Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Add Trust class to allow external authentication

In order to enable Kerberos within domain, we introduce a new
Trust mechanism that allows to retrieve a username, which is
then checked against our Secure.Security implementation.
This latter class is extended with a new method trustAuthentication
that does password-less authentication.
  • Loading branch information...
commit cb307132ce2947597f2d36f7790d307b30cda2e9 1 parent 7acc43a
Matthieu Verbert authored

Showing 1 changed file with 67 additions and 23 deletions. Show diff stats Hide diff stats

  1. 90  modules/secure/app/controllers/Secure.java
90  modules/secure/app/controllers/Secure.java
@@ -22,7 +22,9 @@ static void checkAccess() throws Throwable {
22 22
 	        		flash.put("url", getRedirectUrl()); // seems a good default
23 23
 	        		flash.keep();
24 24
 	        	}
25  
-	            login();
  25
+	        	boolean allowed = doTrust();
  26
+	        	if (! allowed)
  27
+        			login();
26 28
         	} else {
27 29
         		flash.keep();
28 30
         	}
@@ -38,6 +40,17 @@ static void checkAccess() throws Throwable {
38 40
         }
39 41
     }
40 42
 
  43
+	private static boolean doTrust() throws Throwable {
  44
+		boolean allowed = false;
  45
+		if ((Boolean) Trust.invoke("trustPhaseDone")) {
  46
+			String username = (String) Trust.invoke("trustedUser");
  47
+			if (username != null) {
  48
+				allowed = (Boolean) Security.invoke("trustAuthentication", username);
  49
+			}
  50
+		}
  51
+		return allowed;
  52
+	}
  53
+
41 54
 	private static String getRedirectUrl() {
42 55
 		return "GET".equals(request.method) ? request.url : "/";
43 56
 	}
@@ -63,8 +76,12 @@ public static void login() throws Throwable {
63 76
                 redirectToOriginalURL();
64 77
             }
65 78
         }
66  
-        if((Boolean)Security.invoke("isConnected")) {
67  
-                redirectToOriginalURL();
  79
+        
  80
+        if(!(Boolean)Security.invoke("isConnected")) {
  81
+        	if (doTrust())
  82
+        		redirectToOriginalURL();
  83
+        } else {
  84
+        	redirectToOriginalURL();
68 85
         }
69 86
         
70 87
         flash.keep("url");
@@ -74,22 +91,17 @@ public static void login() throws Throwable {
74 91
     public static void authenticate(@Required String username, String password, boolean remember) throws Throwable {
75 92
         // Check tokens
76 93
         Boolean allowed = false;
77  
-        try {
78  
-            // This is the deprecated method name
79  
-            allowed = (Boolean)Security.invoke("authentify", username, password);
80  
-        } catch (UnsupportedOperationException e ) {
81  
-            // This is the official method name
82  
-            allowed = (Boolean)Security.invoke("authenticate", username, password);
83  
-        }
  94
+        
  95
+        // This is the official method name
  96
+        allowed = (Boolean)Security.invoke("authenticate", username, password);
  97
+        
84 98
         if(validation.hasErrors() || !allowed) {
85 99
             flash.keep("url");
86 100
             flash.error("secure.error");
87 101
             params.flash();
88 102
             login();
89 103
         }
90  
-        // Mark user as connected if not previously done by authenticate
91  
-	if (session.get("username") == null)
92  
-	        session.put("username", username);
  104
+	        
93 105
         // Remember if needed
94 106
         if(remember) {
95 107
             response.setCookie("rememberme", Crypto.sign(username) + "-" + username, "30d");
@@ -104,6 +116,7 @@ public static void logout() throws Throwable {
104 116
         session.clear();
105 117
         response.removeCookie("rememberme");
106 118
         Security.invoke("onDisconnected");
  119
+        Trust.invoke("onDisconnected");
107 120
         flash.success("secure.logout");
108 121
         login();
109 122
     }
@@ -119,18 +132,36 @@ static void redirectToOriginalURL() throws Throwable {
119 132
         redirect(url);
120 133
     }
121 134
 
122  
-    public static class Security extends Controller {
  135
+    public static class Trust extends Controller {
123 136
 
124  
-        /**
125  
-         * @Deprecated
126  
-         * 
127  
-         * @param username
128  
-         * @param password
129  
-         * @return
130  
-         */
131  
-        static boolean authentify(String username, String password) {
132  
-            throw new UnsupportedOperationException();
  137
+    	static boolean trustPhaseDone() {
  138
+    		return true;
  139
+    	}
  140
+
  141
+    	static String trustedUser() {
  142
+    		return null;
  143
+    	}
  144
+
  145
+    	static void onDisconnected() {
  146
+    	}
  147
+    	
  148
+    	private static Object invoke(String m, Object... args) throws Throwable {
  149
+            Class trust = null;
  150
+            List<Class> classes = Play.classloader.getAssignableClasses(Trust.class);
  151
+            if(classes.size() == 0) {
  152
+                trust = Trust.class;
  153
+            } else {
  154
+                trust = classes.get(0);
  155
+            }
  156
+            try {
  157
+                return Java.invokeStaticOrParent(trust, m, args);
  158
+            } catch(InvocationTargetException e) {
  159
+                throw e.getTargetException();
  160
+            }
133 161
         }
  162
+    }
  163
+    
  164
+    public static class Security extends Controller {
134 165
 
135 166
         /**
136 167
          * This method is called during the authentication process. This is where you check if
@@ -142,9 +173,22 @@ static boolean authentify(String username, String password) {
142 173
          * @return true if the authentication process succeeded
143 174
          */
144 175
         static boolean authenticate(String username, String password) {
  176
+        	session.put("username", username);
145 177
             return true;
146 178
         }
147 179
 
  180
+
  181
+        /**
  182
+         * This method is called during the authentication process if we use Trust.
  183
+         *
  184
+         * @param username
  185
+         * @param password
  186
+         * @return true if the authentication process succeeded
  187
+         */
  188
+        static boolean trustAuthentication(String username) {
  189
+            return authenticate(username, null);
  190
+        }
  191
+        
148 192
         /**
149 193
          * This method checks that a profile is allowed to view this page/method. This method is called prior
150 194
          * to the method's controller annotated with the @Check method. 

0 notes on commit cb30713

Please sign in to comment.
Something went wrong with that request. Please try again.