1 19 20 package com.sslexplorer.agent; 21 22 import org.apache.commons.logging.Log; 23 import org.apache.commons.logging.LogFactory; 24 25 import com.maverick.util.Base64; 26 import com.sslexplorer.boot.RequestHandlerRequest; 27 import com.sslexplorer.core.UserDatabaseManager; 28 import com.sslexplorer.realms.Realm; 29 import com.sslexplorer.security.InvalidLoginCredentialsException; 30 import com.sslexplorer.security.User; 31 import com.sslexplorer.security.UserDatabase; 32 33 37 public class UsernameAndPasswordAgentAuthenticator implements AgentAuthenticator { 38 private static final Log logger = LogFactory.getLog(UsernameAndPasswordAgentAuthenticator.class); 39 private static final String AUTHORIZATION_FIELD = "Authorization"; 40 private static final String BASIC_METHOD = "basic"; 41 42 46 public User authenticate(RequestHandlerRequest request) { 47 String authorization = request.getField(AUTHORIZATION_FIELD); 48 if (authorization != null) { 49 return authenticate(authorization); 50 } 51 return null; 52 } 53 54 private static User authenticate(String authorization) { 56 String method = getBefore(authorization, " "); 57 if (BASIC_METHOD.equalsIgnoreCase(method)) { 58 if (logger.isDebugEnabled()) { 59 logger.debug("Using BASIC authentication"); 60 } 61 62 String credentials = new String (Base64.decode(getAfter(authorization, " "))); 63 String realmAndUsername = getBefore(credentials, ":"); 64 String realmName = getBefore(realmAndUsername, "/"); 65 String username = realmName == null ? realmAndUsername : getAfter(realmAndUsername, "/"); 66 String password = getAfter(credentials, ":"); 67 68 try { 69 UserDatabase userDatabase = getUserDatabase(realmName); 70 if (userDatabase.checkPassword(username, password)) { 71 return userDatabase.getAccount(username); 72 } 73 } catch (InvalidLoginCredentialsException e) { 74 logger.info("Authentication failed for user " + username); 75 } catch (Exception e) { 76 logger.error("An error occurred", e); 77 } 78 } 79 return null; 80 } 81 82 private static UserDatabase getUserDatabase(String realmName) throws Exception { 83 String realRealmName = realmName == null ? UserDatabaseManager.DEFAULT_REALM_NAME : realmName; 84 Realm realm = UserDatabaseManager.getInstance().getRealm(realRealmName); 85 return UserDatabaseManager.getInstance().getUserDatabase(realm); 86 } 87 88 private static String getBefore(String value, String toFind) { 89 int indexOf = value.indexOf(toFind); 90 return indexOf == -1 ? null : value.substring(0, indexOf); 91 } 92 93 private static String getAfter(String value, String toFind) { 94 int indexOf = value.indexOf(toFind); 95 return indexOf == -1 ? null : value.substring(indexOf + 1); 96 } 97 } | Popular Tags |