KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > mortbay > http > BasicAuthenticator


1 // ========================================================================
2 // $Id: BasicAuthenticator.java,v 1.17 2005/08/13 00:01:24 gregwilkins Exp $
3 // Copyright 2002-2004 Mort Bay Consulting Pty. Ltd.
4 // ------------------------------------------------------------------------
5 // Licensed under the Apache License, Version 2.0 (the "License");
6 // you may not use this file except in compliance with the License.
7 // You may obtain a copy of the License at
8 // http://www.apache.org/licenses/LICENSE-2.0
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 // ========================================================================
15
16 package org.mortbay.http;
17
18 import java.io.IOException JavaDoc;
19 import java.security.Principal JavaDoc;
20
21 import org.apache.commons.logging.Log;
22 import org.mortbay.log.LogFactory;
23 import org.mortbay.util.B64Code;
24 import org.mortbay.util.LogSupport;
25 import org.mortbay.util.StringUtil;
26
27 /* ------------------------------------------------------------ */
28 /** BASIC authentication.
29  *
30  * @version $Id: BasicAuthenticator.java,v 1.17 2005/08/13 00:01:24 gregwilkins Exp $
31  * @author Greg Wilkins (gregw)
32  */
33 public class BasicAuthenticator implements Authenticator
34 {
35     private static Log log = LogFactory.getLog(BasicAuthenticator.class);
36
37     /* ------------------------------------------------------------ */
38     /**
39      * @return UserPrinciple if authenticated or null if not. If
40      * Authentication fails, then the authenticator may have committed
41      * the response as an auth challenge or redirect.
42      * @exception IOException
43      */
44     public Principal JavaDoc authenticate(UserRealm realm,
45             String JavaDoc pathInContext,
46             HttpRequest request,
47             HttpResponse response)
48     throws IOException JavaDoc
49     {
50         // Get the user if we can
51 Principal JavaDoc user=null;
52         String JavaDoc credentials = request.getField(HttpFields.__Authorization);
53         
54         if (credentials!=null )
55         {
56             try
57             {
58                 if(log.isDebugEnabled())log.debug("Credentials: "+credentials);
59                 credentials = credentials.substring(credentials.indexOf(' ')+1);
60                 credentials = B64Code.decode(credentials,StringUtil.__ISO_8859_1);
61                 int i = credentials.indexOf(':');
62                 String JavaDoc username = credentials.substring(0,i);
63                 String JavaDoc password = credentials.substring(i+1);
64                 user = realm.authenticate(username,password,request);
65                 
66                 if (user==null)
67                     log.warn("AUTH FAILURE: user "+username);
68                 else
69                 {
70                     request.setAuthType(SecurityConstraint.__BASIC_AUTH);
71                     request.setAuthUser(username);
72                     request.setUserPrincipal(user);
73                 }
74             }
75             catch (Exception JavaDoc e)
76             {
77                 log.warn("AUTH FAILURE: "+e.toString());
78                 LogSupport.ignore(log,e);
79             }
80         }
81
82         // Challenge if we have no user
83 if (user==null && response!=null)
84             sendChallenge(realm,response);
85         
86         return user;
87     }
88     
89     /* ------------------------------------------------------------ */
90     public String JavaDoc getAuthMethod()
91     {
92         return SecurityConstraint.__BASIC_AUTH;
93     }
94
95     /* ------------------------------------------------------------ */
96     public void sendChallenge(UserRealm realm,
97                               HttpResponse response)
98         throws IOException JavaDoc
99     {
100         response.setField(HttpFields.__WwwAuthenticate,
101                           "basic realm=\""+realm.getName()+'"');
102         response.sendError(HttpResponse.__401_Unauthorized);
103     }
104     
105 }
106     
107
Popular Tags