1 16 package org.apache.roller.webservices.adminapi; 17 18 import java.io.IOException ; 19 import java.io.UnsupportedEncodingException ; 20 import javax.servlet.http.HttpServletRequest ; 21 import org.apache.roller.RollerException; 22 import org.apache.roller.pojos.UserData; 23 import org.apache.roller.util.WSSEUtilities; 24 25 30 class WSSEAuthenticator extends Authenticator { 31 32 public WSSEAuthenticator(HttpServletRequest req) { 33 super(req); 34 } 35 36 public void authenticate() throws HandlerException { 37 setUserName(null); 38 String wsseHeader = getRequest().getHeader("X-WSSE"); 39 if (wsseHeader == null) { 40 throw new UnauthorizedException("ERROR: WSSE header was not set"); 41 }; 42 43 String userName = null; 44 String created = null; 45 String nonce = null; 46 String passwordDigest = null; 47 String [] tokens = wsseHeader.split(","); 48 49 for (int i = 0; i < tokens.length; i++) { 50 int index = tokens[i].indexOf('='); 51 if (index != -1) { 52 String key = tokens[i].substring(0, index).trim(); 53 String value = tokens[i].substring(index + 1).trim(); 54 value = value.replaceAll("\"", ""); 55 if (key.startsWith("UsernameToken")) { 56 userName = value; 57 } else if (key.equalsIgnoreCase("nonce")) { 58 nonce = value; 59 } else if (key.equalsIgnoreCase("passworddigest")) { 60 passwordDigest = value; 61 } else if (key.equalsIgnoreCase("created")) { 62 created = value; 63 } 64 } 65 } 66 67 try { 68 UserData user = getRoller().getUserManager().getUser(userName); 69 if (user == null) { 70 throw new UnauthorizedException("ERROR: User does not exist: " + userName); 71 } 72 String digest = WSSEUtilities.generateDigest(WSSEUtilities.base64Decode(nonce), created.getBytes("UTF-8"), user.getPassword().getBytes("UTF-8")); 73 if (digest.equals(passwordDigest)) { 74 setUserName(userName); 75 } else { 76 throw new UnauthorizedException("ERROR: User is not authorized to use the AAPP endpoint: " + userName); 77 } 78 } catch (RollerException re) { 79 throw new InternalException("ERROR: Could not get roller user: " + userName, re); 80 } catch (IOException ioe) { 81 throw new InternalException("ERROR: Could not get roller user: " + userName, ioe); 82 } 83 84 verifyUser(); 86 } 87 } 88 | Popular Tags |