| BasicAuthHeaderAutoLogin.java |
1 /**
2 * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3 *
4 *
5 *
6 *
7 * The contents of this file are subject to the terms of the Liferay Enterprise
8 * Subscription License ("License"). You may not use this file except in
9 * compliance with the License. You can obtain a copy of the License by
10 * contacting Liferay, Inc. See the License for the specific language governing
11 * permissions and limitations under the License, including but not limited to
12 * distribution rights of the Software.
13 *
14 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20 * SOFTWARE.
21 */
22
23 package com.liferay.portal.security.auth;
24
25 import com.liferay.portal.NoSuchUserException;
26 import com.liferay.portal.kernel.log.Log;
27 import com.liferay.portal.kernel.log.LogFactoryUtil;
28 import com.liferay.portal.kernel.util.Base64;
29 import com.liferay.portal.kernel.util.GetterUtil;
30 import com.liferay.portal.kernel.util.StringPool;
31 import com.liferay.portal.service.UserLocalServiceUtil;
32
33 import java.util.StringTokenizer;
34
35 import javax.servlet.http.HttpServletRequest;
36 import javax.servlet.http.HttpServletResponse;
37
38 /**
39 * <a href="BasicAuthHeaderAutoLogin.java.html"><b><i>View Source</i></b></a>
40 *
41 * <p>
42 * 1. Install Firefox. These instructions assume you have Firefox 2.0.0.1.
43 * Previous version of Firefox have been tested and are known to work.
44 * </p>
45 *
46 * <p>
47 * 2. Install the Modify Headers 0.5.4 Add-on. Tools > Add Ons. Click the get
48 * extensions link at the bottom of the window. Type in "Modify Headers" in the
49 * Search box. Find Modify Headers in the results page and click on it. Then
50 * click the install now link.
51 * </p>
52 *
53 * <p>
54 * 3. Configure Modify Headers to add a basic authentication header. Tools >
55 * Modify Headers. In the Modify Headers window select the Add drop down. Type
56 * in "Authorization" in the next box. Type in "Basic bGlmZXJheS5jb20uMTp0ZXN0"
57 * in the next box. Click the Add button.
58 * </p>
59 *
60 * <p>
61 * 4. Make sure your header modification is enabled and point your browser to
62 * the Liferay portal.
63 * </p>
64 *
65 * <p>
66 * 5. You should now be authenticated as Joe Bloggs.
67 * </p>
68 *
69 * @author Britt Courtney
70 * @author Brian Wing Shun Chan
71 */
72 public class BasicAuthHeaderAutoLogin implements AutoLogin {
73
74 public String[] login(
75 HttpServletRequest request, HttpServletResponse response)
76 throws AutoLoginException {
77
78 try {
79 String[] credentials = null;
80
81 // Get the Authorization header, if one was supplied
82
83 String authorization = request.getHeader("Authorization");
84
85 if (authorization == null) {
86 return credentials;
87 }
88
89 StringTokenizer st = new StringTokenizer(authorization);
90
91 if (!st.hasMoreTokens()) {
92 return credentials;
93 }
94
95 String basic = st.nextToken();
96
97 // We only handle HTTP Basic authentication
98
99 if (!basic.equalsIgnoreCase(HttpServletRequest.BASIC_AUTH)) {
100 return credentials;
101 }
102
103 String encodedCredentials = st.nextToken();
104
105 if (_log.isDebugEnabled()) {
106 _log.debug("Encoded credentials are " + encodedCredentials);
107 }
108
109 String decodedCredentials = new String(
110 Base64.decode(encodedCredentials));
111
112 if (_log.isDebugEnabled()) {
113 _log.debug("Decoded credentials are " + decodedCredentials);
114 }
115
116 int pos = decodedCredentials.indexOf(StringPool.COLON);
117
118 if (pos == -1) {
119 return credentials;
120 }
121
122 long userId = GetterUtil.getLong(
123 decodedCredentials.substring(0, pos));
124 String password = decodedCredentials.substring(pos + 1);
125
126 try {
127 UserLocalServiceUtil.getUserById(userId);
128
129 credentials = new String[3];
130
131 credentials[0] = String.valueOf(userId);
132 credentials[1] = password;
133 credentials[2] = Boolean.TRUE.toString();
134 }
135 catch (NoSuchUserException nsue) {
136 if (_log.isWarnEnabled()) {
137 _log.warn(userId + " is not a valid user id");
138 }
139 }
140
141 return credentials;
142 }
143 catch (Exception e) {
144 throw new AutoLoginException(e);
145 }
146 }
147
148 private static Log _log =
149 LogFactoryUtil.getLog(BasicAuthHeaderAutoLogin.class);
150
151 }