BasicAuthenticator xref

View Javadoc

1   // ========================================================================
2   // Copyright (c) 2008-2009 Mort Bay Consulting Pty. Ltd.
3   // ------------------------------------------------------------------------
4   // All rights reserved. This program and the accompanying materials
5   // are made available under the terms of the Eclipse Public License v1.0
6   // and Apache License v2.0 which accompanies this distribution.
7   // The Eclipse Public License is available at 
8   // http://www.eclipse.org/legal/epl-v10.html
9   // The Apache License v2.0 is available at
10  // http://www.opensource.org/licenses/apache2.0.php
11  // You may elect to redistribute this code under either of these licenses. 
12  // ========================================================================
13  
14  package org.eclipse.jetty.security.authentication;
15  
16  import java.io.IOException;
17  
18  import javax.servlet.ServletRequest;
19  import javax.servlet.ServletResponse;
20  import javax.servlet.http.HttpServletRequest;
21  import javax.servlet.http.HttpServletResponse;
22  
23  import org.eclipse.jetty.http.HttpHeaders;
24  import org.eclipse.jetty.http.security.B64Code;
25  import org.eclipse.jetty.http.security.Constraint;
26  import org.eclipse.jetty.security.UserAuthentication;
27  import org.eclipse.jetty.security.ServerAuthException;
28  import org.eclipse.jetty.server.Authentication;
29  import org.eclipse.jetty.server.UserIdentity;
30  import org.eclipse.jetty.server.Authentication.User;
31  import org.eclipse.jetty.util.StringUtil;
32  
33  /**
34   * @version $Rev: 4793 $ $Date: 2009-03-19 00:00:01 +0100 (Thu, 19 Mar 2009) $
35   */
36  public class BasicAuthenticator extends LoginAuthenticator 
37  {   
38      /* ------------------------------------------------------------ */
39      /**
40       * @param loginService
41       */
42      public BasicAuthenticator()
43      {
44      }
45      
46      /* ------------------------------------------------------------ */
47      /**
48       * @see org.eclipse.jetty.security.Authenticator#getAuthMethod()
49       */
50      public String getAuthMethod()
51      {
52          return Constraint.__BASIC_AUTH;
53      }
54  
55      /* ------------------------------------------------------------ */
56      /**
57       * @see org.eclipse.jetty.security.Authenticator#validateRequest(javax.servlet.ServletRequest, javax.servlet.ServletResponse, boolean)
58       */
59      public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory) throws ServerAuthException
60      {
61          HttpServletRequest request = (HttpServletRequest)req;
62          HttpServletResponse response = (HttpServletResponse)res;
63          String credentials = request.getHeader(HttpHeaders.AUTHORIZATION);
64  
65          try
66          {
67              if (!mandatory)
68                  return _deferred;
69                  
70              if (credentials != null)
71              {                  
72                  credentials = credentials.substring(credentials.indexOf(' ')+1);
73                  credentials = B64Code.decode(credentials,StringUtil.__ISO_8859_1);
74                  int i = credentials.indexOf(':');
75                  String username = credentials.substring(0,i);
76                  String password = credentials.substring(i+1);
77                  
78                  UserIdentity user = _loginService.login(username,password);
79                  if (user!=null)
80                      return new UserAuthentication(this,user);
81              }
82  
83              if (_deferred.isDeferred(response))
84                  return Authentication.UNAUTHENTICATED;
85              
86              response.setHeader(HttpHeaders.WWW_AUTHENTICATE, "basic realm=\"" + _loginService.getName() + '"');
87              response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
88              return Authentication.SEND_CONTINUE;
89          }
90          catch (IOException e)
91          {
92              throw new ServerAuthException(e);
93          }
94      }
95  
96      public boolean secureResponse(ServletRequest req, ServletResponse res, boolean mandatory, User validatedUser) throws ServerAuthException
97      {
98          return true;
99      }
100 
101 }