View Javadoc

1   // ========================================================================
2   // Copyright (c) 2008-2009 Mort Bay Consulting Pty. Ltd.
3   // ------------------------------------------------------------------------
4   // All rights reserved. This program and the accompanying materials
5   // are made available under the terms of the Eclipse Public License v1.0
6   // and Apache License v2.0 which accompanies this distribution.
7   // The Eclipse Public License is available at 
8   // http://www.eclipse.org/legal/epl-v10.html
9   // The Apache License v2.0 is available at
10  // http://www.opensource.org/licenses/apache2.0.php
11  // You may elect to redistribute this code under either of these licenses. 
12  // ========================================================================
13  
14  package org.eclipse.jetty.security.jaspi.modules;
15  
16  import java.io.IOException;
17  import java.util.Map;
18  
19  import javax.security.auth.Subject;
20  import javax.security.auth.callback.CallbackHandler;
21  import javax.security.auth.callback.UnsupportedCallbackException;
22  import javax.security.auth.message.AuthException;
23  import javax.security.auth.message.AuthStatus;
24  import javax.security.auth.message.MessageInfo;
25  import javax.security.auth.message.MessagePolicy;
26  import javax.servlet.http.HttpServletRequest;
27  import javax.servlet.http.HttpServletResponse;
28  
29  import org.eclipse.jetty.http.HttpHeaders;
30  import org.eclipse.jetty.http.security.Constraint;
31  import org.eclipse.jetty.util.log.Log;
32  import org.eclipse.jetty.util.log.Logger;
33  
34  /**
35   * @deprecated use *ServerAuthentication
36   * @version $Rev: 4660 $ $Date: 2009-02-25 17:29:53 +0100 (Wed, 25 Feb 2009) $
37   */
38  public class BasicAuthModule extends BaseAuthModule
39  {
40      private static final Logger LOG = Log.getLogger(BasicAuthModule.class);
41  
42  
43      private String realmName;
44  
45      private static final String REALM_KEY = "org.eclipse.jetty.security.jaspi.modules.RealmName";
46  
47      public BasicAuthModule()
48      {
49      }
50  
51      public BasicAuthModule(CallbackHandler callbackHandler, String realmName)
52      {
53          super(callbackHandler);
54          this.realmName = realmName;
55      }
56  
57      @Override
58      public void initialize(MessagePolicy requestPolicy, MessagePolicy responsePolicy, 
59                             CallbackHandler handler, Map options) 
60      throws AuthException
61      {
62          super.initialize(requestPolicy, responsePolicy, handler, options);
63          realmName = (String) options.get(REALM_KEY);
64      }
65  
66      @Override
67      public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, 
68                                        Subject serviceSubject) 
69      throws AuthException
70      {
71          HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
72          HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage();
73          String credentials = request.getHeader(HttpHeaders.AUTHORIZATION);
74  
75          try
76          {
77              if (credentials != null)
78              {
79                  if (LOG.isDebugEnabled()) LOG.debug("Credentials: " + credentials);
80                  if (login(clientSubject, credentials, Constraint.__BASIC_AUTH, messageInfo)) { return AuthStatus.SUCCESS; }
81  
82              }
83  
84              if (!isMandatory(messageInfo)) { return AuthStatus.SUCCESS; }
85              response.setHeader(HttpHeaders.WWW_AUTHENTICATE, "basic realm=\"" + realmName + '"');
86              response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
87              return AuthStatus.SEND_CONTINUE;
88          }
89          catch (IOException e)
90          {
91              throw new AuthException(e.getMessage());
92          }
93          catch (UnsupportedCallbackException e)
94          {
95              throw new AuthException(e.getMessage());
96          }
97  
98      }
99  }