This project has retired. For details please refer to its
Attic page.
HttpBasicAuthentication xref
1 package org.apache.archiva.redback.integration.filter.authentication.basic;
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22 import java.io.IOException;
23
24 import javax.servlet.http.HttpServletRequest;
25 import javax.servlet.http.HttpServletResponse;
26 import javax.servlet.http.HttpSession;
27
28 import org.apache.archiva.redback.authentication.AuthenticationException;
29 import org.apache.archiva.redback.policy.AccountLockedException;
30 import org.apache.archiva.redback.policy.MustChangePasswordException;
31 import org.apache.commons.codec.binary.Base64;
32 import org.apache.archiva.redback.authentication.AuthenticationResult;
33 import org.apache.archiva.redback.authentication.PasswordBasedAuthenticationDataSource;
34 import org.apache.archiva.redback.system.SecuritySession;
35 import org.apache.archiva.redback.integration.filter.authentication.HttpAuthenticator;
36 import org.apache.commons.lang.StringUtils;
37 import org.springframework.stereotype.Service;
38
39
40
41
42
43
44
45 @Service("httpAuthenticator#basic")
46 public class HttpBasicAuthentication
47 extends HttpAuthenticator
48 {
49
50 public String getId()
51 {
52 return HttpBasicAuthentication.class.getName();
53 }
54
55 public AuthenticationResult getAuthenticationResult( HttpServletRequest request, HttpServletResponse response )
56 throws AuthenticationException, AccountLockedException, MustChangePasswordException
57 {
58 HttpSession httpSession = request.getSession( true );
59 SecuritySession securitySession = getSecuritySession( httpSession );
60 if ( securitySession != null )
61 {
62 return securitySession.getAuthenticationResult();
63 }
64
65 PasswordBasedAuthenticationDataSource authDataSource;
66 String header = request.getHeader( "Authorization" );
67
68
69 if ( header == null )
70 {
71 header = request.getHeader( "authorization" );
72 }
73
74 if ( ( header != null ) && header.startsWith( "Basic " ) )
75 {
76 String base64Token = header.substring( 6 );
77 String token = new String( Base64.decodeBase64( base64Token.getBytes() ) );
78
79 String username = "";
80 String password = "";
81 int delim = token.indexOf( ':' );
82
83 if ( delim != ( -1 ) )
84 {
85 username = token.substring( 0, delim );
86 password = token.substring( delim + 1 );
87 }
88
89 authDataSource = new PasswordBasedAuthenticationDataSource( username, password );
90 return super.authenticate( authDataSource, httpSession );
91 }
92 else
93 {
94 return null;
95 }
96 }
97
98
99
100
101
102
103
104
105
106
107 public void challenge( HttpServletRequest request, HttpServletResponse response, String realmName,
108 AuthenticationException exception )
109 throws IOException
110 {
111 response.addHeader( "WWW-Authenticate", "Basic realm=\"" + realmName + "\"" );
112 String message = "You must provide a username and password to access this resource.";
113 if ( ( exception != null ) && StringUtils.isNotEmpty( exception.getMessage() ) )
114 {
115 message = exception.getMessage();
116 }
117 response.sendError( HttpServletResponse.SC_UNAUTHORIZED, message );
118 }
119 }