1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.eclipse.jetty.security.jaspi.modules;
20
21 import java.io.IOException;
22 import java.util.Map;
23
24 import javax.security.auth.Subject;
25 import javax.security.auth.callback.CallbackHandler;
26 import javax.security.auth.callback.UnsupportedCallbackException;
27 import javax.security.auth.message.AuthException;
28 import javax.security.auth.message.AuthStatus;
29 import javax.security.auth.message.MessageInfo;
30 import javax.security.auth.message.MessagePolicy;
31 import javax.servlet.http.HttpServletRequest;
32 import javax.servlet.http.HttpServletResponse;
33
34 import org.eclipse.jetty.http.HttpHeader;
35 import org.eclipse.jetty.util.log.Log;
36 import org.eclipse.jetty.util.log.Logger;
37 import org.eclipse.jetty.util.security.Constraint;
38
39 @Deprecated
40 public class BasicAuthModule extends BaseAuthModule
41 {
42 private static final Logger LOG = Log.getLogger(BasicAuthModule.class);
43
44
45 private String realmName;
46
47 private static final String REALM_KEY = "org.eclipse.jetty.security.jaspi.modules.RealmName";
48
49 public BasicAuthModule()
50 {
51 }
52
53 public BasicAuthModule(CallbackHandler callbackHandler, String realmName)
54 {
55 super(callbackHandler);
56 this.realmName = realmName;
57 }
58
59 @Override
60 public void initialize(MessagePolicy requestPolicy, MessagePolicy responsePolicy,
61 CallbackHandler handler, Map options)
62 throws AuthException
63 {
64 super.initialize(requestPolicy, responsePolicy, handler, options);
65 realmName = (String) options.get(REALM_KEY);
66 }
67
68 @Override
69 public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject,
70 Subject serviceSubject)
71 throws AuthException
72 {
73 HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
74 HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage();
75 String credentials = request.getHeader(HttpHeader.AUTHORIZATION.asString());
76
77 try
78 {
79 if (credentials != null)
80 {
81 if (LOG.isDebugEnabled()) LOG.debug("Credentials: " + credentials);
82 if (login(clientSubject, credentials, Constraint.__BASIC_AUTH, messageInfo)) { return AuthStatus.SUCCESS; }
83
84 }
85
86 if (!isMandatory(messageInfo)) { return AuthStatus.SUCCESS; }
87 response.setHeader(HttpHeader.WWW_AUTHENTICATE.asString(), "basic realm=\"" + realmName + '"');
88 response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
89 return AuthStatus.SEND_CONTINUE;
90 }
91 catch (IOException e)
92 {
93 throw new AuthException(e.getMessage());
94 }
95 catch (UnsupportedCallbackException e)
96 {
97 throw new AuthException(e.getMessage());
98 }
99
100 }
101 }