1 // ========================================================================
2 // Copyright 2002-2005 Mort Bay Consulting Pty. Ltd.
3 // ------------------------------------------------------------------------
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 // http://www.apache.org/licenses/LICENSE-2.0
8 // Unless required by applicable law or agreed to in writing, software
9 // distributed under the License is distributed on an "AS IS" BASIS,
10 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 // See the License for the specific language governing permissions and
12 // limitations under the License.
13 // ========================================================================
14
15 package org.mortbay.jetty.security;
16
17 import java.io.IOException;
18 import java.security.Principal;
19
20 import javax.servlet.http.HttpServletResponse;
21
22 import org.mortbay.jetty.HttpHeaders;
23 import org.mortbay.jetty.Request;
24 import org.mortbay.jetty.Response;
25 import org.mortbay.log.Log;
26 import org.mortbay.util.StringUtil;
27
28 /* ------------------------------------------------------------ */
29 /** BASIC authentication.
30 *
31 * @author Greg Wilkins (gregw)
32 */
33 public class BasicAuthenticator implements Authenticator
34 {
35 /* ------------------------------------------------------------ */
36 /**
37 * @return UserPrinciple if authenticated or null if not. If
38 * Authentication fails, then the authenticator may have committed
39 * the response as an auth challenge or redirect.
40 * @exception IOException
41 */
42 public Principal authenticate(UserRealm realm,
43 String pathInContext,
44 Request request,
45 Response response)
46 throws IOException
47 {
48 // Get the user if we can
49 Principal user=null;
50 String credentials = request.getHeader(HttpHeaders.AUTHORIZATION);
51
52 if (credentials!=null )
53 {
54 try
55 {
56 if(Log.isDebugEnabled())Log.debug("Credentials: "+credentials);
57 credentials = credentials.substring(credentials.indexOf(' ')+1);
58 credentials = B64Code.decode(credentials,StringUtil.__ISO_8859_1);
59 int i = credentials.indexOf(':');
60 String username = credentials.substring(0,i);
61 String password = credentials.substring(i+1);
62 user = realm.authenticate(username,password,request);
63
64 if (user==null)
65 {
66 Log.warn("AUTH FAILURE: user {}",StringUtil.printable(username));
67 }
68 else
69 {
70 request.setAuthType(Constraint.__BASIC_AUTH);
71 request.setUserPrincipal(user);
72 }
73 }
74 catch (Exception e)
75 {
76 Log.warn("AUTH FAILURE: "+e.toString());
77 Log.ignore(e);
78 }
79 }
80
81 // Challenge if we have no user
82 if (user==null && response!=null)
83 sendChallenge(realm,response);
84
85 return user;
86 }
87
88 /* ------------------------------------------------------------ */
89 public String getAuthMethod()
90 {
91 return Constraint.__BASIC_AUTH;
92 }
93
94 /* ------------------------------------------------------------ */
95 public void sendChallenge(UserRealm realm,Response response)
96 throws IOException
97 {
98 response.setHeader(HttpHeaders.WWW_AUTHENTICATE, "Basic realm=\""+realm.getName()+'"');
99 response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
100 }
101
102 }
103