001: /**
002: * Copyright (c) 2000-2008 Liferay, Inc. All rights reserved.
003: *
004: * Permission is hereby granted, free of charge, to any person obtaining a copy
005: * of this software and associated documentation files (the "Software"), to deal
006: * in the Software without restriction, including without limitation the rights
007: * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
008: * copies of the Software, and to permit persons to whom the Software is
009: * furnished to do so, subject to the following conditions:
010: *
011: * The above copyright notice and this permission notice shall be included in
012: * all copies or substantial portions of the Software.
013: *
014: * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
015: * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
016: * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
017: * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
018: * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
019: * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
020: * SOFTWARE.
021: */package com.liferay.portal.security.auth;
022:
023: import com.liferay.portal.NoSuchUserException;
024: import com.liferay.portal.kernel.util.Base64;
025: import com.liferay.portal.kernel.util.GetterUtil;
026: import com.liferay.portal.kernel.util.StringPool;
027: import com.liferay.portal.service.UserLocalServiceUtil;
028:
029: import java.util.StringTokenizer;
030:
031: import javax.servlet.http.HttpServletRequest;
032: import javax.servlet.http.HttpServletResponse;
033:
034: import org.apache.commons.logging.Log;
035: import org.apache.commons.logging.LogFactory;
036:
037: /**
038: * <a href="BasicAuthHeaderAutoLogin.java.html"><b><i>View Source</i></b></a>
039: *
040: * <p>
041: * 1. Install Firefox. These instructions assume you have Firefox 2.0.0.1.
042: * Previous version of Firefox have been tested and are known to work.
043: * </p>
044: *
045: * <p>
046: * 2. Install the Modify Headers 0.5.4 Add-on. Tools > Add Ons. Click the get
047: * extensions link at the bottom of the window. Type in "Modify Headers" in the
048: * Search box. Find Modify Headers in the results page and click on it. Then
049: * click the install now link.
050: * </p>
051: *
052: * <p>
053: * 3. Configure Modify Headers to add a basic authentication header. Tools >
054: * Modify Headers. In the Modify Headers window select the Add drop down. Type
055: * in "Authorization" in the next box. Type in "Basic bGlmZXJheS5jb20uMTp0ZXN0"
056: * in the next box. Click the Add button.
057: * </p>
058: *
059: * <p>
060: * 4. Make sure your header modification is enabled and point your browser to
061: * the Liferay portal.
062: * </p>
063: *
064: * <p>
065: * 5. You should now be authenticated as Joe Bloggs.
066: * </p>
067: *
068: * @author Britt Courtney
069: * @author Brian Wing Shun Chan
070: *
071: */
072: public class BasicAuthHeaderAutoLogin implements AutoLogin {
073:
074: public String[] login(HttpServletRequest req,
075: HttpServletResponse res) throws AutoLoginException {
076:
077: try {
078: String[] credentials = null;
079:
080: // Get the Authorization header, if one was supplied
081:
082: String authHeader = req.getHeader("Authorization");
083:
084: if (authHeader == null) {
085: return credentials;
086: }
087:
088: StringTokenizer st = new StringTokenizer(authHeader);
089:
090: if (!st.hasMoreTokens()) {
091: return credentials;
092: }
093:
094: String basic = st.nextToken();
095:
096: // We only handle HTTP Basic authentication
097:
098: if (basic.equalsIgnoreCase("Basic")) {
099: String encodedCredentials = st.nextToken();
100:
101: if (_log.isDebugEnabled()) {
102: _log.debug("Encoded credentials are "
103: + encodedCredentials);
104: }
105:
106: String decodedCredentials = new String(Base64
107: .decode(encodedCredentials));
108:
109: if (_log.isDebugEnabled()) {
110: _log.debug("Decoded credentials are "
111: + decodedCredentials);
112: }
113:
114: int p = decodedCredentials.indexOf(StringPool.COLON);
115:
116: if (p == -1) {
117: return credentials;
118: }
119:
120: long userId = GetterUtil.getLong(decodedCredentials
121: .substring(0, p));
122: String password = decodedCredentials.substring(p + 1);
123:
124: try {
125: UserLocalServiceUtil.getUserById(userId);
126:
127: credentials = new String[3];
128:
129: credentials[0] = String.valueOf(userId);
130: credentials[1] = password;
131: credentials[2] = Boolean.TRUE.toString();
132: } catch (NoSuchUserException nsue) {
133: if (_log.isWarnEnabled()) {
134: _log.warn(userId + " is not a valid user id");
135: }
136: }
137: }
138:
139: return credentials;
140: } catch (Exception e) {
141: throw new AutoLoginException(e);
142: }
143: }
144:
145: private static Log _log = LogFactory
146: .getLog(BasicAuthHeaderAutoLogin.class);
147:
148: }
|