1
2
3
4
5
6
7
8
9
10
11
12
13
14 package org.eclipse.jetty.security.authentication;
15
16 import java.io.IOException;
17
18 import javax.servlet.ServletRequest;
19 import javax.servlet.ServletResponse;
20 import javax.servlet.http.HttpServletRequest;
21 import javax.servlet.http.HttpServletResponse;
22
23 import org.eclipse.jetty.http.HttpHeaders;
24 import org.eclipse.jetty.http.security.B64Code;
25 import org.eclipse.jetty.http.security.Constraint;
26 import org.eclipse.jetty.security.UserAuthentication;
27 import org.eclipse.jetty.security.ServerAuthException;
28 import org.eclipse.jetty.server.Authentication;
29 import org.eclipse.jetty.server.UserIdentity;
30 import org.eclipse.jetty.server.Authentication.User;
31 import org.eclipse.jetty.util.StringUtil;
32
33
34
35
36 public class BasicAuthenticator extends LoginAuthenticator
37 {
38
39
40
41
42 public BasicAuthenticator()
43 {
44 }
45
46
47
48
49
50 public String getAuthMethod()
51 {
52 return Constraint.__BASIC_AUTH;
53 }
54
55
56
57
58
59 public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory) throws ServerAuthException
60 {
61 HttpServletRequest request = (HttpServletRequest)req;
62 HttpServletResponse response = (HttpServletResponse)res;
63 String credentials = request.getHeader(HttpHeaders.AUTHORIZATION);
64
65 try
66 {
67 if (!mandatory)
68 return _deferred;
69
70 if (credentials != null)
71 {
72 credentials = credentials.substring(credentials.indexOf(' ')+1);
73 credentials = B64Code.decode(credentials,StringUtil.__ISO_8859_1);
74 int i = credentials.indexOf(':');
75 String username = credentials.substring(0,i);
76 String password = credentials.substring(i+1);
77
78 UserIdentity user = _loginService.login(username,password);
79 if (user!=null)
80 return new UserAuthentication(this,user);
81 }
82
83 if (_deferred.isDeferred(response))
84 return Authentication.UNAUTHENTICATED;
85
86 response.setHeader(HttpHeaders.WWW_AUTHENTICATE, "basic realm=\"" + _loginService.getName() + '"');
87 response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
88 return Authentication.SEND_CONTINUE;
89 }
90 catch (IOException e)
91 {
92 throw new ServerAuthException(e);
93 }
94 }
95
96 public boolean secureResponse(ServletRequest req, ServletResponse res, boolean mandatory, User validatedUser) throws ServerAuthException
97 {
98 return true;
99 }
100
101 }