Issue #5272 WIP

Signed-off-by: Jan Bartel <janb@webtide.com>
jetty · Nov 9, 2020 · 76a92d8 · 76a92d8
1 parent 11a365b
commit 76a92d8
Show file tree

Hide file tree

Showing 16 changed files with 218 additions and 236 deletions.
diff --git a/jetty-jaas/src/main/java/org/eclipse/jetty/jaas/JAASUserPrincipal.java b/jetty-jaas/src/main/java/org/eclipse/jetty/jaas/JAASUserPrincipal.java
@@ -26,7 +26,7 @@
  * JAASUserPrincipal
  * <p>
  * Implements the JAAS version of the
- * org.eclipse.jetty.http.UserPrincipal interface.
+ * org.eclipse.jetty.security.UserPrincipal interface.
  */
 public class JAASUserPrincipal implements Principal
 {

diff --git a/jetty-jaas/src/main/java/org/eclipse/jetty/jaas/spi/AbstractDatabaseLoginModule.java b/jetty-jaas/src/main/java/org/eclipse/jetty/jaas/spi/AbstractDatabaseLoginModule.java
@@ -27,6 +27,7 @@
 import javax.security.auth.Subject;
 import javax.security.auth.callback.CallbackHandler;
 
+import org.eclipse.jetty.security.UserPrincipal;
 import org.eclipse.jetty.util.log.Log;
 import org.eclipse.jetty.util.log.Logger;
 import org.eclipse.jetty.util.security.Credential;
@@ -57,11 +58,11 @@ public abstract class AbstractDatabaseLoginModule extends AbstractLoginModule
      */
     public abstract Connection getConnection() throws Exception;
 
-    public class JDBCUserInfo extends UserInfo
+    public class JDBCUser extends User
     {
-        public JDBCUserInfo(String userName, Credential credential)
+        public JDBCUser(UserPrincipal user)
         {
-            super(userName, credential);
+            super(user);
         }
 
         @Override
@@ -79,7 +80,7 @@ public List<String> doFetchRoles()
      * @throws Exception if unable to get the user info
      */
     @Override
-    public UserInfo getUserInfo(String userName)
+    public JAASUser getUser(String userName)
         throws Exception
     {
         try (Connection connection = getConnection())
@@ -100,11 +101,9 @@ public UserInfo getUserInfo(String userName)
             }
 
             if (dbCredential == null)
-            {
                 return null;
-            }
 
-            return new JDBCUserInfo(userName, Credential.getCredential(dbCredential));
+            return new JAASUser(new JDBCUser(new UserPrincipal(userName, Credential.getCredential(dbCredential))));
         }
     }
 

diff --git a/jetty-jaas/src/main/java/org/eclipse/jetty/jaas/spi/AbstractLoginModule.java b/jetty-jaas/src/main/java/org/eclipse/jetty/jaas/spi/AbstractLoginModule.java
@@ -37,6 +37,7 @@
 import org.eclipse.jetty.jaas.JAASPrincipal;
 import org.eclipse.jetty.jaas.JAASRole;
 import org.eclipse.jetty.jaas.callback.ObjectCallback;
+import org.eclipse.jetty.security.UserPrincipal;
 
 /**
  * AbstractLoginModule
@@ -50,78 +51,66 @@ public abstract class AbstractLoginModule implements LoginModule
 
     private boolean authState = false;
     private boolean commitState = false;
-    private JAASUserInfo currentUser;
+    private JAASUser currentUser;
     private Subject subject;
 
-    /**
-     * JAASUserInfo
-     *
-     * This class unites the UserInfo data with jaas concepts
-     * such as Subject and Principals
-     */
-    public class JAASUserInfo
+    public class JAASUser
     {
-        private UserInfo user;
-        private Principal principal;
-        private List<JAASRole> roles;
+        private User _user;
+        private List<JAASRole> _roles;
 
-        public JAASUserInfo(UserInfo u)
+        public JAASUser(User u)
         {
-            this.user = u;
-            this.principal = new JAASPrincipal(u.getUserName());
+            _user = u;
         }
 
         public String getUserName()
         {
-            return this.user.getUserName();
-        }
-
-        public Principal getPrincipal()
-        {
-            return this.principal;
+            return _user.getUserName();
         }
 
         public void setJAASInfo(Subject subject)
         {
-            subject.getPrincipals().add(this.principal);
-            if (this.user.getCredential() != null)
-            {
-                subject.getPrivateCredentials().add(this.user.getCredential());
-            }
-            subject.getPrincipals().addAll(roles);
+            UserPrincipal principal = _user.getUserPrincipal();
+            if (principal == null)
+                return;
+
+            principal.configureSubject(subject);
+            if (_roles != null)
+                subject.getPrincipals().addAll(_roles);
         }
 
