KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > apache > roller > webservices > adminapi > WSSEAuthenticator


1 /*
2  * Copyright 2005 David M Johnson (For RSS and Atom In Action)
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */

16 package org.apache.roller.webservices.adminapi;
17
18 import java.io.IOException JavaDoc;
19 import java.io.UnsupportedEncodingException JavaDoc;
20 import javax.servlet.http.HttpServletRequest JavaDoc;
21 import org.apache.roller.RollerException;
22 import org.apache.roller.pojos.UserData;
23 import org.apache.roller.util.WSSEUtilities;
24
25 /**
26  * This class implements HTTP basic authentication for roller.
27  *
28  * @author jtb
29  */

30 class WSSEAuthenticator extends Authenticator {
31     /** Creates a new instance of HttpBasicAuthenticator */
32     public WSSEAuthenticator(HttpServletRequest JavaDoc req) {
33         super(req);
34     }
35     
36     public void authenticate() throws HandlerException {
37         setUserName(null);
38         String JavaDoc wsseHeader = getRequest().getHeader("X-WSSE");
39         if (wsseHeader == null) {
40             throw new UnauthorizedException("ERROR: WSSE header was not set");
41         };
42         
43         String JavaDoc userName = null;
44         String JavaDoc created = null;
45         String JavaDoc nonce = null;
46         String JavaDoc passwordDigest = null;
47         String JavaDoc[] tokens = wsseHeader.split(",");
48         
49         for (int i = 0; i < tokens.length; i++) {
50             int index = tokens[i].indexOf('=');
51             if (index != -1) {
52                 String JavaDoc key = tokens[i].substring(0, index).trim();
53                 String JavaDoc value = tokens[i].substring(index + 1).trim();
54                 value = value.replaceAll("\"", "");
55                 if (key.startsWith("UsernameToken")) {
56                     userName = value;
57                 } else if (key.equalsIgnoreCase("nonce")) {
58                     nonce = value;
59                 } else if (key.equalsIgnoreCase("passworddigest")) {
60                     passwordDigest = value;
61                 } else if (key.equalsIgnoreCase("created")) {
62                     created = value;
63                 }
64             }
65         }
66         
67         try {
68             UserData user = getRoller().getUserManager().getUser(userName);
69             if (user == null) {
70                 throw new UnauthorizedException("ERROR: User does not exist: " + userName);
71             }
72             String JavaDoc digest = WSSEUtilities.generateDigest(WSSEUtilities.base64Decode(nonce), created.getBytes("UTF-8"), user.getPassword().getBytes("UTF-8"));
73             if (digest.equals(passwordDigest)) {
74                 setUserName(userName);
75             } else {
76                 throw new UnauthorizedException("ERROR: User is not authorized to use the AAPP endpoint: " + userName);
77             }
78         } catch (RollerException re) {
79             throw new InternalException("ERROR: Could not get roller user: " + userName, re);
80         } catch (IOException JavaDoc ioe) {
81             throw new InternalException("ERROR: Could not get roller user: " + userName, ioe);
82         }
83         
84         // make sure the user has the admin role
85
verifyUser();
86     }
87 }
88
Popular Tags