1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.eclipse.jetty.security.authentication;
20
21 import java.io.IOException;
22 import java.nio.charset.StandardCharsets;
23
24 import javax.servlet.ServletRequest;
25 import javax.servlet.ServletResponse;
26 import javax.servlet.http.HttpServletRequest;
27 import javax.servlet.http.HttpServletResponse;
28
29 import org.eclipse.jetty.http.HttpHeader;
30 import org.eclipse.jetty.security.ServerAuthException;
31 import org.eclipse.jetty.security.UserAuthentication;
32 import org.eclipse.jetty.server.Authentication;
33 import org.eclipse.jetty.server.Authentication.User;
34 import org.eclipse.jetty.server.UserIdentity;
35 import org.eclipse.jetty.util.B64Code;
36 import org.eclipse.jetty.util.security.Constraint;
37
38
39
40
41 public class BasicAuthenticator extends LoginAuthenticator
42 {
43
44 public BasicAuthenticator()
45 {
46 }
47
48
49
50
51
52 @Override
53 public String getAuthMethod()
54 {
55 return Constraint.__BASIC_AUTH;
56 }
57
58
59
60
61
62
63
64 @Override
65 public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory) throws ServerAuthException
66 {
67 HttpServletRequest request = (HttpServletRequest)req;
68 HttpServletResponse response = (HttpServletResponse)res;
69 String credentials = request.getHeader(HttpHeader.AUTHORIZATION.asString());
70
71 try
72 {
73 if (!mandatory)
74 return new DeferredAuthentication(this);
75
76 if (credentials != null)
77 {
78 int space=credentials.indexOf(' ');
79 if (space>0)
80 {
81 String method=credentials.substring(0,space);
82 if ("basic".equalsIgnoreCase(method))
83 {
84 credentials = credentials.substring(space+1);
85 credentials = B64Code.decode(credentials, StandardCharsets.ISO_8859_1);
86 int i = credentials.indexOf(':');
87 if (i>0)
88 {
89 String username = credentials.substring(0,i);
90 String password = credentials.substring(i+1);
91
92 UserIdentity user = login (username, password, request);
93 if (user!=null)
94 {
95 return new UserAuthentication(getAuthMethod(),user);
96 }
97 }
98 }
99 }
100 }
101
102 if (DeferredAuthentication.isDeferred(response))
103 return Authentication.UNAUTHENTICATED;
104
105 response.setHeader(HttpHeader.WWW_AUTHENTICATE.asString(), "basic realm=\"" + _loginService.getName() + '"');
106 response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
107 return Authentication.SEND_CONTINUE;
108 }
109 catch (IOException e)
110 {
111 throw new ServerAuthException(e);
112 }
113 }
114
115 @Override
116 public boolean secureResponse(ServletRequest req, ServletResponse res, boolean mandatory, User validatedUser) throws ServerAuthException
117 {
118 return true;
119 }
120
121 }