lib/jetty/org/eclipse/jetty/security/authentication/BasicAuthenticator.java

   1 //
   2 //  ========================================================================
   3 //  Copyright (c) 1995-2016 Mort Bay Consulting Pty. Ltd.
   4 //  ------------------------------------------------------------------------
   5 //  All rights reserved. This program and the accompanying materials
   6 //  are made available under the terms of the Eclipse Public License v1.0
   7 //  and Apache License v2.0 which accompanies this distribution.
   8 //
   9 //      The Eclipse Public License is available at
  10 //      http://www.eclipse.org/legal/epl-v10.html
  11 //
  12 //      The Apache License v2.0 is available at
  13 //      http://www.opensource.org/licenses/apache2.0.php
  14 //
  15 //  You may elect to redistribute this code under either of these licenses.
  16 //  ========================================================================
  17 //
  18
  19 package org.eclipse.jetty.security.authentication;
  20
  21 import java.io.IOException;
  22 import java.nio.charset.StandardCharsets;
  23
  24 import javax.servlet.ServletRequest;
  25 import javax.servlet.ServletResponse;
  26 import javax.servlet.http.HttpServletRequest;
  27 import javax.servlet.http.HttpServletResponse;
  28
  29 import org.eclipse.jetty.http.HttpHeader;
  30 import org.eclipse.jetty.security.ServerAuthException;
  31 import org.eclipse.jetty.security.UserAuthentication;
  32 import org.eclipse.jetty.server.Authentication;
  33 import org.eclipse.jetty.server.Authentication.User;
  34 import org.eclipse.jetty.server.UserIdentity;
  35 import org.eclipse.jetty.util.B64Code;
  36 import org.eclipse.jetty.util.security.Constraint;
  37
  38 /**
  39  * @version $Rev: 4793 $ $Date: 2009-03-19 00:00:01 +0100 (Thu, 19 Mar 2009) $
  40  */
  41 public class BasicAuthenticator extends LoginAuthenticator
  42 {
  43     /* ------------------------------------------------------------ */
  44     public BasicAuthenticator()
  45     {
  46     }
  47
  48     /* ------------------------------------------------------------ */
  49     /**
  50      * @see org.eclipse.jetty.security.Authenticator#getAuthMethod()
  51      */
  52     @Override
  53     public String getAuthMethod()
  54     {
  55         return Constraint.__BASIC_AUTH;
  56     }
  57
  58
  59
  60     /* ------------------------------------------------------------ */
  61     /**
  62      * @see org.eclipse.jetty.security.Authenticator#validateRequest(javax.servlet.ServletRequest, javax.servlet.ServletResponse, boolean)
  63      */
  64     @Override
  65     public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory) throws ServerAuthException
  66     {
  67         HttpServletRequest request = (HttpServletRequest)req;
  68         HttpServletResponse response = (HttpServletResponse)res;
  69         String credentials = request.getHeader(HttpHeader.AUTHORIZATION.asString());
  70
  71         try
  72         {
  73             if (!mandatory)
  74                 return new DeferredAuthentication(this);
  75
  76             if (credentials != null)
  77             {
  78                 int space=credentials.indexOf(' ');
  79                 if (space>0)
  80                 {
  81                     String method=credentials.substring(0,space);
  82                     if ("basic".equalsIgnoreCase(method))
  83                     {
  84                         credentials = credentials.substring(space+1);
  85                         credentials = B64Code.decode(credentials, StandardCharsets.ISO_8859_1);
  86                         int i = credentials.indexOf(':');
  87                         if (i>0)
  88                         {
  89                             String username = credentials.substring(0,i);
  90                             String password = credentials.substring(i+1);
  91
  92                             UserIdentity user = login (username, password, request);
  93                             if (user!=null)
  94                             {
  95                                 return new UserAuthentication(getAuthMethod(),user);
  96                             }
  97                         }
  98                     }
  99                 }
 100             }
 101
 102             if (DeferredAuthentication.isDeferred(response))
 103                 return Authentication.UNAUTHENTICATED;
 104
 105             response.setHeader(HttpHeader.WWW_AUTHENTICATE.asString(), "basic realm=\"" + _loginService.getName() + '"');
 106             response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
 107             return Authentication.SEND_CONTINUE;
 108         }
 109         catch (IOException e)
 110         {
 111             throw new ServerAuthException(e);
 112         }
 113     }
 114
 115     @Override
 116     public boolean secureResponse(ServletRequest req, ServletResponse res, boolean mandatory, User validatedUser) throws ServerAuthException
 117     {
 118         return true;
 119     }
 120
 121 }