2 // ========================================================================
3 // Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd.
4 // ------------------------------------------------------------------------
5 // All rights reserved. This program and the accompanying materials
6 // are made available under the terms of the Eclipse Public License v1.0
7 // and Apache License v2.0 which accompanies this distribution.
9 // The Eclipse Public License is available at
10 // http://www.eclipse.org/legal/epl-v10.html
12 // The Apache License v2.0 is available at
13 // http://www.opensource.org/licenses/apache2.0.php
15 // You may elect to redistribute this code under either of these licenses.
16 // ========================================================================
19 package org.eclipse.jetty.security.authentication;
21 import java.io.IOException;
22 import java.nio.charset.StandardCharsets;
24 import javax.servlet.ServletRequest;
25 import javax.servlet.ServletResponse;
26 import javax.servlet.http.HttpServletRequest;
27 import javax.servlet.http.HttpServletResponse;
29 import org.eclipse.jetty.http.HttpHeader;
30 import org.eclipse.jetty.security.ServerAuthException;
31 import org.eclipse.jetty.security.UserAuthentication;
32 import org.eclipse.jetty.server.Authentication;
33 import org.eclipse.jetty.server.Authentication.User;
34 import org.eclipse.jetty.server.UserIdentity;
35 import org.eclipse.jetty.util.B64Code;
36 import org.eclipse.jetty.util.security.Constraint;
39 * @version $Rev: 4793 $ $Date: 2009-03-19 00:00:01 +0100 (Thu, 19 Mar 2009) $
41 public class BasicAuthenticator extends LoginAuthenticator
43 /* ------------------------------------------------------------ */
44 public BasicAuthenticator()
48 /* ------------------------------------------------------------ */
50 * @see org.eclipse.jetty.security.Authenticator#getAuthMethod()
53 public String getAuthMethod()
55 return Constraint.__BASIC_AUTH;
60 /* ------------------------------------------------------------ */
62 * @see org.eclipse.jetty.security.Authenticator#validateRequest(javax.servlet.ServletRequest, javax.servlet.ServletResponse, boolean)
65 public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory) throws ServerAuthException
67 HttpServletRequest request = (HttpServletRequest)req;
68 HttpServletResponse response = (HttpServletResponse)res;
69 String credentials = request.getHeader(HttpHeader.AUTHORIZATION.asString());
74 return new DeferredAuthentication(this);
76 if (credentials != null)
78 int space=credentials.indexOf(' ');
81 String method=credentials.substring(0,space);
82 if ("basic".equalsIgnoreCase(method))
84 credentials = credentials.substring(space+1);
85 credentials = B64Code.decode(credentials, StandardCharsets.ISO_8859_1);
86 int i = credentials.indexOf(':');
89 String username = credentials.substring(0,i);
90 String password = credentials.substring(i+1);
92 UserIdentity user = login (username, password, request);
95 return new UserAuthentication(getAuthMethod(),user);
102 if (DeferredAuthentication.isDeferred(response))
103 return Authentication.UNAUTHENTICATED;
105 response.setHeader(HttpHeader.WWW_AUTHENTICATE.asString(), "basic realm=\"" + _loginService.getName() + '"');
106 response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
107 return Authentication.SEND_CONTINUE;
109 catch (IOException e)
111 throw new ServerAuthException(e);
116 public boolean secureResponse(ServletRequest req, ServletResponse res, boolean mandatory, User validatedUser) throws ServerAuthException