1 /*
2  * JBoss, Home of Professional Open Source.
3  * Copyright 2014 Red Hat, Inc., and individual contributors
4  * as indicated by the @author tags.
5  *
6  * Licensed under the Apache License, Version 2.0 (the "License");
7  * you may not use this file except in compliance with the License.
8  * You may obtain a copy of the License at
9  *
10  *     http://www.apache.org/licenses/LICENSE-2.0
11  *
12  *  Unless required by applicable law or agreed to in writing, software
13  *  distributed under the License is distributed on an "AS IS" BASIS,
14  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15  *  See the License for the specific language governing permissions and
16  *  limitations under the License.
17  */
18
19 package io.undertow.security.impl;
20
21 import io.undertow.security.api.AuthenticationMechanism;
22 import io.undertow.security.api.AuthenticationMechanismFactory;
23 import io.undertow.security.api.SecurityContext;
24 import io.undertow.security.idm.Account;
25 import io.undertow.security.idm.ExternalCredential;
26 import io.undertow.security.idm.IdentityManager;
27 import io.undertow.server.HttpServerExchange;
28 import io.undertow.server.handlers.form.FormParserFactory;
29 import io.undertow.util.AttachmentKey;
30
31 import java.util.Map;
32
33 /**
34  *
35  * Authentication mechanism that uses an externally provided principal.
36  *
37  * WARNING: This method performs no verification. It must only be used if there is no
38  * way for an end user to modify the principal, for example if Undertow is behind a
39  * front end server that is responsible for authentication.
40  *
41  * @author Stuart Douglas
42  */
43 public class ExternalAuthenticationMechanism implements AuthenticationMechanism {
44
45     public static final AuthenticationMechanismFactory FACTORY = new Factory();
46
47     public static final String NAME = "EXTERNAL";
48
49     private final String name;
50     private final IdentityManager identityManager;
51
52     public static final AttachmentKey<String> EXTERNAL_PRINCIPAL = AttachmentKey.create(String.class);
53     public static final AttachmentKey<String> EXTERNAL_AUTHENTICATION_TYPE = AttachmentKey.create(String.class);
54
55     public ExternalAuthenticationMechanism(String name, IdentityManager identityManager) {
56         this.name = name;
57         this.identityManager = identityManager;
58     }
59
60     public ExternalAuthenticationMechanism(String name) {
61         this(name, null);
62     }
63     public ExternalAuthenticationMechanism() {
64         this(NAME);
65     }
66
67     @SuppressWarnings("deprecation")
68     private IdentityManager getIdentityManager(SecurityContext securityContext) {
69         return identityManager != null ? identityManager : securityContext.getIdentityManager();
70     }
71
72     @Override
73     public AuthenticationMechanismOutcome authenticate(HttpServerExchange exchange, SecurityContext securityContext) {
74         String principal = exchange.getAttachment(EXTERNAL_PRINCIPAL);
75         if(principal == null) {
76             return AuthenticationMechanismOutcome.NOT_ATTEMPTED;
77         }
78         Account account = getIdentityManager(securityContext).verify(principal, ExternalCredential.INSTANCE);
79         if(account == null) {
80             return AuthenticationMechanismOutcome.NOT_AUTHENTICATED;
81         }
82         String name = exchange.getAttachment(EXTERNAL_AUTHENTICATION_TYPE);
83         securityContext.authenticationComplete(account, name != null ? name: this.name, false);
84
85         return AuthenticationMechanismOutcome.AUTHENTICATED;
86     }
87
88     @Override
89     public ChallengeResult sendChallenge(HttpServerExchange exchange, SecurityContext securityContext) {
90         return ChallengeResult.NOT_SENT;
91     }
92
93     public static final class Factory implements AuthenticationMechanismFactory {
94
95         @Deprecated
96         public Factory(IdentityManager identityManager) {}
97
98         public Factory() {}
99
100         @Override
101         public AuthenticationMechanism create(String mechanismName,IdentityManager identityManager, FormParserFactory formParserFactory, Map<String, String> properties) {
102             return new ExternalAuthenticationMechanism(mechanismName, identityManager);
103         }
104     }
105 }
106