| BasicAuthHeaderAutoLogin.java |
1 /**
2 * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3 *
4 * Permission is hereby granted, free of charge, to any person obtaining a copy
5 * of this software and associated documentation files (the "Software"), to deal
6 * in the Software without restriction, including without limitation the rights
7 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8 * copies of the Software, and to permit persons to whom the Software is
9 * furnished to do so, subject to the following conditions:
10 *
11 * The above copyright notice and this permission notice shall be included in
12 * all copies or substantial portions of the Software.
13 *
14 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20 * SOFTWARE.
21 */
22
23 package com.liferay.portal.security.auth;
24
25 import com.liferay.portal.NoSuchUserException;
26 import com.liferay.portal.kernel.log.Log;
27 import com.liferay.portal.kernel.log.LogFactoryUtil;
28 import com.liferay.portal.kernel.util.Base64;
29 import com.liferay.portal.kernel.util.GetterUtil;
30 import com.liferay.portal.kernel.util.StringPool;
31 import com.liferay.portal.service.UserLocalServiceUtil;
32
33 import java.util.StringTokenizer;
34
35 import javax.servlet.http.HttpServletRequest;
36 import javax.servlet.http.HttpServletResponse;
37
38 /**
39 * <a href="BasicAuthHeaderAutoLogin.java.html"><b><i>View Source</i></b></a>
40 *
41 * <p>
42 * 1. Install Firefox. These instructions assume you have Firefox 2.0.0.1.
43 * Previous version of Firefox have been tested and are known to work.
44 * </p>
45 *
46 * <p>
47 * 2. Install the Modify Headers 0.5.4 Add-on. Tools > Add Ons. Click the get
48 * extensions link at the bottom of the window. Type in "Modify Headers" in the
49 * Search box. Find Modify Headers in the results page and click on it. Then
50 * click the install now link.
51 * </p>
52 *
53 * <p>
54 * 3. Configure Modify Headers to add a basic authentication header. Tools >
55 * Modify Headers. In the Modify Headers window select the Add drop down. Type
56 * in "Authorization" in the next box. Type in "Basic bGlmZXJheS5jb20uMTp0ZXN0"
57 * in the next box. Click the Add button.
58 * </p>
59 *
60 * <p>
61 * 4. Make sure your header modification is enabled and point your browser to
62 * the Liferay portal.
63 * </p>
64 *
65 * <p>
66 * 5. You should now be authenticated as Joe Bloggs.
67 * </p>
68 *
69 * @author Britt Courtney
70 * @author Brian Wing Shun Chan
71 *
72 */
73 public class BasicAuthHeaderAutoLogin implements AutoLogin {
74
75 public String[] login(
76 HttpServletRequest request, HttpServletResponse response)
77 throws AutoLoginException {
78
79 try {
80 String[] credentials = null;
81
82 // Get the Authorization header, if one was supplied
83
84 String authorization = request.getHeader("Authorization");
85
86 if (authorization == null) {
87 return credentials;
88 }
89
90 StringTokenizer st = new StringTokenizer(authorization);
91
92 if (!st.hasMoreTokens()) {
93 return credentials;
94 }
95
96 String basic = st.nextToken();
97
98 // We only handle HTTP Basic authentication
99
100 if (!basic.equalsIgnoreCase(HttpServletRequest.BASIC_AUTH)) {
101 return credentials;
102 }
103
104 String encodedCredentials = st.nextToken();
105
106 if (_log.isDebugEnabled()) {
107 _log.debug("Encoded credentials are " + encodedCredentials);
108 }
109
110 String decodedCredentials = new String(
111 Base64.decode(encodedCredentials));
112
113 if (_log.isDebugEnabled()) {
114 _log.debug("Decoded credentials are " + decodedCredentials);
115 }
116
117 int pos = decodedCredentials.indexOf(StringPool.COLON);
118
119 if (pos == -1) {
120 return credentials;
121 }
122
123 long userId = GetterUtil.getLong(
124 decodedCredentials.substring(0, pos));
125 String password = decodedCredentials.substring(pos + 1);
126
127 try {
128 UserLocalServiceUtil.getUserById(userId);
129
130 credentials = new String[3];
131
132 credentials[0] = String.valueOf(userId);
133 credentials[1] = password;
134 credentials[2] = Boolean.TRUE.toString();
135 }
136 catch (NoSuchUserException nsue) {
137 if (_log.isWarnEnabled()) {
138 _log.warn(userId + " is not a valid user id");
139 }
140 }
141
142 return credentials;
143 }
144 catch (Exception e) {
145 throw new AutoLoginException(e);
146 }
147 }
148
149 private static Log _log =
150 LogFactoryUtil.getLog(BasicAuthHeaderAutoLogin.class);
151
152 }