implement a new authentication filter, which uses a set of WebTokenGenerator to handle authentication requests

scm-webapp/src/main/java/sonia/scm/web/BasicWebTokenGenerator.java

@@ -0,0 +1,117 @@
+/**
+ * Copyright (c) 2014, Sebastian Sdorra All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer. 2. Redistributions in
+ * binary form must reproduce the above copyright notice, this list of
+ * conditions and the following disclaimer in the documentation and/or other
+ * materials provided with the distribution. 3. Neither the name of SCM-Manager;
+ * nor the names of its contributors may be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * http://bitbucket.org/sdorra/scm-manager
+ *
+ */
+
+
+
+package sonia.scm.web;
+
+//~--- non-JDK imports --------------------------------------------------------
+
+import org.apache.shiro.authc.UsernamePasswordToken;
+import org.apache.shiro.codec.Base64;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import sonia.scm.plugin.Extension;
+import sonia.scm.util.Util;
+
+//~--- JDK imports ------------------------------------------------------------
+
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ *
+ * @author Sebastian Sdorra
+ * @since 2.0.0
+ */
+@Extension
+public class BasicWebTokenGenerator extends SchemeBasedWebTokenGenerator
+{
+
+  /** Field description */
+  public static final String AUTHORIZATION_BASIC_PREFIX = "basic";
+
+  /** Field description */
+  public static final String CREDENTIAL_SEPARATOR = ":";
+
+  /**
+   * the logger for BasicWebTokenGenerator
+   */
+  private static final Logger logger =
+    LoggerFactory.getLogger(BasicWebTokenGenerator.class);
+
+  //~--- methods --------------------------------------------------------------
+
+  /**
+   * Method description
+   *
+   *
+   * @param request
+   * @param scheme
+   * @param authorization
+   *
+   * @return
+   */
+  @Override
+  protected UsernamePasswordToken createToken(HttpServletRequest request,
+    String scheme, String authorization)
+  {
+    UsernamePasswordToken authToken = null;
+
+    if (AUTHORIZATION_BASIC_PREFIX.equalsIgnoreCase(scheme))
+    {
+      String token = new String(Base64.decode(authorization.getBytes()));
+
+      int index = token.indexOf(CREDENTIAL_SEPARATOR);
+
+      if ((index > 0) && (index < token.length()))
+      {
+        String username = token.substring(0, index);
+        String password = token.substring(index + 1);
+
+        if (Util.isNotEmpty(username) && Util.isNotEmpty(password))
+        {
+          logger.trace("try to authenticate user {}", username);
+          authToken = new UsernamePasswordToken(username, password);
+        }
+        else if (logger.isWarnEnabled())
+        {
+          logger.warn("username or password is null/empty");
+        }
+      }
+      else if (logger.isWarnEnabled())
+      {
+        logger.warn("failed to read basic auth credentials");
+      }
+    }
+
+    return authToken;
+  }
+}