         public void unsetJAASInfo(Subject subject)
         {
-            subject.getPrincipals().remove(this.principal);
-            if (this.user.getCredential() != null)
-            {
-                subject.getPrivateCredentials().remove(this.user.getCredential());
-            }
-            subject.getPrincipals().removeAll(this.roles);
+            UserPrincipal principal = _user.getUserPrincipal();
+            if (principal == null)
+                return;
+            principal.deconfigureSubject(subject);
+            if (_roles != null)
+                subject.getPrincipals().removeAll(_roles);
         }
 
         public boolean checkCredential(Object suppliedCredential)
         {
-            return this.user.checkCredential(suppliedCredential);
+            return _user.checkCredential(suppliedCredential);
         }
 
         public void fetchRoles() throws Exception
         {
-            this.user.fetchRoles();
-            this.roles = new ArrayList<JAASRole>();
-            if (this.user.getRoleNames() != null)
+            _user.fetchRoles();
+            _roles = new ArrayList<JAASRole>();
+            if (_user.getRoleNames() != null)
             {
-                Iterator<String> itor = this.user.getRoleNames().iterator();
+                Iterator<String> itor = _user.getRoleNames().iterator();
                 while (itor.hasNext())
                 {
-                    this.roles.add(new JAASRole(itor.next()));
+                    _roles.add(new JAASRole(itor.next()));
                 }
             }
         }
     }
 
-    public abstract UserInfo getUserInfo(String username) throws Exception;
+    public abstract JAASUser getUser(String username) throws Exception;
 
     public Subject getSubject()
     {
@@ -133,12 +122,12 @@ public void setSubject(Subject s)
         this.subject = s;
     }
 
-    public JAASUserInfo getCurrentUser()
+    public JAASUser getCurrentUser()
     {
         return this.currentUser;
     }
 
-    public void setCurrentUser(JAASUserInfo u)
+    public void setCurrentUser(JAASUser u)
     {
         this.currentUser = u;
     }
@@ -250,15 +239,15 @@ public boolean login() throws LoginException
                 throw new FailedLoginException();
             }
 
-            UserInfo userInfo = getUserInfo(webUserName);
+            JAASUser user = getUser(webUserName);
 
-            if (userInfo == null)
+            if (user == null)
             {
                 setAuthenticated(false);
                 throw new FailedLoginException();
             }
 
-            currentUser = new JAASUserInfo(userInfo);
+            currentUser = user;
             setAuthenticated(currentUser.checkCredential(webCredential));
 
             if (isAuthenticated())

diff --git a/jetty-jaas/src/main/java/org/eclipse/jetty/jaas/spi/LdapLoginModule.java b/jetty-jaas/src/main/java/org/eclipse/jetty/jaas/spi/LdapLoginModule.java
@@ -45,6 +45,7 @@
 import javax.security.auth.login.LoginException;
 
 import org.eclipse.jetty.jaas.callback.ObjectCallback;
+import org.eclipse.jetty.security.UserPrincipal;
 import org.eclipse.jetty.util.TypeUtil;
 import org.eclipse.jetty.util.log.Log;
 import org.eclipse.jetty.util.log.Logger;
@@ -179,18 +180,19 @@ public class LdapLoginModule extends AbstractLoginModule
 
     private DirContext _rootContext;
 
-    public class LDAPUserInfo extends UserInfo
+    public class LDAPUser extends User
     {
         Attributes attributes;
 
-        /**
-         * @param userName the user name
-         * @param credential the credential
-         * @param attributes the user {@link Attributes}
-         */
-        public LDAPUserInfo(String userName, Credential credential, Attributes attributes)
+        public LDAPUser(UserPrincipal user, List<String> rolenames, Attributes attributes)
         {
-            super(userName, credential);
+            super(user, rolenames);
+            this.attributes = attributes;
+        }
+
+        public LDAPUser(UserPrincipal user, Attributes attributes)
+        {
+            super(user);
             this.attributes = attributes;
         }
 
@@ -200,6 +202,25 @@ public List<String> doFetchRoles() throws Exception
             return getUserRoles(_rootContext, getUserName(), attributes);
         }
     }
+
+    public class LDAPBindingUser extends User
+    {   
+       DirContext _context;
+       String _userDn;
+
+        public LDAPBindingUser(UserPrincipal user, DirContext context, String userDn)
+        {
+            super(user);
+            _context = context;
+            _userDn = userDn;
+        }
+
+        @Override
+        public List<String> doFetchRoles() throws Exception
+        {
+            return getUserRolesByDn(_context, _userDn);
+        }
+    }
 
