UsernameAndPasswordAgentAuthenticator


1   /*
2    *  SSL-Explorer
3    *
4    *  Copyright (C) 2003-2006 3SP LTD. All Rights Reserved
5    *
6    *  This program is free software; you can redistribute it and/or
7    *  modify it under the terms of the GNU General Public License
8    *  as published by the Free Software Foundation; either version 2 of
9    *  the License, or (at your option) any later version.
10   *  This program is distributed in the hope that it will be useful,
11   *  but WITHOUT ANY WARRANTY; without even the implied warranty of
12   *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13   *  GNU General Public License for more details.
14   *
15   *  You should have received a copy of the GNU General Public
16   *  License along with this program; if not, write to the Free Software
17   *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
18   */
19              
20  package com.sslexplorer.agent;
21  
22  import org.apache.commons.logging.Log;
23  import org.apache.commons.logging.LogFactory;
24  
25  import com.maverick.util.Base64;
26  import com.sslexplorer.boot.RequestHandlerRequest;
27  import com.sslexplorer.core.UserDatabaseManager;
28  import com.sslexplorer.realms.Realm;
29  import com.sslexplorer.security.InvalidLoginCredentialsException;
30  import com.sslexplorer.security.User;
31  import com.sslexplorer.security.UserDatabase;
32  
33  /**
34   * Provides a concrete implementation of an AgentAuthenticator that uses the
35   * Username and Password.
36   */
37  public class UsernameAndPasswordAgentAuthenticator implements AgentAuthenticator {
38      private static final Log logger = LogFactory.getLog(UsernameAndPasswordAgentAuthenticator.class);
39      private static final String   AUTHORIZATION_FIELD = "Authorization";
40      private static final String   BASIC_METHOD = "basic";
41  
42      /*
43       * (non-Javadoc)
44       * @see com.sslexplorer.agent.AgentAuthenticator#authenticate(com.sslexplorer.boot.RequestHandlerRequest)
45       */
46      public User authenticate(RequestHandlerRequest request) {
47          String   authorization = request.getField(AUTHORIZATION_FIELD);
48          if (authorization != null) {
49              return authenticate(authorization);
50          }
51          return null;
52      }
53  
54      // expected format is Realm/Username:Password or Username:Password
55      private static User authenticate(String   authorization) {
56          String   method = getBefore(authorization, " ");
57          if (BASIC_METHOD.equalsIgnoreCase(method)) {
58              if (logger.isDebugEnabled()) {
59                  logger.debug("Using BASIC authentication");
60              }
61  
62              String   credentials = new String  (Base64.decode(getAfter(authorization, " ")));
63              String   realmAndUsername = getBefore(credentials, ":");
64              String   realmName = getBefore(realmAndUsername, "/");
65              String   username = realmName == null ? realmAndUsername : getAfter(realmAndUsername, "/");
66              String   password = getAfter(credentials, ":");
67  
68              try {
69                  UserDatabase userDatabase = getUserDatabase(realmName);
70                  if (userDatabase.checkPassword(username, password)) {
71                      return userDatabase.getAccount(username);
72                  }
73              } catch (InvalidLoginCredentialsException e) {
74                  logger.info("Authentication failed for user " + username);
75              } catch (Exception   e) {
76                  logger.error("An error occurred", e);
77              }
78          }
79          return null;
80      }
81  
82      private static UserDatabase getUserDatabase(String   realmName) throws Exception   {
83          String   realRealmName = realmName == null ? UserDatabaseManager.DEFAULT_REALM_NAME : realmName;
84          Realm realm = UserDatabaseManager.getInstance().getRealm(realRealmName);
85          return UserDatabaseManager.getInstance().getUserDatabase(realm);   
86      }
87      
88      private static String   getBefore(String   value, String   toFind) {
89          int indexOf = value.indexOf(toFind);
90          return indexOf == -1 ? null : value.substring(0, indexOf);
91      }
92  
93      private static String   getAfter(String   value, String   toFind) {
94          int indexOf = value.indexOf(toFind);
95          return indexOf == -1 ? null : value.substring(indexOf + 1);
96      }
97  }
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags