Classes in this File | Line Coverage | Branch Coverage | Complexity | ||||
HttpAuthorization |
|
| 3.0;3 |
1 | /* | |
2 | * $Source$ | |
3 | * $Revision$ | |
4 | * | |
5 | * Copyright (C) 2000 William Chesters | |
6 | * | |
7 | * Part of Melati (http://melati.org), a framework for the rapid | |
8 | * development of clean, maintainable web applications. | |
9 | * | |
10 | * Melati is free software; Permission is granted to copy, distribute | |
11 | * and/or modify this software under the terms either: | |
12 | * | |
13 | * a) the GNU General Public License as published by the Free Software | |
14 | * Foundation; either version 2 of the License, or (at your option) | |
15 | * any later version, | |
16 | * | |
17 | * or | |
18 | * | |
19 | * b) any version of the Melati Software License, as published | |
20 | * at http://melati.org | |
21 | * | |
22 | * You should have received a copy of the GNU General Public License and | |
23 | * the Melati Software License along with this program; | |
24 | * if not, write to the Free Software Foundation, Inc., | |
25 | * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA to obtain the | |
26 | * GNU General Public License and visit http://melati.org to obtain the | |
27 | * Melati Software License. | |
28 | * | |
29 | * Feel free to contact the Developers of Melati (http://melati.org), | |
30 | * if you would like to work out a different arrangement than the options | |
31 | * outlined here. It is our intention to allow Melati to be used by as | |
32 | * wide an audience as possible. | |
33 | * | |
34 | * This program is distributed in the hope that it will be useful, | |
35 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
36 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
37 | * GNU General Public License for more details. | |
38 | * | |
39 | * Contact details for copyright holder: | |
40 | * | |
41 | * William Chesters <williamc At paneris.org> | |
42 | * http://paneris.org/~williamc | |
43 | * Obrechtstraat 114, 2517VX Den Haag, The Netherlands | |
44 | */ | |
45 | ||
46 | package org.melati.login; | |
47 | ||
48 | import javax.servlet.http.HttpServletRequest; | |
49 | ||
50 | import org.apache.commons.codec.binary.Base64; | |
51 | ||
52 | ||
53 | /** | |
54 | * The information contained in an HTTP authorization. | |
55 | * | |
56 | * See http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html and | |
57 | * http://www.ietf.org/rfc/rfc2617.txt | |
58 | */ | |
59 | final class HttpAuthorization { | |
60 | String type; | |
61 | String username; | |
62 | String password; | |
63 | ||
64 | 0 | private HttpAuthorization() { |
65 | // Utility classes should not have a public or default constructor. | |
66 | 0 | } |
67 | ||
68 | /** | |
69 | * Private constructor. | |
70 | * | |
71 | * @param type Authorization type - assumed to be "Basic" | |
72 | * @param username user name to check | |
73 | * @param password user password | |
74 | */ | |
75 | 2 | private HttpAuthorization(String type, String username, String password) { |
76 | 2 | this.type = type; |
77 | 2 | this.username = username; |
78 | 2 | this.password = password; |
79 | 2 | } |
80 | ||
81 | /** | |
82 | * Create an Authorization from an HTTP Authorization header. | |
83 | * | |
84 | * @param authHeader | |
85 | * @return a new Authorization or null | |
86 | */ | |
87 | static HttpAuthorization from(String authHeader) { | |
88 | // Space is only valid separator, | |
89 | // from my reading of http://www.ietf.org/rfc/rfc2617.txt | |
90 | // only one. | |
91 | // This has worked well for a long time. | |
92 | 3 | if (authHeader.regionMatches(0, "Basic ", 0, 6)) { |
93 | ||
94 | 4 | String logpas = new String(Base64.decodeBase64( |
95 | 2 | authHeader.substring(6).getBytes())); |
96 | ||
97 | 2 | int colon = logpas.indexOf(':'); |
98 | ||
99 | 2 | if (colon == -1) |
100 | 0 | throw new HttpAuthorizationMelatiException( |
101 | "The browser sent Basic Authorization credentials with no colon " + | |
102 | "(that's not legal)"); | |
103 | ||
104 | 2 | return new HttpAuthorization("Basic", |
105 | 2 | logpas.substring(0, colon).trim(), |
106 | 2 | logpas.substring(colon + 1).trim()); |
107 | } | |
108 | else { | |
109 | 1 | int space = authHeader.indexOf(' '); |
110 | 1 | if (space == -1) |
111 | 0 | throw new HttpAuthorizationMelatiException( |
112 | "The browser sent an Authorization header without a space, " + | |
113 | "so it can't be anything Melati understands: " + | |
114 | authHeader); | |
115 | ||
116 | 1 | String type = authHeader.substring(0, space); |
117 | 1 | throw new HttpAuthorizationMelatiException( |
118 | "The browser tried to authenticate using an authorization type " + | |
119 | "`" + type + "' which Melati doesn't understand"); | |
120 | } | |
121 | } | |
122 | ||
123 | /** | |
124 | * Create an Authorization from a request. | |
125 | * | |
126 | * @param request to extract Authorization header from | |
127 | * @return a new Authorization or null | |
128 | */ | |
129 | static HttpAuthorization from(HttpServletRequest request) { | |
130 | 30 | String header = request.getHeader("Authorization"); |
131 | 30 | return header == null ? null : from(header); |
132 | } | |
133 | } | |
134 |