01: // ========================================================================
02: // Copyright 2002-2005 Mort Bay Consulting Pty. Ltd.
03: // ------------------------------------------------------------------------
04: // Licensed under the Apache License, Version 2.0 (the "License");
05: // you may not use this file except in compliance with the License.
06: // You may obtain a copy of the License at
07: // http://www.apache.org/licenses/LICENSE-2.0
08: // Unless required by applicable law or agreed to in writing, software
09: // distributed under the License is distributed on an "AS IS" BASIS,
10: // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11: // See the License for the specific language governing permissions and
12: // limitations under the License.
13: // ========================================================================
14:
15: package org.mortbay.jetty.security;
16:
17: import java.io.IOException;
18: import java.security.Principal;
19:
20: import javax.servlet.http.HttpServletResponse;
21:
22: import org.mortbay.jetty.HttpHeaders;
23: import org.mortbay.jetty.Request;
24: import org.mortbay.jetty.Response;
25: import org.mortbay.log.Log;
26: import org.mortbay.util.StringUtil;
27:
28: /* ------------------------------------------------------------ */
29: /** BASIC authentication.
30: *
31: * @author Greg Wilkins (gregw)
32: */
33: public class BasicAuthenticator implements Authenticator {
34: /* ------------------------------------------------------------ */
35: /**
36: * @return UserPrinciple if authenticated or null if not. If
37: * Authentication fails, then the authenticator may have committed
38: * the response as an auth challenge or redirect.
39: * @exception IOException
40: */
41: public Principal authenticate(UserRealm realm,
42: String pathInContext, Request request, Response response)
43: throws IOException {
44: // Get the user if we can
45: Principal user = null;
46: String credentials = request
47: .getHeader(HttpHeaders.AUTHORIZATION);
48:
49: if (credentials != null) {
50: try {
51: if (Log.isDebugEnabled())
52: Log.debug("Credentials: " + credentials);
53: credentials = credentials.substring(credentials
54: .indexOf(' ') + 1);
55: credentials = B64Code.decode(credentials,
56: StringUtil.__ISO_8859_1);
57: int i = credentials.indexOf(':');
58: String username = credentials.substring(0, i);
59: String password = credentials.substring(i + 1);
60: user = realm.authenticate(username, password, request);
61:
62: if (user == null)
63: Log.warn("AUTH FAILURE: user {}", username);
64: else {
65: request.setAuthType(Constraint.__BASIC_AUTH);
66: request.setUserPrincipal(user);
67: }
68: } catch (Exception e) {
69: Log.warn("AUTH FAILURE: " + e.toString());
70: Log.ignore(e);
71: }
72: }
73:
74: // Challenge if we have no user
75: if (user == null && response != null)
76: sendChallenge(realm, response);
77:
78: return user;
79: }
80:
81: /* ------------------------------------------------------------ */
82: public String getAuthMethod() {
83: return Constraint.__BASIC_AUTH;
84: }
85:
86: /* ------------------------------------------------------------ */
87: public void sendChallenge(UserRealm realm, Response response)
88: throws IOException {
89: response.setHeader(HttpHeaders.WWW_AUTHENTICATE,
90: "basic realm=\"" + realm.getName() + '"');
91: response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
92: }
93:
94: }
|