| BasicAuthHeaderAutoLogin.java |
1 /**
2 * Copyright (c) 2000-2008 Liferay, Inc. All rights reserved.
3 *
4 * Permission is hereby granted, free of charge, to any person obtaining a copy
5 * of this software and associated documentation files (the "Software"), to deal
6 * in the Software without restriction, including without limitation the rights
7 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8 * copies of the Software, and to permit persons to whom the Software is
9 * furnished to do so, subject to the following conditions:
10 *
11 * The above copyright notice and this permission notice shall be included in
12 * all copies or substantial portions of the Software.
13 *
14 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20 * SOFTWARE.
21 */
22
23 package com.liferay.portal.security.auth;
24
25 import com.liferay.portal.NoSuchUserException;
26 import com.liferay.portal.kernel.util.Base64;
27 import com.liferay.portal.kernel.util.GetterUtil;
28 import com.liferay.portal.kernel.util.StringPool;
29 import com.liferay.portal.service.UserLocalServiceUtil;
30
31 import java.util.StringTokenizer;
32
33 import javax.servlet.http.HttpServletRequest;
34 import javax.servlet.http.HttpServletResponse;
35
36 import org.apache.commons.logging.Log;
37 import org.apache.commons.logging.LogFactory;
38
39 /**
40 * <a href="BasicAuthHeaderAutoLogin.java.html"><b><i>View Source</i></b></a>
41 *
42 * <p>
43 * 1. Install Firefox. These instructions assume you have Firefox 2.0.0.1.
44 * Previous version of Firefox have been tested and are known to work.
45 * </p>
46 *
47 * <p>
48 * 2. Install the Modify Headers 0.5.4 Add-on. Tools > Add Ons. Click the get
49 * extensions link at the bottom of the window. Type in "Modify Headers" in the
50 * Search box. Find Modify Headers in the results page and click on it. Then
51 * click the install now link.
52 * </p>
53 *
54 * <p>
55 * 3. Configure Modify Headers to add a basic authentication header. Tools >
56 * Modify Headers. In the Modify Headers window select the Add drop down. Type
57 * in "Authorization" in the next box. Type in "Basic bGlmZXJheS5jb20uMTp0ZXN0"
58 * in the next box. Click the Add button.
59 * </p>
60 *
61 * <p>
62 * 4. Make sure your header modification is enabled and point your browser to
63 * the Liferay portal.
64 * </p>
65 *
66 * <p>
67 * 5. You should now be authenticated as Joe Bloggs.
68 * </p>
69 *
70 * @author Britt Courtney
71 * @author Brian Wing Shun Chan
72 *
73 */
74 public class BasicAuthHeaderAutoLogin implements AutoLogin {
75
76 public String[] login(HttpServletRequest req, HttpServletResponse res)
77 throws AutoLoginException {
78
79 try {
80 String[] credentials = null;
81
82 // Get the Authorization header, if one was supplied
83
84 String authorization = req.getHeader("Authorization");
85
86 if (authorization == null) {
87 return credentials;
88 }
89
90 StringTokenizer st = new StringTokenizer(authorization);
91
92 if (!st.hasMoreTokens()) {
93 return credentials;
94 }
95
96 String basic = st.nextToken();
97
98 // We only handle HTTP Basic authentication
99
100 if (!basic.equalsIgnoreCase(HttpServletRequest.BASIC_AUTH)) {
101 return credentials;
102 }
103
104 String encodedCredentials = st.nextToken();
105
106 if (_log.isDebugEnabled()) {
107 _log.debug("Encoded credentials are " + encodedCredentials);
108 }
109
110 String decodedCredentials = new String(
111 Base64.decode(encodedCredentials));
112
113 if (_log.isDebugEnabled()) {
114 _log.debug("Decoded credentials are " + decodedCredentials);
115 }
116
117 int pos = decodedCredentials.indexOf(StringPool.COLON);
118
119 if (pos == -1) {
120 return credentials;
121 }
122
123 long userId = GetterUtil.getLong(
124 decodedCredentials.substring(0, pos));
125 String password = decodedCredentials.substring(pos + 1);
126
127 try {
128 UserLocalServiceUtil.getUserById(userId);
129
130 credentials = new String[3];
131
132 credentials[0] = String.valueOf(userId);
133 credentials[1] = password;
134 credentials[2] = Boolean.TRUE.toString();
135 }
136 catch (NoSuchUserException nsue) {
137 if (_log.isWarnEnabled()) {
138 _log.warn(userId + " is not a valid user id");
139 }
140 }
141
142 return credentials;
143 }
144 catch (Exception e) {
145 throw new AutoLoginException(e);
146 }
147 }
148
149 private static Log _log = LogFactory.getLog(BasicAuthHeaderAutoLogin.class);
150
151 }