1 31 package org.blojsom.plugin.security; 32 33 import org.apache.commons.codec.binary.Base64; 34 import org.blojsom.authorization.AuthorizationException; 35 import org.blojsom.authorization.AuthorizationProvider; 36 import org.blojsom.blog.Blog; 37 import org.blojsom.blog.Entry; 38 import org.blojsom.plugin.PluginException; 39 import org.blojsom.plugin.admin.BaseAdminPlugin; 40 import org.blojsom.util.BlojsomConstants; 41 42 import javax.servlet.http.HttpServletRequest ; 43 import javax.servlet.http.HttpServletResponse ; 44 import java.io.UnsupportedEncodingException ; 45 import java.text.MessageFormat ; 46 import java.util.Map ; 47 48 56 public class BasicAuthenticationPlugin extends BaseAdminPlugin { 57 58 private static final String AUTHORIZATION_HEADER = "Authorization"; 59 private static final String WWW_AUTHENTICATE_HEADER = "WWW-Authenticate"; 60 private static final String BASIC_REALM_HEADER = "Basic realm=\"{0}\""; 61 private static final String FAILED_AUTHORIZATION_PAGE = "/org/blojsom/plugin/security/templates/failed-authorization"; 62 63 private AuthorizationProvider _authorizationProvider; 64 65 68 public BasicAuthenticationPlugin() { 69 } 70 71 76 public void setAuthorizationProvider(AuthorizationProvider authorizationProvider) { 77 _authorizationProvider = authorizationProvider; 78 } 79 80 86 protected void setAuthenticationRequired(HttpServletResponse httpServletResponse, Blog blog) { 87 httpServletResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED); 88 httpServletResponse.setHeader(WWW_AUTHENTICATE_HEADER, MessageFormat.format(BASIC_REALM_HEADER, new String []{blog.getBlogName()})); 89 } 90 91 100 protected boolean decodeCredentialsAndAuthenticate(HttpServletRequest httpServletRequest, Blog blog) { 101 String authorization = httpServletRequest.getHeader(AUTHORIZATION_HEADER); 102 if (authorization != null) { 103 String encodedCredentials = authorization.substring(6).trim(); 104 105 try { 106 String usernameAndPassword = new String (Base64.decodeBase64(encodedCredentials.getBytes(BlojsomConstants.UTF8))); 107 int colonIndex = usernameAndPassword.indexOf(":"); 108 if (colonIndex > 0) { 109 String username = usernameAndPassword.substring(0, colonIndex); 110 String password = usernameAndPassword.substring(colonIndex + 1); 111 112 try { 113 _authorizationProvider.authorize(blog, null, username, password); 114 115 return true; 116 } catch (AuthorizationException e) { 117 if (_logger.isErrorEnabled()) { 118 _logger.error(e); 119 } 120 121 return false; 122 } 123 } 124 } catch (UnsupportedEncodingException e) { 125 if (_logger.isErrorEnabled()) { 126 _logger.error(e); 127 } 128 129 return false; 130 } 131 } 132 133 return false; 134 } 135 136 147 public Entry[] process(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Blog blog, Map context, Entry[] entries) throws PluginException { 148 if (!decodeCredentialsAndAuthenticate(httpServletRequest, blog)) { 149 setAuthenticationRequired(httpServletResponse, blog); 150 151 httpServletRequest.setAttribute(BlojsomConstants.PAGE_PARAM, FAILED_AUTHORIZATION_PAGE); 152 153 return new Entry[0]; 154 } 155 156 return entries; 157 } 158 159 165 public void cleanup() throws PluginException { 166 } 167 168 174 public void destroy() throws PluginException { 175 } 176 } | Popular Tags |