View Javadoc
1   /**
2    * Waffle (https://github.com/dblock/waffle)
3    *
4    * Copyright (c) 2010 - 2015 Application Security, Inc.
5    *
6    * All rights reserved. This program and the accompanying materials
7    * are made available under the terms of the Eclipse Public License v1.0
8    * which accompanies this distribution, and is available at
9    * http://www.eclipse.org/legal/epl-v10.html
10   *
11   * Contributors:
12   *     Application Security, Inc.
13   */
14  package waffle.servlet.spi;
15  
16  import java.io.IOException;
17  import java.security.InvalidParameterException;
18  
19  import javax.servlet.http.HttpServletRequest;
20  import javax.servlet.http.HttpServletResponse;
21  
22  import org.slf4j.Logger;
23  import org.slf4j.LoggerFactory;
24  
25  import com.google.common.base.Charsets;
26  
27  import waffle.util.AuthorizationHeader;
28  import waffle.windows.auth.IWindowsAuthProvider;
29  import waffle.windows.auth.IWindowsIdentity;
30  
31  /**
32   * A Basic authentication security filter provider. http://tools.ietf.org/html/rfc2617
33   * 
34   * @author dblock[at]dblock[dot]org
35   */
36  public class BasicSecurityFilterProvider implements SecurityFilterProvider {
37  
38      /** The Constant LOGGER. */
39      private static final Logger  LOGGER = LoggerFactory.getLogger(BasicSecurityFilterProvider.class);
40      
41      /** The realm. */
42      private String               realm  = "BasicSecurityFilterProvider";
43      
44      /** The auth. */
45      private final IWindowsAuthProvider auth;
46  
47      /**
48       * Instantiates a new basic security filter provider.
49       *
50       * @param newAuthProvider
51       *            the new auth provider
52       */
53      public BasicSecurityFilterProvider(final IWindowsAuthProvider newAuthProvider) {
54          this.auth = newAuthProvider;
55      }
56  
57      /* (non-Javadoc)
58       * @see waffle.servlet.spi.SecurityFilterProvider#doFilter(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
59       */
60      @Override
61      public IWindowsIdentity doFilter(final HttpServletRequest request, final HttpServletResponse response)
62              throws IOException {
63  
64          final AuthorizationHeader authorizationHeader = new AuthorizationHeader(request);
65          final String usernamePassword = new String(authorizationHeader.getTokenBytes(), Charsets.UTF_8);
66          final String[] usernamePasswordArray = usernamePassword.split(":", 2);
67          if (usernamePasswordArray.length != 2) {
68              throw new RuntimeException("Invalid username:password in Authorization header.");
69          }
70          BasicSecurityFilterProvider.LOGGER.debug("logging in user: {}", usernamePasswordArray[0]);
71          return this.auth.logonUser(usernamePasswordArray[0], usernamePasswordArray[1]);
72      }
73  
74      /* (non-Javadoc)
75       * @see waffle.servlet.spi.SecurityFilterProvider#isPrincipalException(javax.servlet.http.HttpServletRequest)
76       */
77      @Override
78      public boolean isPrincipalException(final HttpServletRequest request) {
79          return false;
80      }
81  
82      /* (non-Javadoc)
83       * @see waffle.servlet.spi.SecurityFilterProvider#isSecurityPackageSupported(java.lang.String)
84       */
85      @Override
86      public boolean isSecurityPackageSupported(final String securityPackage) {
87          return securityPackage.equalsIgnoreCase("Basic");
88      }
89  
90      /* (non-Javadoc)
91       * @see waffle.servlet.spi.SecurityFilterProvider#sendUnauthorized(javax.servlet.http.HttpServletResponse)
92       */
93      @Override
94      public void sendUnauthorized(final HttpServletResponse response) {
95          response.addHeader("WWW-Authenticate", "Basic realm=\"" + this.realm + "\"");
96      }
97  
98      /**
99       * Protection space.
100      * 
101      * @return Name of the protection space.
102      */
103     public String getRealm() {
104         return this.realm;
105     }
106 
107     /**
108      * Set the protection space.
109      * 
110      * @param value
111      *            Protection space name.
112      */
113     public void setRealm(final String value) {
114         this.realm = value;
115     }
116 
117     /**
118      * Init configuration parameters.
119      *
120      * @param parameterName
121      *            the parameter name
122      * @param parameterValue
123      *            the parameter value
124      */
125     @Override
126     public void initParameter(final String parameterName, final String parameterValue) {
127         if (parameterName.equals("realm")) {
128             this.setRealm(parameterValue);
129         } else {
130             throw new InvalidParameterException(parameterName);
131         }
132     }
133 }