1 10 package org.mmbase.util; 11 12 19 public class HttpAuth { 20 private static org.mmbase.util.logging.Logger log = org.mmbase.util.logging.Logging.getLoggerInstance(HttpAuth.class.getName()); 21 22 private static org.mmbase.module.core.MMBase mmbase = (org.mmbase.module.core.MMBase) org.mmbase.module.core.MMBase.getMMBase(); 23 24 private static String remoteAuthenticationHost = null; 25 private static String remoteAuthenticationPage = null; 26 private static int remoteAuthenticationPort = 80; 27 28 static { 30 String tmp = mmbase.getInitParameter("AUTH401URL"); 31 if (tmp != null && !tmp.equals("")) { 32 HttpAuth.setLocalCheckUrl(tmp); 33 } 34 } 35 36 43 public static String checkUser(String mimeline) { 44 String user_password = org.mmbase.util.Encode.decode("BASE64", mimeline.substring(6)); 45 java.util.HashMap userInfo = new java.util.HashMap (); 46 java.util.StringTokenizer t = new java.util.StringTokenizer (user_password, ":"); 47 if (t.countTokens() == 2) { 48 userInfo.put("username", t.nextToken()); 49 userInfo.put("password", t.nextToken()); 50 } 51 org.mmbase.security.UserContext user = null; 52 try { 53 user = mmbase.getMMBaseCop().getAuthentication().login("name/password", userInfo, null); 54 } 55 catch(org.mmbase.security.SecurityException se) { 56 log.warn("user login of name: '" + userInfo.get("username") + "' failed("+se+")"); 57 return null; 58 } 59 if (user == null || user.getRank().getInt() < org.mmbase.security.Rank.BASICUSER_INT) { 61 log.warn("user login of name: '" + userInfo.get("username") + "' failed(invalid)"); 62 return null; 63 } 64 return user.getIdentifier(); 65 } 66 67 77 public static String getAuthorization(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res,String server, String level) throws AuthorizationException, NotLoggedInException { 78 if (log.isDebugEnabled()) { 79 log.debug("server: " + server + ", level: " + level); 80 } 81 String mimeline = getMimeline(req); 82 if (mimeline == null) { 83 log.info("page " + req.getRequestURI() + " is secure, and user not yet authenticated"); 84 res.setStatus(javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED); 85 res.setHeader("WWW-Authenticate","Basic realm=\""+server+"\""); 86 throw new NotLoggedInException("Not logged in Exception"); 87 } 88 if(remoteAuthenticationHost == null) { 89 String username = checkUser(mimeline); 91 if (username == null) { 92 log.service("Logging in of user failed"); 93 res.setStatus(javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED); 94 res.setHeader("WWW-Authenticate","Basic realm=\""+server+"\""); 95 throw new AuthorizationException("User authorization failed"); 96 } else { 97 log.debug("User " + username + " succesfully logged in"); 98 return username; 99 } 100 } 101 else { 102 try { 103 java.util.StringTokenizer t = new java.util.StringTokenizer (org.mmbase.util.Encode.decode("BASE64", mimeline.substring(6)), ":"); 105 String username = t.nextToken(); 106 String password = t.nextToken(); 107 108 java.net.Socket socket = new java.net.Socket (remoteAuthenticationHost, remoteAuthenticationPort); 109 java.io.BufferedInputStream instream = new java.io.BufferedInputStream (socket.getInputStream()); 110 java.io.BufferedOutputStream outstream = new java.io.BufferedOutputStream (socket.getOutputStream()); 111 112 write(outstream,"GET "+remoteAuthenticationPage+" HTTP/1.0\nContent-Type: vpro/ballyhoo\nUser-Agent: VPRO/James remote password check\nAuthorization: "+password+"\n\n"); 114 String result = read(instream); 115 if (result.indexOf("401") < 0) { 116 return username; 118 } 119 else { 120 String msg = "User authorization failed(server "+remoteAuthenticationHost+":"+remoteAuthenticationPort+remoteAuthenticationPage+")"; 122 throw new AuthorizationException(msg); 123 } 124 } 125 catch(java.net.UnknownHostException uhe) { 126 String msg = "host not found " + uhe; 127 log.error(msg); 128 throw new AuthorizationException(msg); 129 } 130 catch(java.io.IOException ioe) { 131 String msg = "communication failure " + ioe; 132 log.error(msg); 133 throw new AuthorizationException(msg); 134 } 135 } 136 } 137 138 143 public static String getRemoteUser(javax.servlet.http.HttpServletRequest req) { 144 return checkUser(getMimeline(req)); 145 } 146 147 152 public static String getRemoteUser(scanpage sp) { 153 return getRemoteUser(sp.req); 154 } 155 156 157 161 public static void setLocalCheckUrl(String url) { 162 if (remoteAuthenticationHost != null) { 163 log.error("check url was already set ('" + remoteAuthenticationHost + "')"); 164 return; 165 } 166 int pos=url.indexOf('/'); 167 if (pos!=-1) { 168 remoteAuthenticationHost = url.substring(0,pos); 169 remoteAuthenticationPage = url.substring(pos); 170 } 171 else { 172 remoteAuthenticationHost = url; 173 remoteAuthenticationPage = "/"; 174 } 175 pos = remoteAuthenticationHost.indexOf(':'); 176 if (pos!=-1) { 177 try { 178 remoteAuthenticationPort = Integer.parseInt(remoteAuthenticationHost.substring(pos+1)); 179 } 180 catch (Exception e) { 181 log.error(e.toString()); 182 } 183 remoteAuthenticationHost = remoteAuthenticationHost.substring(0,pos); 184 } 185 } 186 187 private static String getMimeline(javax.servlet.http.HttpServletRequest req) { 188 return ((String )req.getHeader("Authorization")); 189 } 190 191 private static int write(java.io.BufferedOutputStream out,String line) { 192 try { 193 out.write(line.getBytes()); 194 out.flush(); 195 } catch(java.io.IOException e) { 196 return -1; 197 } 198 return line.length(); 199 } 200 201 private static String read(java.io.BufferedInputStream in) { 202 StringBuffer str=new StringBuffer (); 203 int rtn=0; 204 do { 205 try { 206 rtn=in.read(); 207 } 208 catch(java.io.IOException e) { 209 return null; 210 } 211 if (rtn==-1) { 212 return null; 213 } 214 str.append((char)rtn); 215 } 216 while(rtn!='\n'); 217 return str.toString(); 218 } 219 } 220 | Popular Tags |