, using the
34   * entered username. If the <code>storeCredentialsInSubject</code> init parameter of the authentication servlet is set
35   * to true a {@link UsernamePasswordCredential} is created, based on the entered username and password, and stored in
36   * the Subject's private credentials.
37   */
38  public class UsernamePasswordLoginHandler extends AbstractLoginHandler {
39  
40      /** Class logger. */
41      private final Logger log = LoggerFactory.getLogger(UsernamePasswordLoginHandler.class);
42  
43      /** The URL of the servlet used to perform authentication. */
44      private String authenticationServletURL;
45  
46      /**
47       * Constructor.
48       * 
49       * @param servletURL URL to the authentication servlet
50       */
51      public UsernamePasswordLoginHandler(String servletURL) {
52          super();
53          setSupportsPassive(false);
54          setSupportsForceAuthentication(true);
55          authenticationServletURL = servletURL;
56      }
57  
58      /** {@inheritDoc} */
59      public void login(final HttpServletRequest httpRequest, final HttpServletResponse httpResponse) {
60          // forward control to the servlet.
61          try {
62              StringBuilder pathBuilder = new StringBuilder();
63              pathBuilder.append(httpRequest.getContextPath());
64              if (!authenticationServletURL.startsWith("/")) {
65                  pathBuilder.append("/");
66              }
67              pathBuilder.append(authenticationServletURL);
68  
69              URLBuilder urlBuilder = new URLBuilder();
70              urlBuilder.setScheme(httpRequest.getScheme());
71              urlBuilder.setHost(httpRequest.getServerName());
72              urlBuilder.setPort(httpRequest.getServerPort());
73              urlBuilder.setPath(pathBuilder.toString());
74  
75              log.debug("Redirecting to {}", urlBuilder.buildURL());
76              httpResponse.sendRedirect(urlBuilder.buildURL());
77              return;
78          } catch (IOException ex) {
79              log.error("Unable to redirect to authentication servlet.", ex);
80          }
81  
82      }
83  }