This project has retired. For details please refer to its Attic page.
HttpBasicAuthentication xref
View Javadoc

1   package org.apache.archiva.redback.integration.filter.authentication.basic;
2   
3   /*
4    * Licensed to the Apache Software Foundation (ASF) under one
5    * or more contributor license agreements.  See the NOTICE file
6    * distributed with this work for additional information
7    * regarding copyright ownership.  The ASF licenses this file
8    * to you under the Apache License, Version 2.0 (the
9    * "License"); you may not use this file except in compliance
10   * with the License.  You may obtain a copy of the License at
11   *
12   * http://www.apache.org/licenses/LICENSE-2.0
13   *
14   * Unless required by applicable law or agreed to in writing,
15   * software distributed under the License is distributed on an
16   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17   * KIND, either express or implied.  See the License for the
18   * specific language governing permissions and limitations
19   * under the License.
20   */
21  
22  import java.io.IOException;
23  
24  import javax.servlet.http.HttpServletRequest;
25  import javax.servlet.http.HttpServletResponse;
26  import javax.servlet.http.HttpSession;
27  
28  import org.apache.archiva.redback.authentication.AuthenticationException;
29  import org.apache.archiva.redback.policy.AccountLockedException;
30  import org.apache.archiva.redback.policy.MustChangePasswordException;
31  import org.apache.commons.codec.binary.Base64;
32  import org.apache.archiva.redback.authentication.AuthenticationResult;
33  import org.apache.archiva.redback.authentication.PasswordBasedAuthenticationDataSource;
34  import org.apache.archiva.redback.system.SecuritySession;
35  import org.apache.archiva.redback.integration.filter.authentication.HttpAuthenticator;
36  import org.apache.commons.lang.StringUtils;
37  import org.springframework.stereotype.Service;
38  
39  /**
40   * HttpBasicAuthentication
41   *
42   * @author <a href="mailto:joakim@erdfelt.com">Joakim Erdfelt</a>
43   *
44   */
45  @Service("httpAuthenticator#basic")
46  public class HttpBasicAuthentication
47      extends HttpAuthenticator
48  {
49  
50      public String getId()
51      {
52          return HttpBasicAuthentication.class.getName();
53      }
54  
55      public AuthenticationResult getAuthenticationResult( HttpServletRequest request, HttpServletResponse response )
56          throws AuthenticationException, AccountLockedException, MustChangePasswordException
57      {
58          HttpSession httpSession = request.getSession( true );
59          SecuritySession securitySession = getSecuritySession( httpSession );
60          if ( securitySession != null )
61          {
62              return securitySession.getAuthenticationResult();
63          }
64  
65          PasswordBasedAuthenticationDataSource authDataSource;
66          String header = request.getHeader( "Authorization" );
67  
68          // in tomcat this is : authorization=Basic YWRtaW46TWFuYWdlMDc=
69          if ( header == null )
70          {
71              header = request.getHeader( "authorization" );
72          }
73  
74          if ( ( header != null ) && header.startsWith( "Basic " ) )
75          {
76              String base64Token = header.substring( 6 );
77              String token = new String( Base64.decodeBase64( base64Token.getBytes() ) );
78  
79              String username = "";
80              String password = "";
81              int delim = token.indexOf( ':' );
82  
83              if ( delim != ( -1 ) )
84              {
85                  username = token.substring( 0, delim );
86                  password = token.substring( delim + 1 );
87              }
88  
89              authDataSource = new PasswordBasedAuthenticationDataSource( username, password );
90              return super.authenticate( authDataSource, httpSession );
91          }
92          else
93          {
94              return null;
95          }
96      }
97  
98      /**
99       * Return a HTTP 403 - Access Denied response.
100      *
101      * @param request   the request to use.
102      * @param response  the response to use.
103      * @param realmName the realm name to state.
104      * @param exception the exception to base the message off of.
105      * @throws IOException if there was a problem with the {@link HttpServletResponse#sendError(int,String)} call.
106      */
107     public void challenge( HttpServletRequest request, HttpServletResponse response, String realmName,
108                            AuthenticationException exception )
109         throws IOException
110     {
111         response.addHeader( "WWW-Authenticate", "Basic realm=\"" + realmName + "\"" );
112         String message = "You must provide a username and password to access this resource.";
113         if ( ( exception != null ) && StringUtils.isNotEmpty( exception.getMessage() ) )
114         {
115             message = exception.getMessage();
116         }
117         response.sendError( HttpServletResponse.SC_UNAUTHORIZED, message );
118     }
119 }