KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > com > lutris > http > BasicAuth


1
2 /*
3  * Enhydra Java Application Server Project
4  *
5  * The contents of this file are subject to the Enhydra Public License
6  * Version 1.1 (the "License"); you may not use this file except in
7  * compliance with the License. You may obtain a copy of the License on
8  * the Enhydra web site ( http://www.enhydra.org/ ).
9  *
10  * Software distributed under the License is distributed on an "AS IS"
11  * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
12  * the License for the specific terms governing rights and limitations
13  * under the License.
14  *
15  * The Initial Developer of the Enhydra Application Server is Lutris
16  * Technologies, Inc. The Enhydra Application Server and portions created
17  * by Lutris Technologies, Inc. are Copyright Lutris Technologies, Inc.
18  * All Rights Reserved.
19  *
20  * Contributor(s):
21  *
22  * $Id: BasicAuth.java,v 1.2 2005/03/24 10:51:20 slobodan Exp $
23  */
24
25
26
27
28 package com.lutris.http;
29
30 import javax.servlet.http.HttpServletRequest JavaDoc;
31
32 import com.lutris.appserver.server.httpPresentation.HttpPresentationException;
33 import com.lutris.appserver.server.httpPresentation.HttpPresentationRequest;
34 import com.lutris.util.Convert;
35
36 /**
37  * Methods to be used to implement the HTTP Basic Auth authorization
38  * method. This is the standard username/password mechanism in use all
39  * over the web. <P>
40  *
41  * Note: the username and password are sent over the net base64 encoded,
42  * which is practically clear text. So this method is no more secure than
43  * the communication channel being used. <P>
44  *
45  * Usage: <BR>
46  * When a request comes in, before responding to it, call
47  * <CODE>getAuthentication()</CODE>. It will return the username and
48  * password that was sent along with the request. If no authorization was
49  * sent, null is returned. The caller is then responsible for deciding if
50  * the username and password are valid. <P>
51  *
52  * If the caller decides that the authorization is not sufficient,
53  * a <CODE>PageUnauthorizedException</CODE> should be thrown. <P>
54  *
55  * If you are writing a LBS application, the recommended place to put
56  * this processing is in your Application's <CODE>requestPreprocessor()</CODE>
57  * function. That function is called for every request, before the
58  * presentation objects are called.
59  *
60  * @see com.lutris.appserver.server.httpPresentation.PageUnauthorizedException
61  * @version $Revision: 1.2 $
62  * @author Andy John
63  */
64 public class BasicAuth {
65
66     // Private constructor, so no instances. Just use the static methods.
67 private BasicAuth() {}
68
69     /**
70      * Checks to see if the authorization matches the given username
71      * and password. If not, or if no authorization was sent, false is
72      * returned. If req, username or password are null, then it is assumed
73      * that authentication is not being used, and all requests are allowed.
74      *
75      * @param req The request to authenticate.
76      * @return The username and password, or null if no authorization was
77      * sent.
78      */
79     public static BasicAuthResult getAuthentication(
80                                         HttpPresentationRequest req) {
81         if (req == null)
82             return null;
83         String JavaDoc authHeader = null;
84         try {
85             authHeader = req.getHeader("Authorization");
86         } catch (HttpPresentationException hpe) {
87         }
88         return getAuth(authHeader);
89     }
90
91
92     /**
93      * Checks to see if the authorization matches the given username
94      * and password. If not, or if no authorization was sent, false is
95      * returned. If req, username or password are null, then it is assumed
96      * that authentication is not being used, and all requests are allowed.
97      *
98      * @param req The request to authenticate.
99      * @return The username and password, or null if no authorization was
100      * sent.
101      */
102 /* SV
103     public static BasicAuthResult getAuthentication(JoltRequest req) {
104         if (req == null)
105             return null;
106         String authHeader = null;
107         try {
108             authHeader = req.getHeader("Authorization");
109         } catch (HttpPresentationException hpe) {
110         }
111         return getAuth(authHeader);
112     }
113 */
114
115     /**
116      * Extracts and returns the username and password using the HTTP
117      * Basic Auth method. If no authorization was sent, null is
118      * returned. Use this flavor if you are writing a non-Enhydra
119      * servlet.
120      *
121      * @param req The request to authenticate.
122      * @return The username and password, or null if no authorization was
123      * sent.
124      */
125     public static BasicAuthResult getAuthentication(HttpServletRequest JavaDoc req) {
126         if (req == null)
127             return null;
128         return getAuth(req.getHeader("Authorization"));
129     }
130
131
132     private static BasicAuthResult getAuth(String JavaDoc authHeader) {
133         if (authHeader == null)
134             // No auth header was sent. Deny the request.
135 return null;
136         /*
137             Now decode the username and password.
138         */
139         if (!authHeader.startsWith("Basic "))
140             // Syntax error in auth header.
141 return null;
142         authHeader = authHeader.substring(6);
143         byte[] bytes = Convert.fromBase64String(authHeader);
144         authHeader = new String JavaDoc(bytes);
145         int colon = authHeader.indexOf(":");
146         if (colon < 0)
147             // Syntax error in auth header.
148 return null;
149         String JavaDoc un = authHeader.substring(0, colon);
150         String JavaDoc pw = authHeader.substring(colon + 1);
151         return new BasicAuthResult(un, pw);
152     }
153
154 }
155
156
Popular Tags