Commit 91edd49d authored by Misagh Moayyed's avatar Misagh Moayyed
Browse files

Delete JCIFSSpnegoAuthenticationHandler.java

parent 559394b9
/*
* Licensed to Apereo under one or more contributor license
* agreements. See the NOTICE file distributed with this work
* for additional information regarding copyright ownership.
* Apereo licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a
* copy of the License at the following location:
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.jasig.cas.support.spnego.authentication.handler.support;
import jcifs.spnego.Authentication;
import org.jasig.cas.authentication.BasicCredentialMetaData;
import org.jasig.cas.authentication.Credential;
import org.jasig.cas.authentication.DefaultHandlerResult;
import org.jasig.cas.authentication.HandlerResult;
import org.jasig.cas.authentication.PreventedException;
import org.jasig.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler;
import org.jasig.cas.authentication.principal.Principal;
import org.jasig.cas.support.spnego.authentication.principal.SpnegoCredential;
import javax.security.auth.login.FailedLoginException;
import java.security.GeneralSecurityException;
import java.util.regex.Pattern;
/**
* Implementation of an AuthenticationHandler for SPNEGO supports. This Handler
* support both NTLM and Kerberos. NTLM is disabled by default.
*
* @author Arnaud Lesueur
* @author Marc-Antoine Garrigue
* @author Scott Battaglia
* @author Marvin S. Addison
* @since 3.1
*/
public final class JcifsSpnegoAuthenticationHandler extends AbstractPreAndPostProcessingAuthenticationHandler {
private Authentication authentication;
/**
* Principal contains the DomainName ? (true by default).
*/
private boolean principalWithDomainName = true;
/**
* Allow SPNEGO/NTLM Token as valid credentials. (false by default)
*/
private boolean isNTLMallowed;
@Override
protected HandlerResult doAuthentication(final Credential credential) throws GeneralSecurityException, PreventedException {
final SpnegoCredential spnegoCredential = (SpnegoCredential) credential;
java.security.Principal principal;
byte[] nextToken;
if (!this.isNTLMallowed && spnegoCredential.isNtlm()) {
throw new FailedLoginException("NTLM not allowed");
}
try {
// proceed authentication using jcifs
synchronized (this) {
this.authentication.reset();
this.authentication.process(spnegoCredential.getInitToken());
principal = this.authentication.getPrincipal();
nextToken = this.authentication.getNextToken();
}
} catch (final jcifs.spnego.AuthenticationException e) {
throw new FailedLoginException(e.getMessage());
}
// evaluate jcifs response
if (nextToken != null) {
logger.debug("Setting nextToken in credential");
spnegoCredential.setNextToken(nextToken);
} else {
logger.debug("nextToken is null");
}
boolean success = false;
if (principal != null) {
if (spnegoCredential.isNtlm()) {
logger.debug("NTLM Credential is valid for user [{}]", principal.getName());
} else {
logger.debug("Kerberos Credential is valid for user [{}]", principal.getName());
}
spnegoCredential.setPrincipal(getPrincipal(principal.getName(), spnegoCredential.isNtlm()));
success = true;
}
if (!success) {
throw new FailedLoginException("Principal is null, the processing of the SPNEGO Token failed");
}
return new DefaultHandlerResult(this, new BasicCredentialMetaData(credential), spnegoCredential.getPrincipal());
}
@Override
public boolean supports(final Credential credential) {
return credential instanceof SpnegoCredential;
}
public void setAuthentication(final Authentication authentication) {
this.authentication = authentication;
}
public void setPrincipalWithDomainName(final boolean principalWithDomainName) {
this.principalWithDomainName = principalWithDomainName;
}
public void setNTLMallowed(final boolean isNTLMallowed) {
this.isNTLMallowed = isNTLMallowed;
}
/**
* Gets the principal from the given name. The principal
* is created by the factory instance.
*
* @param name the name
* @param isNtlm the is ntlm
* @return the simple principal
*/
protected Principal getPrincipal(final String name, final boolean isNtlm) {
if (this.principalWithDomainName) {
return this.principalFactory.createPrincipal(name);
}
if (isNtlm) {
return Pattern.matches("\\S+\\\\\\S+", name)
? this.principalFactory.createPrincipal(name.split("\\\\")[1])
: this.principalFactory.createPrincipal(name);
}
return this.principalFactory.createPrincipal(name.split("@")[0]);
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment