コード例 #1
0
  public void handleComplete(HttpServerExchange exchange, HttpCompletionHandler completionHandler) {
    NegotiationContext negContext = exchange.getAttachment(NegotiationContext.ATTACHMENT_KEY);

    boolean authAdded = false;

    if (negContext != null) {
      byte[] responseChallenge = negContext.useResponseToken();
      exchange.putAttachment(NegotiationContext.ATTACHMENT_KEY, null);
      if (responseChallenge != null) {
        HeaderMap headers = exchange.getResponseHeaders();
        headers.add(
            WWW_AUTHENTICATE, NEGOTIATE_PREFIX + FlexBase64.encodeString(responseChallenge, false));
        authAdded = true;
      }
    }

    if (Util.shouldChallenge(exchange)) {
      if (!authAdded) {
        exchange.getResponseHeaders().add(WWW_AUTHENTICATE, NEGOTIATE.toString());
      }
      // We only set this is actually challenging the client, the previously set header may have
      // been a FYI for the
      // client.
      exchange.setResponseCode(CODE_401.getCode());
    }

    completionHandler.handleComplete();
  }
コード例 #2
0
  @Override
  public IoFuture<AuthenticationResult> authenticate(HttpServerExchange exchange) {
    ConcreteIoFuture<AuthenticationResult> result = new ConcreteIoFuture<AuthenticationResult>();
    HttpServerConnection connection = exchange.getConnection();
    NegotiationContext negContext = connection.getAttachment(NegotiationContext.ATTACHMENT_KEY);
    if (negContext != null) {
      exchange.putAttachment(NegotiationContext.ATTACHMENT_KEY, negContext);
      if (negContext.isEstablished()) {
        result.setResult(
            new AuthenticationResult(
                negContext.getPrincipal(), AuthenticationOutcome.AUTHENTICATED));
      }
    }

    Deque<String> authHeaders = exchange.getRequestHeaders().get(AUTHORIZATION);
    if (authHeaders != null) {
      for (String current : authHeaders) {
        if (current.startsWith(NEGOTIATE_PREFIX)) {
          String base64Challenge = current.substring(NEGOTIATE_PREFIX.length());
          try {
            ByteBuffer challenge = FlexBase64.decode(base64Challenge);
            dispatch(exchange, new GSSAPIRunnable(result, exchange, challenge));
            // The request has now potentially been dispatched to a different worker thread, the run
            // method
            // within GSSAPIRunnable is now responsible for ensuring the request continues.
            return result;
          } catch (IOException e) {
          }

          // By this point we had a header we should have been able to verify but for some reason
          // it was not correctly structured.
          result.setResult(new AuthenticationResult(null, AuthenticationOutcome.NOT_AUTHENTICATED));
          return result;
        }
      }
    }

    // No suitable header was found so authentication was not even attempted.
    result.setResult(new AuthenticationResult(null, AuthenticationOutcome.NOT_ATTEMPTED));
    return result;
  }
コード例 #3
0
    public Void run() throws GSSException {
      NegotiationContext negContext = exchange.getAttachment(NegotiationContext.ATTACHMENT_KEY);
      if (negContext == null) {
        negContext = new NegotiationContext();
        exchange.putAttachment(NegotiationContext.ATTACHMENT_KEY, negContext);
        // Also cache it on the connection for future calls.
        exchange.getConnection().putAttachment(NegotiationContext.ATTACHMENT_KEY, negContext);
      }

      GSSContext gssContext = negContext.getGssContext();
      if (gssContext == null) {
        GSSManager manager = GSSManager.getInstance();
        gssContext = manager.createContext((GSSCredential) null);

        negContext.setGssContext(gssContext);
      }

      byte[] respToken =
          gssContext.acceptSecContext(
              challenge.array(), challenge.arrayOffset(), challenge.limit());
      negContext.setResponseToken(respToken);

      if (negContext.isEstablished()) {
        result.setResult(
            new AuthenticationResult(
                negContext.getPrincipal(), AuthenticationOutcome.AUTHENTICATED));
      } else {
        // This isn't a failure but as the context is not established another round trip with the
        // client is needed.
        result.setResult(
            new AuthenticationResult(
                negContext.getPrincipal(), AuthenticationOutcome.NOT_AUTHENTICATED));
      }

      return null;
    }