1 16 package org.apache.roller.webservices.adminapi; 17 18 import java.util.StringTokenizer ; 19 import javax.servlet.http.HttpServletRequest ; 20 import com.sun.syndication.io.impl.Base64; 21 import org.apache.commons.logging.Log; 22 import org.apache.commons.logging.LogFactory; 23 import org.apache.roller.RollerException; 24 import org.apache.roller.pojos.UserData; 25 26 31 class BasicAuthenticator extends Authenticator { 32 33 public BasicAuthenticator(HttpServletRequest req) { 34 super(req); 35 } 36 37 public void authenticate() throws HandlerException { 38 setUserName(null); 39 40 String userName = null; 41 String password = null; 42 String authHeader = getRequest().getHeader("Authorization"); 43 if (authHeader == null) { 44 throw new UnauthorizedException("ERROR: Authorization header was not set"); 45 } 46 47 try { 48 StringTokenizer st = new StringTokenizer (authHeader); 49 if (st.hasMoreTokens()) { 50 String basic = st.nextToken(); 51 if (basic.equalsIgnoreCase("Basic")) { 52 String credentials = st.nextToken(); 53 String userPass = new String (Base64.decode(credentials)); 54 int p = userPass.indexOf(":"); 55 if (p != -1) { 56 userName = userPass.substring(0, p); 57 UserData user = getRoller().getUserManager().getUserByUserName(userName); 58 if (user == null) { 59 throw new UnauthorizedException("ERROR: User does not exist: " + userName); 60 } 61 String realpassword = user.getPassword(); 62 password = userPass.substring(p+1); 63 if ((userName.trim().equals(user.getUserName())) && (password.trim().equals(realpassword))) { 64 setUserName(userName); 65 } 66 } 67 } 68 } 69 } catch (RollerException re) { 70 throw new InternalException("ERROR: Could not authorize user: " + userName, re); 71 } 72 if (getUserName() == null) { 73 throw new UnauthorizedException("ERROR: User is not authorized to use the AAPP endpoint: " + userName); 74 } 75 76 verifyUser(); 78 } 79 } 80 | Popular Tags |