View Javadoc

1   //
2   //  ========================================================================
3   //  Copyright (c) 1995-2016 Mort Bay Consulting Pty. Ltd.
4   //  ------------------------------------------------------------------------
5   //  All rights reserved. This program and the accompanying materials
6   //  are made available under the terms of the Eclipse Public License v1.0
7   //  and Apache License v2.0 which accompanies this distribution.
8   //
9   //      The Eclipse Public License is available at
10  //      http://www.eclipse.org/legal/epl-v10.html
11  //
12  //      The Apache License v2.0 is available at
13  //      http://www.opensource.org/licenses/apache2.0.php
14  //
15  //  You may elect to redistribute this code under either of these licenses.
16  //  ========================================================================
17  //
18  
19  package org.eclipse.jetty.security.authentication;
20  
21  import java.io.IOException;
22  import java.nio.charset.StandardCharsets;
23  
24  import javax.servlet.ServletRequest;
25  import javax.servlet.ServletResponse;
26  import javax.servlet.http.HttpServletRequest;
27  import javax.servlet.http.HttpServletResponse;
28  
29  import org.eclipse.jetty.http.HttpHeader;
30  import org.eclipse.jetty.security.ServerAuthException;
31  import org.eclipse.jetty.security.UserAuthentication;
32  import org.eclipse.jetty.server.Authentication;
33  import org.eclipse.jetty.server.Authentication.User;
34  import org.eclipse.jetty.server.UserIdentity;
35  import org.eclipse.jetty.util.B64Code;
36  import org.eclipse.jetty.util.security.Constraint;
37  
38  /**
39   * @version $Rev: 4793 $ $Date: 2009-03-19 00:00:01 +0100 (Thu, 19 Mar 2009) $
40   */
41  public class BasicAuthenticator extends LoginAuthenticator
42  {
43      /* ------------------------------------------------------------ */
44      public BasicAuthenticator()
45      {
46      }
47  
48      /* ------------------------------------------------------------ */
49      /**
50       * @see org.eclipse.jetty.security.Authenticator#getAuthMethod()
51       */
52      @Override
53      public String getAuthMethod()
54      {
55          return Constraint.__BASIC_AUTH;
56      }
57  
58   
59  
60      /* ------------------------------------------------------------ */
61      /**
62       * @see org.eclipse.jetty.security.Authenticator#validateRequest(javax.servlet.ServletRequest, javax.servlet.ServletResponse, boolean)
63       */
64      @Override
65      public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory) throws ServerAuthException
66      {
67          HttpServletRequest request = (HttpServletRequest)req;
68          HttpServletResponse response = (HttpServletResponse)res;
69          String credentials = request.getHeader(HttpHeader.AUTHORIZATION.asString());
70  
71          try
72          {
73              if (!mandatory)
74                  return new DeferredAuthentication(this);
75  
76              if (credentials != null)
77              {
78                  int space=credentials.indexOf(' ');
79                  if (space>0)
80                  {
81                      String method=credentials.substring(0,space);
82                      if ("basic".equalsIgnoreCase(method))
83                      {
84                          credentials = credentials.substring(space+1);
85                          credentials = B64Code.decode(credentials, StandardCharsets.ISO_8859_1);
86                          int i = credentials.indexOf(':');
87                          if (i>0)
88                          {
89                              String username = credentials.substring(0,i);
90                              String password = credentials.substring(i+1);
91  
92                              UserIdentity user = login (username, password, request);
93                              if (user!=null)
94                              {
95                                  return new UserAuthentication(getAuthMethod(),user);
96                              }
97                          }
98                      }
99                  }
100             }
101 
102             if (DeferredAuthentication.isDeferred(response))
103                 return Authentication.UNAUTHENTICATED;
104 
105             response.setHeader(HttpHeader.WWW_AUTHENTICATE.asString(), "basic realm=\"" + _loginService.getName() + '"');
106             response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
107             return Authentication.SEND_CONTINUE;
108         }
109         catch (IOException e)
110         {
111             throw new ServerAuthException(e);
112         }
113     }
114 
115     @Override
116     public boolean secureResponse(ServletRequest req, ServletResponse res, boolean mandatory, User validatedUser) throws ServerAuthException
117     {
118         return true;
119     }
120 
121 }