KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > com > caucho > server > security > BasicLogin


1 /*
2  * Copyright (c) 1998-2006 Caucho Technology -- all rights reserved
3  *
4  * This file is part of Resin(R) Open Source
5  *
6  * Each copy or derived work must preserve the copyright notice and this
7  * notice unmodified.
8  *
9  * Resin Open Source is free software; you can redistribute it and/or modify
10  * it under the terms of the GNU General Public License as published by
11  * the Free Software Foundation; either version 2 of the License, or
12  * (at your option) any later version.
13  *
14  * Resin Open Source is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE, or any warranty
17  * of NON-INFRINGEMENT. See the GNU General Public License for more
18  * details.
19  *
20  * You should have received a copy of the GNU General Public License
21  * along with Resin Open Source; if not, write to the
22  * Free SoftwareFoundation, Inc.
23  * 59 Temple Place, Suite 330
24  * Boston, MA 02111-1307 USA
25  *
26  * @author Scott Ferguson
27  */
28
29 package com.caucho.server.security;
30
31 import com.caucho.util.Base64;
32
33 import javax.servlet.ServletContext JavaDoc;
34 import javax.servlet.ServletException JavaDoc;
35 import javax.servlet.http.HttpServletRequest JavaDoc;
36 import javax.servlet.http.HttpServletResponse JavaDoc;
37 import java.io.IOException JavaDoc;
38 import java.security.Principal JavaDoc;
39 import java.util.logging.Level JavaDoc;
40
41 /**
42  * Implements the "basic" auth-method. Basic uses the
43  * HTTP authentication with WWW-Authenticate and SC_UNAUTHORIZE.
44  */
45 public class BasicLogin extends AbstractLogin {
46   protected String JavaDoc _realm;
47   
48   /**
49    * Sets the login realm.
50    */
51   public void setRealmName(String JavaDoc realm)
52   {
53     _realm = realm;
54   }
55
56   /**
57    * Gets the realm.
58    */
59   public String JavaDoc getRealmName()
60   {
61     return _realm;
62   }
63
64   /**
65    * Returns the authentication type.
66    */
67   public String JavaDoc getAuthType()
68   {
69     return "Basic";
70   }
71   
72   /**
73    * Logs a user in with a user name and a password. Basic authentication
74    * extracts the user and password from the authorization header. If
75    * the user/password is missing, authenticate will send a basic challenge.
76    *
77    * @param request servlet request
78    * @param response servlet response, in case any cookie need sending.
79    * @param application servlet application
80    *
81    * @return the logged in principal on success, null on failure.
82    */
83   public Principal JavaDoc authenticate(HttpServletRequest JavaDoc request,
84                                 HttpServletResponse JavaDoc response,
85                                 ServletContext JavaDoc application)
86     throws ServletException JavaDoc, IOException JavaDoc
87   {
88     Principal JavaDoc user;
89
90     ServletAuthenticator auth = getAuthenticator();
91     
92     // If the user is already logged-in, return the user
93 user = auth.getUserPrincipal(request, response, application);
94     if (user != null)
95       return user;
96     
97     user = getBasicPrincipal(request, response, application);
98
99     if (user != null)
100       return user;
101
102     sendBasicChallenge(response);
103     
104     return null;
105   }
106   
107   /**
108    * Returns the current user with the user name and password.
109    *
110    * @param request servlet request
111    * @param response servlet response, in case any cookie need sending.
112    * @param application servlet application
113    *
114    * @return the logged in principal on success, null on failure.
115    */
116   public Principal JavaDoc getUserPrincipal(HttpServletRequest JavaDoc request,
117                                     HttpServletResponse JavaDoc response,
118                                     ServletContext JavaDoc application)
119     throws ServletException JavaDoc
120   {
121     ServletAuthenticator auth = getAuthenticator();
122     
123     Principal JavaDoc user = auth.getUserPrincipal(request, response, application);
124
125     if (user != null)
126       return user;
127     
128     return getBasicPrincipal(request, response, application);
129   }
130
131   /**
132    * Sends a challenge for basic authentication.
133    */
134   protected void sendBasicChallenge(HttpServletResponse JavaDoc res)
135     throws ServletException JavaDoc, IOException JavaDoc
136   {
137     String JavaDoc realm = getRealmName();
138     if (realm == null)
139       realm = "resin";
140
141     res.setHeader("WWW-Authenticate", "Basic realm=\"" + realm + "\"");
142     res.sendError(res.SC_UNAUTHORIZED);
143   }
144
145   /**
146    * Returns the principal from a basic authentication
147    *
148    * @param auth the authenticator for this application.
149    */
150   protected Principal JavaDoc getBasicPrincipal(HttpServletRequest JavaDoc request,
151                                         HttpServletResponse JavaDoc response,
152                                         ServletContext JavaDoc application)
153     throws ServletException JavaDoc
154   {
155     Principal JavaDoc principal;
156
157     // Principal from runner
158 principal = (Principal JavaDoc) request.getAttribute(AbstractAuthenticator.LOGIN_NAME);
159     if (principal != null)
160       return principal;
161       
162     String JavaDoc value = request.getHeader("authorization");
163     if (value == null)
164       return null;
165     
166     int i = value.indexOf(' ');
167     if (i <= 0)
168       return null;
169
170     String JavaDoc decoded = Base64.decode(value.substring(i + 1));
171
172     int index = decoded.indexOf(':');
173     if (index < 0)
174       return null;
175
176     String JavaDoc user = decoded.substring(0, index);
177     String JavaDoc password = decoded.substring(index + 1);
178
179     ServletAuthenticator auth = getAuthenticator();
180     principal = auth.login(request, response, application, user, password);
181
182     if (log.isLoggable(Level.FINE))
183       log.fine("basic: " + user + " -> " + principal);
184
185     return principal;
186   }
187 }
188
Popular Tags