Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2025-11-17 10:41:06 +01:00
Code Issues Packages Projects Releases Activity
Files
7e9d60fa8ddd1d74a90d22f6fd7c4b4e436c713c
SCM-Manager/scm-webapp/src/main/java/sonia/scm/web/BasicWebTokenGenerator.java
Sebastian Sdorra bad99919f4 merge with branch 1.x
2017-01-12 19:50:39 +01:00

166 lines
5.4 KiB
Java
Raw Blame History

/**
* Copyright (c) 2014, Sebastian Sdorra All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer. 2. Redistributions in
* binary form must reproduce the above copyright notice, this list of
* conditions and the following disclaimer in the documentation and/or other
* materials provided with the distribution. 3. Neither the name of SCM-Manager;
* nor the names of its contributors may be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR
* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* http://bitbucket.org/sdorra/scm-manager
*
*/
package sonia.scm.web;
//~--- non-JDK imports --------------------------------------------------------
import com.google.common.base.Charsets;
import com.google.inject.Inject;
import java.io.UnsupportedEncodingException;
import java.nio.charset.Charset;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.codec.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import sonia.scm.plugin.Extension;
import sonia.scm.util.HttpUtil;
import sonia.scm.util.Util;
//~--- JDK imports ------------------------------------------------------------
import javax.servlet.http.HttpServletRequest;
/**
* Creates a {@link UsernamePasswordToken} from an authorization header with
* basic authentication.
*
* @author Sebastian Sdorra
* @since 2.0.0
*/
@Extension
public class BasicWebTokenGenerator extends SchemeBasedWebTokenGenerator
{
/** credential separator for basic authentication */
private static final String CREDENTIAL_SEPARATOR = ":";
/** default encoding to decode basic authentication header */
private static final Charset DEFAULT_ENCODING = Charsets.ISO_8859_1;
/**
* the logger for BasicWebTokenGenerator
*/
private static final Logger logger =
LoggerFactory.getLogger(BasicWebTokenGenerator.class);
private final UserAgentParser userAgentParser;
/**
* Constructs a new BasicWebTokenGenerator.
*
* @param userAgentParser parser for user-agent header
*/
@Inject
public BasicWebTokenGenerator(UserAgentParser userAgentParser) {
this.userAgentParser = userAgentParser;
}
/**
* Creates a {@link UsernamePasswordToken} from an authorization header with
* basic authentication scheme.
*
*
* @param request http servlet request
* @param scheme authentication scheme
* @param authorization authorization payload
*
* @return {@link UsernamePasswordToken} or {@code null}
*/
@Override
protected UsernamePasswordToken createToken(HttpServletRequest request,
String scheme, String authorization)
{
UsernamePasswordToken authToken = null;
if (HttpUtil.AUTHORIZATION_SCHEME_BASIC.equalsIgnoreCase(scheme))
{
String token = decodeAuthenticationHeader(request, authorization);
int index = token.indexOf(CREDENTIAL_SEPARATOR);
if ((index > 0) && (index < token.length()))
{
String username = token.substring(0, index);
String password = token.substring(index + 1);
if (Util.isNotEmpty(username) && Util.isNotEmpty(password))
{
logger.trace("try to authenticate user {}", username);
authToken = new UsernamePasswordToken(username, password);
}
else if (logger.isWarnEnabled())
{
logger.warn("username or password is null/empty");
}
}
else if (logger.isWarnEnabled())
{
logger.warn("failed to read basic auth credentials");
}
}
return authToken;
}
/**
* Decode base64 of the basic authentication header. The method will use
* the charset provided by the {@link UserAgent}, if the
* {@link UserAgentParser} is not available the method will be fall back to
* ISO-8859-1.
*
* @param request http request
* @param authentication base64 encoded basic authentication string
*
* @return decoded basic authentication header
*
* @see <a href="http://goo.gl/tZEBS3">issue 627</a>
* @see <a href="http://goo.gl/NhbZ2F">Stackoverflow Basic Authentication</a>
*
* @throws UnsupportedEncodingException
*/
private String decodeAuthenticationHeader(HttpServletRequest request, String authentication)
{
Charset encoding = DEFAULT_ENCODING;
if (userAgentParser != null)
{
encoding = userAgentParser.parse(request).getBasicAuthenticationCharset();
}
return new String(Base64.decode(authentication), encoding);
}
}
Reference in New Issue View Git Blame Copy Permalink