001
014
015 package com.liferay.portal.security.auth;
016
017 import com.liferay.portal.kernel.log.Log;
018 import com.liferay.portal.kernel.log.LogFactoryUtil;
019 import com.liferay.portal.kernel.util.Base64;
020 import com.liferay.portal.kernel.util.CharPool;
021 import com.liferay.portal.kernel.util.GetterUtil;
022 import com.liferay.portlet.login.util.LoginUtil;
023
024 import java.util.StringTokenizer;
025
026 import javax.servlet.http.HttpServletRequest;
027 import javax.servlet.http.HttpServletResponse;
028
029
061 public class BasicAuthHeaderAutoLogin implements AutoLogin {
062
063 @Override
064 public String[] login(
065 HttpServletRequest request, HttpServletResponse response)
066 throws AutoLoginException {
067
068 try {
069 String[] credentials = null;
070
071
072
073 String authorization = request.getHeader("Authorization");
074
075 if (authorization == null) {
076 return credentials;
077 }
078
079 StringTokenizer st = new StringTokenizer(authorization);
080
081 if (!st.hasMoreTokens()) {
082 return credentials;
083 }
084
085 String basic = st.nextToken();
086
087
088
089 if (!basic.equalsIgnoreCase(HttpServletRequest.BASIC_AUTH)) {
090 return credentials;
091 }
092
093 String encodedCredentials = st.nextToken();
094
095 if (_log.isDebugEnabled()) {
096 _log.debug("Encoded credentials are " + encodedCredentials);
097 }
098
099 String decodedCredentials = new String(
100 Base64.decode(encodedCredentials));
101
102 if (_log.isDebugEnabled()) {
103 _log.debug("Decoded credentials are " + decodedCredentials);
104 }
105
106 int pos = decodedCredentials.indexOf(CharPool.COLON);
107
108 if (pos == -1) {
109 return credentials;
110 }
111
112 String login = GetterUtil.getString(
113 decodedCredentials.substring(0, pos));
114 String password = decodedCredentials.substring(pos + 1);
115
116 try {
117 long userId = LoginUtil.getAuthenticatedUserId(
118 request, login, password, null);
119
120 credentials = new String[3];
121
122 credentials[0] = String.valueOf(userId);
123 credentials[1] = password;
124 credentials[2] = Boolean.TRUE.toString();
125 }
126 catch (Exception e) {
127 if (_log.isWarnEnabled()) {
128 _log.warn(login + " is not a valid login");
129 }
130 }
131
132 return credentials;
133 }
134 catch (Exception e) {
135 throw new AutoLoginException(e);
136 }
137 }
138
139 private static Log _log = LogFactoryUtil.getLog(
140 BasicAuthHeaderAutoLogin.class);
141
142 }