01: /*
02: * (C) Copyright 2000 - 2005 Nabh Information Systems, Inc.
03: *
04: * This program is free software; you can redistribute it and/or
05: * modify it under the terms of the GNU General Public License
06: * as published by the Free Software Foundation; either version 2
07: * of the License, or (at your option) any later version.
08: *
09: * This program is distributed in the hope that it will be useful,
10: * but WITHOUT ANY WARRANTY; without even the implied warranty of
11: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12: * GNU General Public License for more details.
13: *
14: * You should have received a copy of the GNU General Public License
15: * along with this program; if not, write to the Free Software
16: * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
17: *
18: */
19: package com.nabhinc.ws.interceptor.security;
20:
21: import java.io.IOException;
22:
23: import com.nabhinc.ws.core.WebServiceException;
24: import com.nabhinc.ws.core.WebServiceSecurityException;
25: import com.nabhinc.ws.server.Interceptor;
26: import com.nabhinc.ws.server.InterceptorChain;
27: import com.nabhinc.ws.server.RequestInfo;
28: import com.nabhinc.ws.server.ServerObjectConfig;
29: import com.nabhinc.ws.server.ServerObjectImpl;
30: import com.nabhinc.ws.spi.UserManager;
31: import com.nabhinc.util.Base64;
32:
33: /**
34: * Looks for user/password information in "Authorization" request
35: * header. If present, it decodes it using <code>com.nabhinc.util.Base64</code>
36: * class and uses installed <code>UserManager</code> to authenticate the
37: * user.
38: *
39: * @author Padmanabh Dabke
40: * (c) 2005 Nabh Information Systems, Inc. All Rights Reserved.
41: */
42: public class HTTPBasicAuthenticator extends ServerObjectImpl implements
43: Interceptor {
44: public static final String AUTHORIZATION_HEADER = "Authorization";
45:
46: private UserManager hbaUserManager = null;
47:
48: public void init(ServerObjectConfig config)
49: throws WebServiceException {
50: super .init(config);
51: hbaUserManager = soiServerContext.getUserManager();
52:
53: }
54:
55: public void intercept(RequestInfo reqInfo, InterceptorChain chain)
56: throws WebServiceException, IOException {
57: String tmp = reqInfo.webServiceRequest
58: .getHeader(AUTHORIZATION_HEADER);
59: String user = null;
60: String password = null;
61: if (tmp != null)
62: tmp = tmp.trim();
63: if (tmp != null && tmp.startsWith("Basic ")) {
64: int i;
65:
66: tmp = new String(Base64.decode(tmp.substring(6)));
67: i = tmp.indexOf(':');
68: if (i == -1)
69: user = tmp;
70: else
71: user = tmp.substring(0, i);
72: if (i != -1) {
73: password = tmp.substring(i + 1);
74: if (password != null && password.equals(""))
75: password = null;
76: }
77:
78: if (!hbaUserManager.authenticateUser(user, password, null,
79: false)) {
80: throw new WebServiceSecurityException("Access denied.");
81: }
82: chain.doIntercept(reqInfo);
83: } else {
84: throw new WebServiceSecurityException("Access denied.");
85:
86: }
87:
88: }
89:
90: }
|