Coverage Report - org.melati.login.HttpAuthorization
 
Classes in this File Line Coverage Branch Coverage Complexity
HttpAuthorization
82%
19/23
75%
6/8
3
 
 1   
 /*
 2   
  * $Source$
 3   
  * $Revision$
 4   
  *
 5   
  * Copyright (C) 2000 William Chesters
 6   
  *
 7   
  * Part of Melati (http://melati.org), a framework for the rapid
 8   
  * development of clean, maintainable web applications.
 9   
  *
 10   
  * Melati is free software; Permission is granted to copy, distribute
 11   
  * and/or modify this software under the terms either:
 12   
  *
 13   
  * a) the GNU General Public License as published by the Free Software
 14   
  *    Foundation; either version 2 of the License, or (at your option)
 15   
  *    any later version,
 16   
  *
 17   
  *    or
 18   
  *
 19   
  * b) any version of the Melati Software License, as published
 20   
  *    at http://melati.org
 21   
  *
 22   
  * You should have received a copy of the GNU General Public License and
 23   
  * the Melati Software License along with this program;
 24   
  * if not, write to the Free Software Foundation, Inc.,
 25   
  * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA to obtain the
 26   
  * GNU General Public License and visit http://melati.org to obtain the
 27   
  * Melati Software License.
 28   
  *
 29   
  * Feel free to contact the Developers of Melati (http://melati.org),
 30   
  * if you would like to work out a different arrangement than the options
 31   
  * outlined here.  It is our intention to allow Melati to be used by as
 32   
  * wide an audience as possible.
 33   
  *
 34   
  * This program is distributed in the hope that it will be useful,
 35   
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 36   
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 37   
  * GNU General Public License for more details.
 38   
  *
 39   
  * Contact details for copyright holder:
 40   
  *
 41   
  *     William Chesters <williamc At paneris.org>
 42   
  *     http://paneris.org/~williamc
 43   
  *     Obrechtstraat 114, 2517VX Den Haag, The Netherlands
 44   
  */
 45   
 
 46   
 package org.melati.login;
 47   
 
 48   
 import javax.servlet.http.HttpServletRequest;
 49   
 
 50   
 import org.apache.commons.codec.binary.Base64;
 51   
 
 52   
 
 53   
 /**
 54   
  * The information contained in an HTTP authorization.
 55   
  *
 56   
  * See http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html and
 57   
  * http://www.ietf.org/rfc/rfc2617.txt
 58   
  */
 59   
 final class HttpAuthorization {
 60   
   String type;
 61   
   String username;
 62   
   String password;
 63   
 
 64  0 
   private HttpAuthorization() {
 65   
     // Utility classes should not have a public or default constructor.
 66  0 
   }
 67   
 
 68   
   /**
 69   
    * Private constructor.
 70   
    *
 71   
    * @param type Authorization type - assumed to be "Basic"
 72   
    * @param username user name to check
 73   
    * @param password user password
 74   
    */
 75  2 
   private HttpAuthorization(String type, String username, String password) {
 76  2 
     this.type = type;
 77  2 
     this.username = username;
 78  2 
     this.password = password;
 79  2 
   }
 80   
 
 81   
   /**
 82   
    * Create an Authorization from an HTTP Authorization header.
 83   
    *
 84   
    * @param authHeader
 85   
    * @return a new Authorization or null
 86   
    */
 87   
   static HttpAuthorization from(String authHeader) {
 88   
     // Space is only valid separator,
 89   
     // from my reading of http://www.ietf.org/rfc/rfc2617.txt
 90   
     // only one.
 91   
     // This has worked well for a long time.
 92  3 
     if (authHeader.regionMatches(0, "Basic ", 0, 6)) {
 93   
 
 94  4 
       String logpas = new String(Base64.decodeBase64(
 95  2 
               authHeader.substring(6).getBytes()));
 96   
 
 97  2 
       int colon = logpas.indexOf(':');
 98   
 
 99  2 
       if (colon == -1)
 100  0 
         throw new HttpAuthorizationMelatiException(
 101   
             "The browser sent Basic Authorization credentials with no colon " +
 102   
             "(that's not legal)");
 103   
 
 104  2 
       return new HttpAuthorization("Basic",
 105  2 
                                    logpas.substring(0, colon).trim(),
 106  2 
                                    logpas.substring(colon + 1).trim());
 107   
     }
 108   
     else {
 109  1 
       int space = authHeader.indexOf(' ');
 110  1 
       if (space == -1)
 111  0 
         throw new HttpAuthorizationMelatiException(
 112   
             "The browser sent an Authorization header without a space, " +
 113   
             "so it can't be anything Melati understands: " +
 114   
             authHeader);
 115   
 
 116  1 
       String type = authHeader.substring(0, space);
 117  1 
       throw new HttpAuthorizationMelatiException(
 118   
             "The browser tried to authenticate using an authorization type " +
 119   
             "`" + type + "' which Melati doesn't understand");
 120   
     }
 121   
   }
 122   
 
 123   
   /**
 124   
    * Create an Authorization from a request.
 125   
    *
 126   
    * @param request to extract Authorization header from
 127   
    * @return a new Authorization or null
 128   
    */
 129   
   static HttpAuthorization from(HttpServletRequest request) {
 130  30 
     String header = request.getHeader("Authorization");
 131  30 
     return header == null ? null : from(header);
 132   
   }
 133   
 }
 134   
 
Report generated by Cobertura 2.0.3 on 25/06/15 10:36.