1 /* 2 * Licensed to the University Corporation for Advanced Internet Development, 3 * Inc. (UCAID) under one or more contributor license agreements. See the 4 * NOTICE file distributed with this work for additional information regarding 5 * copyright ownership. The UCAID licenses this file to You under the Apache 6 * License, Version 2.0 (the "License"); you may not use this file except in 7 * compliance with the License. You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 */ 17 18 package edu.internet2.middleware.shibboleth.idp.authn.provider; 19 20 import java.io.IOException; 21 22 import javax.servlet.http.HttpServletRequest; 23 import javax.servlet.http.HttpServletResponse; 24 25 import org.slf4j.Logger; 26 import org.slf4j.LoggerFactory; 27 28 import edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper; 29 30 /** 31 * Authenticate a username and password against a JAAS source. 32 * 33 * This login handler creates a {@link javax.security.auth.Subject} and binds it to the request as described in the 34 * {@link edu.internet2.middleware.shibboleth.idp.authn.LoginHandler} documentation. If the JAAS module does not create 35 * a principal for the user a {@link edu.internet2.middleware.shibboleth.idp.authn.UsernamePrincipal} is created, using 36 * the entered username. If the <code>storeCredentialsInSubject</code> init parameter of the authentication servlet is 37 * set to true a {@link UsernamePasswordCredential} is created, based on the entered username and password, and stored 38 * in the Subject's private credentials. 39 */ 40 public class UsernamePasswordLoginHandler extends AbstractLoginHandler { 41 42 /** Class logger. */ 43 private final Logger log = LoggerFactory.getLogger(UsernamePasswordLoginHandler.class); 44 45 /** The context-relative path of the servlet used to perform authentication. */ 46 private String authenticationServletPath; 47 48 /** 49 * Constructor. 50 * 51 * @param servletPath context-relative path to the authentication servlet, may start with "/" 52 */ 53 public UsernamePasswordLoginHandler(String servletPath) { 54 super(); 55 setSupportsPassive(false); 56 setSupportsForceAuthentication(true); 57 authenticationServletPath = servletPath; 58 } 59 60 /** {@inheritDoc} */ 61 public void login(final HttpServletRequest httpRequest, final HttpServletResponse httpResponse) { 62 // forward control to the servlet. 63 try { 64 String authnServletUrl = HttpServletHelper.getContextRelativeUrl(httpRequest, authenticationServletPath) 65 .buildURL(); 66 log.debug("Redirecting to {}", authnServletUrl); 67 httpResponse.sendRedirect(authnServletUrl); 68 return; 69 } catch (IOException ex) { 70 log.error("Unable to redirect to authentication servlet.", ex); 71 } 72 73 } 74 }