Source code

001/*
002 * ModeShape (http://www.modeshape.org)
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 *       http://www.apache.org/licenses/LICENSE-2.0
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 */
016package org.modeshape.web;
017
018import java.io.ByteArrayOutputStream;
019import java.io.IOException;
020import java.io.InputStream;
021import java.util.StringTokenizer;
022import java.util.logging.Logger;
023import javax.servlet.Filter;
024import javax.servlet.FilterChain;
025import javax.servlet.FilterConfig;
026import javax.servlet.ServletException;
027import javax.servlet.ServletRequest;
028import javax.servlet.ServletResponse;
029import javax.servlet.http.HttpServletRequest;
030import javax.servlet.http.HttpSession;
031import org.modeshape.common.util.Base64;
032
033/**
034 *
035 * @author kulikov
036 */
037public class AuthFilter implements Filter {
038    private final static Logger logger = Logger.getLogger("AuthFilter");
039    
040    @Override
041    public void init(FilterConfig fc) {
042    }
043
044    @Override
045    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
046        String authHeader = ((HttpServletRequest)request).getHeader("Authorization");
047        HttpSession session = ((HttpServletRequest)request).getSession(true);
048        
049        String userID = null;
050        String pass = null;
051        
052        if (authHeader != null) {
053            StringTokenizer st = new StringTokenizer(authHeader);
054            if (st.hasMoreTokens()) {
055                String basic = st.nextToken();
056                if (basic.equalsIgnoreCase("Basic")) {
057                    String userPass = new String(Base64.decode(st.nextToken()));
058                    int p = userPass.indexOf(":");
059                    if (p != -1) {
060                        userID = userPass.substring(0, p);
061                        pass = userPass.substring(p + 1);
062                        
063                    }
064                }
065            }
066        } else {
067            //for based?
068/*            String params = Stream2String(request.getInputStream());
069            logger.info("Params=" + params);
070            String[] credentials = params.split("&");
071            
072            if (credentials.length != 2) {
073                throw new ServletException("Unknown authentication method");
074            }
075            
076            userID = credentials[0].split("=")[0];
077            pass = credentials[1].split("=")[0];
078            */ 
079        } 
080
081        session.setAttribute("uname", userID); 
082        session.setAttribute("password", pass); 
083        chain.doFilter(request, response);
084    }
085
086    private String Stream2String(InputStream in) throws IOException {
087        ByteArrayOutputStream bout = new ByteArrayOutputStream();
088        int b;
089        while ((b = in.read()) != -1) {
090            bout.write((byte)b);
091        }
092        return bout.toString();
093    }
094    
095    @Override
096    public void destroy() {
097    }
098}