KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > apache > roller > webservices > adminapi > BasicAuthenticator


1 /*
2  * Copyright 2005 David M Johnson (For RSS and Atom In Action)
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 package org.apache.roller.webservices.adminapi;
17
18 import java.util.StringTokenizer JavaDoc;
19 import javax.servlet.http.HttpServletRequest JavaDoc;
20 import com.sun.syndication.io.impl.Base64;
21 import org.apache.commons.logging.Log;
22 import org.apache.commons.logging.LogFactory;
23 import org.apache.roller.RollerException;
24 import org.apache.roller.pojos.UserData;
25
26 /**
27  * This class implements HTTP basic authentication for roller.
28  *
29  * @author jtb
30  */
31 class BasicAuthenticator extends Authenticator {
32     /** Creates a new instance of HttpBasicAuthenticator */
33     public BasicAuthenticator(HttpServletRequest JavaDoc req) {
34         super(req);
35     }
36     
37     public void authenticate() throws HandlerException {
38         setUserName(null);
39         
40         String JavaDoc userName = null;
41         String JavaDoc password = null;
42         String JavaDoc authHeader = getRequest().getHeader("Authorization");
43         if (authHeader == null) {
44             throw new UnauthorizedException("ERROR: Authorization header was not set");
45         }
46         
47         try {
48             StringTokenizer JavaDoc st = new StringTokenizer JavaDoc(authHeader);
49             if (st.hasMoreTokens()) {
50                 String JavaDoc basic = st.nextToken();
51                 if (basic.equalsIgnoreCase("Basic")) {
52                     String JavaDoc credentials = st.nextToken();
53                     String JavaDoc userPass = new String JavaDoc(Base64.decode(credentials));
54                     int p = userPass.indexOf(":");
55                     if (p != -1) {
56                         userName = userPass.substring(0, p);
57                         UserData user = getRoller().getUserManager().getUserByUserName(userName);
58                         if (user == null) {
59                             throw new UnauthorizedException("ERROR: User does not exist: " + userName);
60                         }
61                         String JavaDoc realpassword = user.getPassword();
62                         password = userPass.substring(p+1);
63                         if ((userName.trim().equals(user.getUserName())) && (password.trim().equals(realpassword))) {
64                             setUserName(userName);
65                         }
66                     }
67                 }
68             }
69         } catch (RollerException re) {
70             throw new InternalException("ERROR: Could not authorize user: " + userName, re);
71         }
72         if (getUserName() == null) {
73             throw new UnauthorizedException("ERROR: User is not authorized to use the AAPP endpoint: " + userName);
74         }
75         
76         // make sure the user has the admin role
77 verifyUser();
78     }
79 }
80
Popular Tags