001: /*
002: * $Header: /home/jerenkrantz/tmp/commons/commons-convert/cvs/home/cvs/jakarta-commons//httpclient/src/test/org/apache/commons/httpclient/server/AuthRequestHandler.java,v 1.1 2004/11/20 17:56:40 olegk Exp $
003: * $Revision: 480424 $
004: * $Date: 2006-11-29 06:56:49 +0100 (Wed, 29 Nov 2006) $
005: *
006: * ====================================================================
007: *
008: * Licensed to the Apache Software Foundation (ASF) under one or more
009: * contributor license agreements. See the NOTICE file distributed with
010: * this work for additional information regarding copyright ownership.
011: * The ASF licenses this file to You under the Apache License, Version 2.0
012: * (the "License"); you may not use this file except in compliance with
013: * the License. You may obtain a copy of the License at
014: *
015: * http://www.apache.org/licenses/LICENSE-2.0
016: *
017: * Unless required by applicable law or agreed to in writing, software
018: * distributed under the License is distributed on an "AS IS" BASIS,
019: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
020: * See the License for the specific language governing permissions and
021: * limitations under the License.
022: * ====================================================================
023: *
024: * This software consists of voluntary contributions made by many
025: * individuals on behalf of the Apache Software Foundation. For more
026: * information on the Apache Software Foundation, please see
027: * <http://www.apache.org/>.
028: *
029: */
030:
031: package org.apache.commons.httpclient.server;
032:
033: import java.io.IOException;
034:
035: import org.apache.commons.httpclient.Credentials;
036: import org.apache.commons.httpclient.Header;
037: import org.apache.commons.httpclient.HttpStatus;
038: import org.apache.commons.httpclient.UsernamePasswordCredentials;
039: import org.apache.commons.httpclient.auth.BasicScheme;
040:
041: /**
042: * This request handler guards access to the http server when used in a request handler
043: * chain. It checks the headers for valid credentials and performs the
044: * authentication handshake if necessary.
045: *
046: * @author Ortwin Glueck
047: * @author Oleg Kalnichevski
048: */
049: public class AuthRequestHandler implements HttpRequestHandler {
050:
051: private Credentials credentials = null;
052: private String realm = null;
053: private boolean keepalive = true;
054:
055: /**
056: * The authenticate response header.
057: */
058: public static final String AUTH_RESP = "Authorization";
059:
060: /**
061: * TODO replace creds parameter with a class specific to an auth scheme
062: * encapsulating all required information for a specific scheme
063: *
064: * @param creds
065: */
066: public AuthRequestHandler(final Credentials creds,
067: final String realm, boolean keepalive) {
068: if (creds == null)
069: throw new IllegalArgumentException(
070: "Credentials may not be null");
071: this .credentials = creds;
072: this .keepalive = keepalive;
073: if (realm != null) {
074: this .realm = realm;
075: } else {
076: this .realm = "test";
077: }
078: }
079:
080: public AuthRequestHandler(final Credentials creds,
081: final String realm) {
082: this (creds, realm, true);
083: }
084:
085: public AuthRequestHandler(final Credentials creds) {
086: this (creds, null, true);
087: }
088:
089: public boolean processRequest(
090: final SimpleHttpServerConnection conn,
091: final SimpleRequest request) throws IOException {
092: Header clientAuth = request.getFirstHeader(AUTH_RESP);
093: if (clientAuth != null && checkAuthorization(clientAuth)) {
094: return false;
095: } else {
096: SimpleResponse response = performBasicHandshake(conn,
097: request);
098: // Make sure the request body is fully consumed
099: request.getBodyBytes();
100: conn.writeResponse(response);
101: return true;
102: }
103: }
104:
105: //TODO add more auth schemes
106: private SimpleResponse performBasicHandshake(
107: final SimpleHttpServerConnection conn,
108: final SimpleRequest request) throws IOException {
109: SimpleResponse response = new SimpleResponse();
110: response.setStatusLine(request.getRequestLine()
111: .getHttpVersion(), HttpStatus.SC_UNAUTHORIZED);
112: if (!request.getRequestLine().getMethod().equalsIgnoreCase(
113: "HEAD")) {
114: response.setBodyString("unauthorized");
115: }
116: response.addHeader(new Header("WWW-Authenticate",
117: "basic realm=\"" + this .realm + "\""));
118: if (this .keepalive) {
119: response.addHeader(new Header("Connection", "keep-alive"));
120: conn.setKeepAlive(true);
121: } else {
122: response.addHeader(new Header("Connection", "close"));
123: conn.setKeepAlive(false);
124: }
125: return response;
126: }
127:
128: /**
129: * Checks if the credentials provided by the client match the required
130: * credentials
131: *
132: * @return true if the client is authorized, false if not.
133: * @param clientAuth
134: */
135: private boolean checkAuthorization(final Header clientAuth) {
136: String expectedAuthString = BasicScheme
137: .authenticate(
138: (UsernamePasswordCredentials) credentials,
139: "ISO-8859-1");
140: return expectedAuthString.equals(clientAuth.getValue());
141: }
142:
143: }
|