View Javadoc

1   /*
2    * Licensed to the University Corporation for Advanced Internet Development, 
3    * Inc. (UCAID) under one or more contributor license agreements.  See the 
4    * NOTICE file distributed with this work for additional information regarding
5    * copyright ownership. The UCAID licenses this file to You under the Apache 
6    * License, Version 2.0 (the "License"); you may not use this file except in 
7    * compliance with the License.  You may obtain a copy of the License at
8    *
9    *    http://www.apache.org/licenses/LICENSE-2.0
10   *
11   * Unless required by applicable law or agreed to in writing, software
12   * distributed under the License is distributed on an "AS IS" BASIS,
13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   * See the License for the specific language governing permissions and
15   * limitations under the License.
16   */
17  
18  package edu.internet2.middleware.shibboleth.idp.authn.provider;
19  
20  import java.io.IOException;
21  
22  import javax.servlet.http.HttpServletRequest;
23  import javax.servlet.http.HttpServletResponse;
24  
25  import org.slf4j.Logger;
26  import org.slf4j.LoggerFactory;
27  
28  import edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper;
29  
30  /**
31   * Authenticate a username and password against a JAAS source.
32   * 
33   * This login handler creates a {@link javax.security.auth.Subject} and binds it to the request as described in the
34   * {@link edu.internet2.middleware.shibboleth.idp.authn.LoginHandler} documentation. If the JAAS module does not create
35   * a principal for the user a {@link edu.internet2.middleware.shibboleth.idp.authn.UsernamePrincipal} is created, using
36   * the entered username. If the <code>storeCredentialsInSubject</code> init parameter of the authentication servlet is
37   * set to true a {@link UsernamePasswordCredential} is created, based on the entered username and password, and stored
38   * in the Subject's private credentials.
39   */
40  public class UsernamePasswordLoginHandler extends AbstractLoginHandler {
41  
42      /** Class logger. */
43      private final Logger log = LoggerFactory.getLogger(UsernamePasswordLoginHandler.class);
44  
45      /** The context-relative path of the servlet used to perform authentication. */
46      private String authenticationServletPath;
47  
48      /**
49       * Constructor.
50       * 
51       * @param servletPath context-relative path to the authentication servlet, may start with "/"
52       */
53      public UsernamePasswordLoginHandler(String servletPath) {
54          super();
55          setSupportsPassive(false);
56          setSupportsForceAuthentication(true);
57          authenticationServletPath = servletPath;
58      }
59  
60      /** {@inheritDoc} */
61      public void login(final HttpServletRequest httpRequest, final HttpServletResponse httpResponse) {
62          // forward control to the servlet.
63          try {
64              String authnServletUrl = HttpServletHelper.getContextRelativeUrl(httpRequest, authenticationServletPath)
65                      .buildURL();
66              log.debug("Redirecting to {}", authnServletUrl);
67              httpResponse.sendRedirect(authnServletUrl);
68              return;
69          } catch (IOException ex) {
70              log.error("Unable to redirect to authentication servlet.", ex);
71          }
72  
73      }
74  }