/* ======================================================================
The Bodington System Software License, Version 1.0
Copyright (c) 2001 The University of Leeds. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. The end-user documentation included with the redistribution, if any,
must include the following acknowledgement: "This product includes
software developed by the University of Leeds
(http://www.bodington.org/)." Alternately, this acknowledgement may
appear in the software itself, if and wherever such third-party
acknowledgements normally appear.
4. The names "Bodington", "Nathan Bodington", "Bodington System",
"Bodington Open Source Project", and "The University of Leeds" must not be
used to endorse or promote products derived from this software without
prior written permission. For written permission, please contact
d.gardner@leeds.ac.uk.
5. The name "Bodington" may not appear in the name of products derived
from this software without prior written permission of the University of
Leeds.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, TITLE, THE IMPLIED WARRANTIES
OF QUALITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
EVENT SHALL THE UNIVERSITY OF LEEDS OR ITS CONTRIBUTORS BE LIABLE FOR
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
=========================================================
This software was originally created by the University of Leeds and may contain voluntary
contributions from others. For more information on the Bodington Open Source Project, please
see http://bodington.org/
====================================================================== */
package org.bodington.servlet;
import java.io.IOException;
import java.rmi.RemoteException;
import java.util.Properties;
import javax.servlet.http.HttpServletRequest;
import org.bodington.server.BuildingServerException;
import org.bodington.server.NavigationSession;
import org.bodington.util.Base64Decoder;
/**
* Class that handles session initialization via basic authentication.
* @author Alexis O'Connor
*/
class BasicSessionInitializer extends AbstractSessionInitializer
{
private static Base64Decoder base64decoder = new Base64Decoder();
/**
* Look for a session associated with the request. If no session can be
* found, this method returns null. The implementation of
* this method attempts to find the session by calling the method in its
* superclass and then going via the authorization header in
* the request.
* @param request the request to be examined.
* @return a session associated with the request.
*/
protected HttpSession findHttpSession( Request request )
{
HttpSession session = super.findHttpSession( request );
if ( session != null )
return session;
// Check if a basic user name and password are present.
String authorization = request.getHeader( "Authorization" );
if (authorization == null)
return null;
if ( authorization.toLowerCase().startsWith( "basic " ) )
{
// If there was a successful previous login the auth string must be
// same and so we can just pick up the session keyed against it.
session = HttpSession.findSessionByAuthenticationString( authorization );
// If this auth string has not been seen before start a new session
// and make sure that it is keyed against the auth string for later
// requests.
if ( session == null )
{
session =
(org.bodington.servlet.HttpSession)request.getSession( true );
session.setAuthenticationString( authorization );
}
}
return session;
}
protected boolean initialize( Request request,
HttpSession session, NavigationSession navigation )
{
try
{
String authorization = request.getHeader( "Authorization" );
if ( authorization == null
|| !authorization.toLowerCase().startsWith( "basic " ) )
{
return false;
}
authorization = authorization.substring( 6 ).trim();
synchronized ( base64decoder )
{
try
{
authorization = base64decoder.decodeBuffer( authorization,
"UTF-8" );
}
catch ( IOException ioex )
{
authorization = "";
}
}
if ( authorization.indexOf( ':' ) >= 0 )
{
String userName = authorization.substring( 0,
authorization.indexOf( ':' ) );
String password = authorization.substring(
authorization.indexOf( ':' ) + 1 );
Properties props = new Properties();
props.setProperty( "user_name", userName );
props.setProperty( "pass_phrase", password );
navigation.setAuthenticationCredentials( props,
"standard_pass_phrase" );
return true;
}
}
catch ( BuildingServerException e )
{
}
return false;
}
protected void postInitialize( HttpSession session, Request request )
{
super.postInitialize( session, request );
session.setAuthType( HttpServletRequest.BASIC_AUTH );
}
}