| BasicAuthHeaderAutoLogin.java |
1 /**
2 * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
3 *
4 * This library is free software; you can redistribute it and/or modify it under
5 * the terms of the GNU Lesser General Public License as published by the Free
6 * Software Foundation; either version 2.1 of the License, or (at your option)
7 * any later version.
8 *
9 * This library is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
11 * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
12 * details.
13 */
14
15 package com.liferay.portal.security.auth;
16
17 import com.liferay.portal.NoSuchUserException;
18 import com.liferay.portal.kernel.log.Log;
19 import com.liferay.portal.kernel.log.LogFactoryUtil;
20 import com.liferay.portal.kernel.util.Base64;
21 import com.liferay.portal.kernel.util.GetterUtil;
22 import com.liferay.portal.kernel.util.StringPool;
23 import com.liferay.portal.service.UserLocalServiceUtil;
24
25 import java.util.StringTokenizer;
26
27 import javax.servlet.http.HttpServletRequest;
28 import javax.servlet.http.HttpServletResponse;
29
30 /**
31 * <a href="BasicAuthHeaderAutoLogin.java.html"><b><i>View Source</i></b></a>
32 *
33 * <p>
34 * 1. Install Firefox. These instructions assume you have Firefox 2.0.0.1.
35 * Previous version of Firefox have been tested and are known to work.
36 * </p>
37 *
38 * <p>
39 * 2. Install the Modify Headers 0.5.4 Add-on. Tools > Add Ons. Click the get
40 * extensions link at the bottom of the window. Type in "Modify Headers" in the
41 * Search box. Find Modify Headers in the results page and click on it. Then
42 * click the install now link.
43 * </p>
44 *
45 * <p>
46 * 3. Configure Modify Headers to add a basic authentication header. Tools >
47 * Modify Headers. In the Modify Headers window select the Add drop down. Type
48 * in "Authorization" in the next box. Type in "Basic bGlmZXJheS5jb20uMTp0ZXN0"
49 * in the next box. Click the Add button.
50 * </p>
51 *
52 * <p>
53 * 4. Make sure your header modification is enabled and point your browser to
54 * the Liferay portal.
55 * </p>
56 *
57 * <p>
58 * 5. You should now be authenticated as Joe Bloggs.
59 * </p>
60 *
61 * @author Britt Courtney
62 * @author Brian Wing Shun Chan
63 */
64 public class BasicAuthHeaderAutoLogin implements AutoLogin {
65
66 public String[] login(
67 HttpServletRequest request, HttpServletResponse response)
68 throws AutoLoginException {
69
70 try {
71 String[] credentials = null;
72
73 // Get the Authorization header, if one was supplied
74
75 String authorization = request.getHeader("Authorization");
76
77 if (authorization == null) {
78 return credentials;
79 }
80
81 StringTokenizer st = new StringTokenizer(authorization);
82
83 if (!st.hasMoreTokens()) {
84 return credentials;
85 }
86
87 String basic = st.nextToken();
88
89 // We only handle HTTP Basic authentication
90
91 if (!basic.equalsIgnoreCase(HttpServletRequest.BASIC_AUTH)) {
92 return credentials;
93 }
94
95 String encodedCredentials = st.nextToken();
96
97 if (_log.isDebugEnabled()) {
98 _log.debug("Encoded credentials are " + encodedCredentials);
99 }
100
101 String decodedCredentials = new String(
102 Base64.decode(encodedCredentials));
103
104 if (_log.isDebugEnabled()) {
105 _log.debug("Decoded credentials are " + decodedCredentials);
106 }
107
108 int pos = decodedCredentials.indexOf(StringPool.COLON);
109
110 if (pos == -1) {
111 return credentials;
112 }
113
114 long userId = GetterUtil.getLong(
115 decodedCredentials.substring(0, pos));
116 String password = decodedCredentials.substring(pos + 1);
117
118 try {
119 UserLocalServiceUtil.getUserById(userId);
120
121 credentials = new String[3];
122
123 credentials[0] = String.valueOf(userId);
124 credentials[1] = password;
125 credentials[2] = Boolean.TRUE.toString();
126 }
127 catch (NoSuchUserException nsue) {
128 if (_log.isWarnEnabled()) {
129 _log.warn(userId + " is not a valid user id");
130 }
131 }
132
133 return credentials;
134 }
135 catch (Exception e) {
136 throw new AutoLoginException(e);
137 }
138 }
139
140 private static Log _log = LogFactoryUtil.getLog(
141 BasicAuthHeaderAutoLogin.class);
142
143 }