View Javadoc
1   /*
2    * MIT License
3    *
4    * Copyright (c) 2010-2022 The Waffle Project Contributors: https://github.com/Waffle/waffle/graphs/contributors
5    *
6    * Permission is hereby granted, free of charge, to any person obtaining a copy
7    * of this software and associated documentation files (the "Software"), to deal
8    * in the Software without restriction, including without limitation the rights
9    * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10   * copies of the Software, and to permit persons to whom the Software is
11   * furnished to do so, subject to the following conditions:
12   *
13   * The above copyright notice and this permission notice shall be included in all
14   * copies or substantial portions of the Software.
15   *
16   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22   * SOFTWARE.
23   */
24  package waffle.shiro.negotiate;
25  
26  import java.security.Principal;
27  
28  /**
29   * Derived from net.skorgenes.security.jsecurity.negotiate.NegotiateToken. see:
30   *
31   * https://bitbucket.org/lothor/shiro-negotiate
32   *
33   * /src/7b25efde130b9cbcacf579b3f926c532d919aa23/src/main/java/net/skorgenes/
34   *
35   * security/jsecurity/negotiate/NegotiateAuthenticationFilter.java?at=default
36   *
37   * @author Dan Rollo
38   */
39  import javax.security.auth.Subject;
40  
41  import org.apache.shiro.authc.AuthenticationInfo;
42  import org.apache.shiro.authc.HostAuthenticationToken;
43  import org.apache.shiro.authc.RememberMeAuthenticationToken;
44  
45  /**
46   * An authentication token wrapping a Waffle Negotiate token.
47   *
48   * @author Dan Rollo
49   *
50   * @since 1.0.0
51   */
52  public class NegotiateToken implements HostAuthenticationToken, RememberMeAuthenticationToken {
53  
54      /** The Constant serialVersionUID. */
55      private static final long serialVersionUID = 1345343228636916781L;
56  
57      /** The in. */
58      private final byte[] in;
59  
60      /** The out. */
61      private byte[] out;
62  
63      /** The subject. */
64      private Subject subject;
65  
66      /** The principal. */
67      private Principal principal;
68  
69      /** The connection id. */
70      private final String connectionId;
71  
72      /** The security package. */
73      private final String securityPackage;
74  
75      /** The ntlm post. */
76      private final boolean ntlmPost;
77  
78      /**
79       * Whether or not 'rememberMe' should be enabled for the corresponding login attempt; default is <code>false</code>.
80       */
81      private final boolean rememberMe;
82  
83      /**
84       * The location from where the login attempt occurs, or <code>null</code> if not known or explicitly omitted.
85       */
86      private final String host;
87  
88      /**
89       * Instantiates a new negotiate token.
90       *
91       * @param newIn
92       *            the new in
93       * @param newOut
94       *            the new out
95       * @param newConnectionId
96       *            the new connection id
97       * @param newSecurityPackage
98       *            the new security package
99       * @param newNtlmPost
100      *            the new ntlm post
101      * @param newRememberMe
102      *            the new remember me
103      * @param newHost
104      *            the new host
105      */
106     public NegotiateToken(final byte[] newIn, final byte[] newOut, final String newConnectionId,
107             final String newSecurityPackage, final boolean newNtlmPost, final boolean newRememberMe,
108             final String newHost) {
109         this.in = newIn;
110         this.out = newOut;
111         this.connectionId = newConnectionId;
112         this.securityPackage = newSecurityPackage;
113         this.ntlmPost = newNtlmPost;
114 
115         this.rememberMe = newRememberMe;
116         this.host = newHost;
117     }
118 
119     /**
120      * Gets the connection id.
121      *
122      * @return the connection id
123      */
124     public String getConnectionId() {
125         return this.connectionId;
126     }
127 
128     /**
129      * Gets the security package.
130      *
131      * @return the security package
132      */
133     public String getSecurityPackage() {
134         return this.securityPackage;
135     }
136 
137     /**
138      * Checks if is ntlm post.
139      *
140      * @return true, if is ntlm post
141      */
142     public boolean isNtlmPost() {
143         return this.ntlmPost;
144     }
145 
146     @Override
147     public Object getCredentials() {
148         return this.subject;
149     }
150 
151     @Override
152     public Principal getPrincipal() {
153         return this.principal;
154     }
155 
156     /**
157      * Gets the out.
158      *
159      * @return the out
160      */
161     byte[] getOut() {
162         return this.out;
163     }
164 
165     /**
166      * Sets the out.
167      *
168      * @param outToken
169      *            the new out
170      */
171     public void setOut(final byte[] outToken) {
172         this.out = outToken != null ? outToken.clone() : null;
173     }
174 
175     /**
176      * Sets the subject.
177      *
178      * @param value
179      *            the new subject
180      */
181     public void setSubject(final Subject value) {
182         this.subject = value;
183     }
184 
185     /**
186      * Gets the in.
187      *
188      * @return the in
189      */
190     public byte[] getIn() {
191         return this.in.clone();
192     }
193 
194     /**
195      * Gets the subject.
196      *
197      * @return the subject
198      */
199     public Subject getSubject() {
200         return this.subject;
201     }
202 
203     /**
204      * Creates the info.
205      *
206      * @return the authentication info
207      */
208     public AuthenticationInfo createInfo() {
209         return new NegotiateInfo(this.subject, "NegotiateWaffleRealm");
210     }
211 
212     /**
213      * Sets the principal.
214      *
215      * @param value
216      *            the new principal
217      */
218     public void setPrincipal(final Principal value) {
219         this.principal = value;
220     }
221 
222     /**
223      * Returns <code>true</code> if the submitting user wishes their identity (principal(s)) to be remembered across
224      * sessions, <code>false</code> otherwise. Unless overridden, this value is <code>false</code> by default.
225      *
226      * @return <code>true</code> if the submitting user wishes their identity (principal(s)) to be remembered across
227      *         sessions, <code>false</code> otherwise (<code>false</code> by default).
228      *
229      * @since 0.9
230      */
231     @Override
232     public boolean isRememberMe() {
233         return this.rememberMe;
234     }
235 
236     /**
237      * Returns the host name or IP string from where the authentication attempt occurs. May be <code>null</code> if the
238      * host name/IP is unknown or explicitly omitted. It is up to the Authenticator implementation processing this token
239      * if an authentication attempt without a host is valid or not.
240      * <p>
241      * (Shiro's default Authenticator allows <code>null</code> hosts to support localhost and proxy server
242      * environments).
243      * </p>
244      *
245      * @return the host from where the authentication attempt occurs, or <code>null</code> if it is unknown or
246      *         explicitly omitted.
247      *
248      * @since 1.0
249      */
250     @Override
251     public String getHost() {
252         return this.host;
253     }
254 
255 }