Package org.tamacat.httpd.auth

Source Code of org.tamacat.httpd.auth.BasicAuthProcessor

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
/*
* Copyright (c) 2009, TamaCat.org
* All rights reserved.
*/
package org.tamacat.httpd.auth;

import java.util.Date;

import org.apache.commons.codec.binary.Base64;

import org.apache.http.Header;
import org.apache.http.HttpRequest;
import org.apache.http.HttpResponse;
import org.apache.http.HttpStatus;
import org.apache.http.protocol.HttpContext;
import org.tamacat.httpd.exception.UnauthorizedException;
import org.tamacat.util.StringUtils;

/**
* Implements of Basic authentication.
*/
public class BasicAuthProcessor extends AbstractAuthProcessor {

  static final String AUTHORIZATION = "Authorization";
  static final String WWW_AUTHENTICATE = "WWW-Authenticate";

  /** default realm. */
  protected String realm = "Authentication required";
 
  @Override
  public void doFilter(HttpRequest request, HttpResponse response,
      HttpContext context) {
    try {
      String remoteUser = checkUser(request, context);
      context.setAttribute(remoteUserKey, remoteUser);
    } catch (UnauthorizedException e) {
      response.setStatusCode(HttpStatus.SC_UNAUTHORIZED);
      setWWWAuthenticateHeader(response);
      throw e;
    }
  }

  /**
   * Set the "WWW-Authenticate" response header of Basic authenticate realm.
   * @param response
   */
  protected void setWWWAuthenticateHeader(HttpResponse response) {
    response.addHeader(WWW_AUTHENTICATE, "Basic realm=\"" + realm + "\"");
  }

  /**
   * Realm is changed.
   * Default realm is "Authentication required".
   * @param realm
   */
  public void setRealm(String realm) {
    this.realm = DynamicRealm.getRealm(realm, new Date());
  }
 
  /**
   * When the user authentication check and correct,
   * the username(login id) is returned.
   * @param request
   * @param context
   * @return username (login id)
   * @throws UnauthorizedException
   */
  protected String checkUser(HttpRequest request, HttpContext context)
      throws UnauthorizedException {
    Header basicAuthLine = request.getFirstHeader(AUTHORIZATION);
    if (basicAuthLine != null && StringUtils.isNotEmpty(basicAuthLine.getValue())) {
      String idpassBase64 = basicAuthLine.getValue().replaceFirst("Basic ", "");
      String idpass = new String(new Base64().decode(idpassBase64.getBytes()));
      int pos = idpass.indexOf(':');
      if (pos >= 0) {
        String user = idpass.substring(0, pos);
        String password = idpass.substring(pos + 1, idpass.length());
        if (authComponent != null
            && authComponent.check(user, password, context)) {
          return user;
        }
      }
    }
    throw new UnauthorizedException();
  }
}
TOP

Related Classes of org.tamacat.httpd.auth.BasicAuthProcessor

  • org.apache.commons.codec.binary.Base64
  • org.apache.http.Header
  • java.util.Date
  • org.tamacat.httpd.exception.UnauthorizedException
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.