1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.springframework.extensions.webscripts;
20
21 import javax.servlet.http.HttpServletRequest;
22 import javax.servlet.http.HttpServletResponse;
23 import javax.servlet.http.HttpSession;
24
25 import org.apache.commons.logging.Log;
26 import org.apache.commons.logging.LogFactory;
27 import org.springframework.extensions.surf.UserFactory;
28 import org.springframework.extensions.surf.util.Base64;
29 import org.springframework.extensions.webscripts.Description.RequiredAuthentication;
30 import org.springframework.extensions.webscripts.connector.Connector;
31 import org.springframework.extensions.webscripts.connector.ConnectorService;
32 import org.springframework.extensions.webscripts.connector.CredentialVault;
33 import org.springframework.extensions.webscripts.connector.Credentials;
34 import org.springframework.extensions.webscripts.connector.CredentialsImpl;
35 import org.springframework.extensions.webscripts.connector.Response;
36 import org.springframework.extensions.webscripts.servlet.ServletAuthenticatorFactory;
37 import org.springframework.extensions.webscripts.servlet.WebScriptServletRequest;
38 import org.springframework.extensions.webscripts.servlet.WebScriptServletResponse;
39
40
41
42
43
44
45
46
47
48
49 public class BasicHttpAuthenticatorFactory implements ServletAuthenticatorFactory
50 {
51 private static Log logger = LogFactory.getLog(BasicHttpAuthenticatorFactory.class);
52
53 private ConnectorService connectorService;
54 private String endpointId;
55 private boolean delegate = false;
56
57
58
59
60
61 public void setConnectorService(ConnectorService connectorService)
62 {
63 this.connectorService = connectorService;
64 }
65
66
67
68
69 public void setEndpointId(String endpointId)
70 {
71 this.endpointId = endpointId;
72 }
73
74
75
76
77
78 public void setDelegate(boolean delegate)
79 {
80 this.delegate = delegate;
81 }
82
83
84
85
86
87 public Authenticator create(WebScriptServletRequest req, WebScriptServletResponse res)
88 {
89 return new BasicHttpAuthenticator(req, res);
90 }
91
92
93
94
95
96 public class BasicHttpAuthenticator implements Authenticator
97 {
98
99 private WebScriptServletRequest servletReq;
100 private WebScriptServletResponse servletRes;
101
102 private String authorization;
103 private String ticket;
104
105
106
107
108
109
110
111
112 public BasicHttpAuthenticator(WebScriptServletRequest req, WebScriptServletResponse res)
113 {
114 this.servletReq = req;
115 this.servletRes = res;
116
117 HttpServletRequest httpReq = servletReq.getHttpServletRequest();
118
119 this.authorization = httpReq.getHeader("Authorization");
120 this.ticket = httpReq.getParameter("alf_ticket");
121 }
122
123
124
125
126 public boolean authenticate(RequiredAuthentication required, boolean isGuest)
127 {
128 boolean authorized = false;
129
130
131 HttpServletRequest req = servletReq.getHttpServletRequest();
132 HttpServletResponse res = servletRes.getHttpServletResponse();
133
134 if (logger.isDebugEnabled())
135 logger.debug("HTTP Authorization provided: " + (authorization != null && authorization.length() != 0));
136
137
138 if (authorization != null && authorization.length() != 0)
139 {
140 String[] authorizationParts = authorization.split(" ");
141 if (!authorizationParts[0].equalsIgnoreCase("basic"))
142 {
143 throw new WebScriptException("Authorization '" + authorizationParts[0] + "' not supported.");
144 }
145 String decodedAuthorisation = new String(Base64.decode(authorizationParts[1]));
146 String[] parts = decodedAuthorisation.split(":");
147
148 if (parts.length == 2)
149 {
150
151 String username = parts[0];
152 if (logger.isDebugEnabled())
153 logger.debug("Authenticating (BASIC HTTP) user " + parts[0]);
154
155 try
156 {
157
158 HttpSession session = req.getSession();
159 Credentials credentials = new CredentialsImpl(endpointId);
160 credentials.setProperty(Credentials.CREDENTIAL_USERNAME, username);
161 credentials.setProperty(Credentials.CREDENTIAL_PASSWORD, parts[1]);
162 CredentialVault vault = connectorService.getCredentialVault(session, username);
163 vault.store(credentials);
164
165 if (delegate)
166 {
167
168 session.setAttribute(UserFactory.SESSION_ATTRIBUTE_KEY_USER_ID, username);
169 authorized = true;
170 }
171 else
172 {
173
174 Connector connector = connectorService.getConnector(endpointId, username, session);
175 Response response = connector.call("/touch");
176 authorized = (response.getStatus().getCode() != Status.STATUS_UNAUTHORIZED);
177 }
178 }
179 catch (Throwable err)
180 {
181 logger.warn("Failed during authorization: " + err.getMessage(), err);
182 }
183 }
184 }
185
186
187 if (!authorized)
188 {
189 if (logger.isDebugEnabled())
190 logger.debug("Requesting authorization credentials");
191
192 res.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
193 res.setHeader("WWW-Authenticate", "Basic realm=\"Alfresco\"");
194 }
195
196 return authorized;
197 }
198
199
200
201
202 public boolean emptyCredentials()
203 {
204 return ((ticket == null || ticket.length() == 0) && (authorization == null || authorization.length() == 0));
205 }
206 }
207 }