1
2
3
4
5
6
7
8
9
10
11
12
13
14 package org.eclipse.jetty.security.authentication;
15
16 import java.io.IOException;
17
18 import javax.servlet.ServletRequest;
19 import javax.servlet.ServletResponse;
20 import javax.servlet.http.HttpServletRequest;
21 import javax.servlet.http.HttpServletResponse;
22
23 import org.eclipse.jetty.http.HttpHeaders;
24 import org.eclipse.jetty.http.security.B64Code;
25 import org.eclipse.jetty.http.security.Constraint;
26 import org.eclipse.jetty.security.UserAuthentication;
27 import org.eclipse.jetty.security.ServerAuthException;
28 import org.eclipse.jetty.server.Authentication;
29 import org.eclipse.jetty.server.UserIdentity;
30 import org.eclipse.jetty.server.Authentication.User;
31 import org.eclipse.jetty.util.StringUtil;
32
33
34
35
36 public class BasicAuthenticator extends LoginAuthenticator
37 {
38
39
40
41
42 public BasicAuthenticator()
43 {
44 }
45
46
47
48
49
50 public String getAuthMethod()
51 {
52 return Constraint.__BASIC_AUTH;
53 }
54
55
56
57
58
59 public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory) throws ServerAuthException
60 {
61 HttpServletRequest request = (HttpServletRequest)req;
62 HttpServletResponse response = (HttpServletResponse)res;
63 String credentials = request.getHeader(HttpHeaders.AUTHORIZATION);
64
65 try
66 {
67 if (credentials != null)
68 {
69 credentials = credentials.substring(credentials.indexOf(' ')+1);
70 credentials = B64Code.decode(credentials,StringUtil.__ISO_8859_1);
71 int i = credentials.indexOf(':');
72 String username = credentials.substring(0,i);
73 String password = credentials.substring(i+1);
74
75 UserIdentity user = _loginService.login(username,password);
76 if (user!=null)
77 return new UserAuthentication(this,user);
78 }
79
80 if (mandatory)
81 {
82 response.setHeader(HttpHeaders.WWW_AUTHENTICATE, "basic realm=\"" + _loginService.getName() + '"');
83 response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
84 return Authentication.SEND_CONTINUE;
85 }
86 return credentials==null?Authentication.NOT_CHECKED:Authentication.UNAUTHENTICATED;
87 }
88 catch (IOException e)
89 {
90 throw new ServerAuthException(e);
91 }
92 }
93
94
95 public boolean secureResponse(ServletRequest req, ServletResponse res, boolean mandatory, User validatedUser) throws ServerAuthException
96 {
97 return true;
98 }
99
100 }