     /**
      * get the available information about the user
@@ -214,19 +235,18 @@ public List<String> doFetchRoles() throws Exception
      * @throws Exception if unable to get the user info
      */
     @Override
-    public UserInfo getUserInfo(String username) throws Exception
+    public JAASUser getUser(String username) throws Exception
     {
         Attributes attributes = getUserAttributes(username);
         String pwdCredential = getUserCredentials(attributes);
 
         if (pwdCredential == null)
-        {
             return null;
-        }
 
         pwdCredential = convertCredentialLdapToJetty(pwdCredential);
         Credential credential = Credential.getCredential(pwdCredential);
-        return new LDAPUserInfo(username, credential, attributes);
+        LDAPUser ldapUser = new LDAPUser(new UserPrincipal(username, credential), attributes);
+        return new JAASUser(ldapUser);
     }
 
     protected String doRFC2254Encoding(String inputString)
@@ -421,15 +441,15 @@ public boolean login() throws LoginException
             else
             {
                 // This sets read and the credential
-                UserInfo userInfo = getUserInfo(webUserName);
+                JAASUser userInfo = getUser(webUserName);
 
                 if (userInfo == null)
                 {
                     setAuthenticated(false);
                     return false;
                 }
 
-                setCurrentUser(new JAASUserInfo(userInfo));
+                setCurrentUser(userInfo);
 
                 if (webCredential instanceof String)
                     authed = credentialLogin(Credential.getCredential((String)webCredential));
@@ -524,12 +544,11 @@ public boolean bindingLogin(String username, Object password) throws LoginExcept
         try
         {
             DirContext dirContext = new InitialDirContext(environment);
-            List<String> roles = getUserRolesByDn(dirContext, userDn);
-
-            UserInfo userInfo = new UserInfo(username, null, roles);
-            setCurrentUser(new JAASUserInfo(userInfo));
+            LDAPBindingUser userInfo = new LDAPBindingUser(new UserPrincipal(username, null), dirContext, userDn);
+            setCurrentUser(new JAASUser(userInfo));
             setAuthenticated(true);
-
+            userInfo.fetchRoles();
+            //TO DO TO DO TO DO
             return true;
         }
         catch (javax.naming.AuthenticationException e)

diff --git a/jetty-jaas/src/main/java/org/eclipse/jetty/jaas/spi/PropertyFileLoginModule.java b/jetty-jaas/src/main/java/org/eclipse/jetty/jaas/spi/PropertyFileLoginModule.java
@@ -18,6 +18,7 @@
 
 package org.eclipse.jetty.jaas.spi;
 
+import java.util.Collections;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
@@ -29,6 +30,7 @@
 import org.eclipse.jetty.jaas.PropertyUserStoreManager;
 import org.eclipse.jetty.security.PropertyUserStore;
 import org.eclipse.jetty.security.RolePrincipal;
+import org.eclipse.jetty.security.UserPrincipal;
 import org.eclipse.jetty.server.UserIdentity;
 import org.eclipse.jetty.util.log.Log;
 import org.eclipse.jetty.util.log.Logger;
@@ -123,22 +125,15 @@ private void setupPropertyUserStore(Map<String, ?> options)
      * @throws Exception if unable to get the user information
      */
     @Override
-    public UserInfo getUserInfo(String userName) throws Exception
+    public JAASUser getUser(String userName) throws Exception
     {
         LOG.debug("Checking PropertyUserStore {} for {}", _store.getConfig(), userName);
-        UserIdentity userIdentity = _store.getUserIdentity(userName);
-        if (userIdentity == null)
+        UserPrincipal up = _store.getUserPrincipal(userName);
+        if (up == null)
             return null;
 
-        //TODO in future versions change the impl of PropertyUserStore so its not
-        //storing Subjects etc, just UserInfo
-        Set<RolePrincipal> principals = userIdentity.getSubject().getPrincipals(RolePrincipal.class);
-
-        List<String> roles = principals.stream()
-            .map(RolePrincipal::getName)
-            .collect(Collectors.toList());
-
-        Credential credential = (Credential)userIdentity.getSubject().getPrivateCredentials().iterator().next();
-        return new UserInfo(userName, credential, roles);
+        List<RolePrincipal> rps = _store.getRolePrincipals(userName);
+        List<String> roles = rps == null ? Collections.emptyList() : rps.stream().map(RolePrincipal::getName).collect(Collectors.toList());
+        return new JAASUser(new User(up, roles));
     }
 }