01: /*
02: * Copyright 2005 David M Johnson (For RSS and Atom In Action)
03: *
04: * Licensed under the Apache License, Version 2.0 (the "License");
05: * you may not use this file except in compliance with the License.
06: * You may obtain a copy of the License at
07: *
08: * http://www.apache.org/licenses/LICENSE-2.0
09: *
10: * Unless required by applicable law or agreed to in writing, software
11: * distributed under the License is distributed on an "AS IS" BASIS,
12: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13: * See the License for the specific language governing permissions and
14: * limitations under the License.
15: */
16: package org.apache.roller.webservices.adminapi;
17:
18: import java.util.StringTokenizer;
19: import javax.servlet.http.HttpServletRequest;
20: import org.apache.commons.codec.binary.Base64;
21: import org.apache.commons.logging.Log;
22: import org.apache.commons.logging.LogFactory;
23: import org.apache.roller.RollerException;
24: import org.apache.roller.pojos.UserData;
25:
26: /**
27: * This class implements HTTP basic authentication for roller.
28: *
29: * @author jtb
30: */
31: class BasicAuthenticator extends Authenticator {
32: /** Creates a new instance of HttpBasicAuthenticator */
33: public BasicAuthenticator(HttpServletRequest req) {
34: super (req);
35: }
36:
37: public void authenticate() throws HandlerException {
38: setUserName(null);
39:
40: String authHeader = getRequest().getHeader("Authorization");
41: if (authHeader == null) {
42: throw new UnauthorizedException(
43: "ERROR: Authorization header was not set");
44: }
45:
46: StringTokenizer st = new StringTokenizer(authHeader);
47: if (st.hasMoreTokens()) {
48: String basic = st.nextToken();
49: if (basic.equalsIgnoreCase("Basic")) {
50: String credentials = st.nextToken();
51: String userPass = new String(Base64
52: .decodeBase64(credentials.getBytes()));
53: int p = userPass.indexOf(":");
54: if (p != -1) {
55: String userName = userPass.substring(0, p);
56: String password = userPass.substring(p + 1);
57: verifyUser(userName, password);
58:
59: //success
60: setUserName(userName);
61: }
62: }
63: }
64: }
65: }
|