View Javadoc

1   /*
2    * Copyright 2006 University Corporation for Advanced Internet Development, Inc.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package edu.internet2.middleware.shibboleth.idp.authn.provider;
18  
19  import java.io.IOException;
20  
21  import javax.servlet.http.HttpServletRequest;
22  import javax.servlet.http.HttpServletResponse;
23  
24  import org.opensaml.util.URLBuilder;
25  import org.slf4j.Logger;
26  import org.slf4j.LoggerFactory;
27  
28  import edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper;
29  
30  /**
31   * Authenticate a username and password against a JAAS source.
32   * 
33   * This login handler creates a {@link javax.security.auth.Subject} and binds it to the request as described in the
34   * {@link edu.internet2.middleware.shibboleth.idp.authn.LoginHandler} documentation. If the JAAS module does not create
35   * a principal for the user a {@link edu.internet2.middleware.shibboleth.idp.authn.UsernamePrincipal} is created, using the
36   * entered username. If the <code>storeCredentialsInSubject</code> init parameter of the authentication servlet is set
37   * to true a {@link UsernamePasswordCredential} is created, based on the entered username and password, and stored in
38   * the Subject's private credentials.
39   */
40  public class UsernamePasswordLoginHandler extends AbstractLoginHandler {
41  
42      /** Class logger. */
43      private final Logger log = LoggerFactory.getLogger(UsernamePasswordLoginHandler.class);
44  
45      /** The URL of the servlet used to perform authentication. */
46      private String authenticationServletURL;
47  
48      /**
49       * Constructor.
50       * 
51       * @param servletURL URL to the authentication servlet
52       */
53      public UsernamePasswordLoginHandler(String servletURL) {
54          super();
55          setSupportsPassive(false);
56          setSupportsForceAuthentication(true);
57          authenticationServletURL = servletURL;
58      }
59  
60      /** {@inheritDoc} */
61      public void login(final HttpServletRequest httpRequest, final HttpServletResponse httpResponse) {
62          // forward control to the servlet.
63          try {
64              URLBuilder urlBuilder = HttpServletHelper.getServletContextUrl(httpRequest);
65              
66              StringBuilder pathBuilder = new StringBuilder(urlBuilder.getPath());
67              if (!authenticationServletURL.startsWith("/")) {
68                  pathBuilder.append("/");
69              }
70              pathBuilder.append(authenticationServletURL);
71              urlBuilder.setPath(pathBuilder.toString());
72  
73              log.debug("Redirecting to {}", urlBuilder.buildURL());
74              httpResponse.sendRedirect(urlBuilder.buildURL());
75              return;
76          } catch (IOException ex) {
77              log.error("Unable to redirect to authentication servlet.", ex);
78          }
79  
80      }
81  }