001    /**
002     * Copyright (c) 2000-2012 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.security.auth;
016    
017    import com.liferay.portal.kernel.log.Log;
018    import com.liferay.portal.kernel.log.LogFactoryUtil;
019    import com.liferay.portal.kernel.util.Base64;
020    import com.liferay.portal.kernel.util.CharPool;
021    import com.liferay.portal.kernel.util.GetterUtil;
022    import com.liferay.portlet.login.util.LoginUtil;
023    
024    import java.util.StringTokenizer;
025    
026    import javax.servlet.http.HttpServletRequest;
027    import javax.servlet.http.HttpServletResponse;
028    
029    /**
030     * <p>
031     * 1. Install Firefox. These instructions assume you have Firefox 2.0.0.1.
032     * Previous version of Firefox have been tested and are known to work.
033     * </p>
034     *
035     * <p>
036     * 2. Install the Modify Headers 0.5.4 Add-on. Tools > Add Ons. Click the get
037     * extensions link at the bottom of the window. Type in "Modify Headers" in the
038     * Search box. Find Modify Headers in the results page and click on it. Then
039     * click the install now link.
040     * </p>
041     *
042     * <p>
043     * 3. Configure Modify Headers to add a basic authentication header. Tools >
044     * Modify Headers. In the Modify Headers window select the Add drop down. Type
045     * in "Authorization" in the next box. Type in "Basic bGlmZXJheS5jb20uMTp0ZXN0"
046     * in the next box. Click the Add button.
047     * </p>
048     *
049     * <p>
050     * 4. Make sure your header modification is enabled and point your browser to
051     * the Liferay portal.
052     * </p>
053     *
054     * <p>
055     * 5. You should now be authenticated as Joe Bloggs.
056     * </p>
057     *
058     * @author Britt Courtney
059     * @author Brian Wing Shun Chan
060     */
061    public class BasicAuthHeaderAutoLogin implements AutoLogin {
062    
063            public String[] login(
064                            HttpServletRequest request, HttpServletResponse response)
065                    throws AutoLoginException {
066    
067                    try {
068                            String[] credentials = null;
069    
070                            // Get the Authorization header, if one was supplied
071    
072                            String authorization = request.getHeader("Authorization");
073    
074                            if (authorization == null) {
075                                    return credentials;
076                            }
077    
078                            StringTokenizer st = new StringTokenizer(authorization);
079    
080                            if (!st.hasMoreTokens()) {
081                                    return credentials;
082                            }
083    
084                            String basic = st.nextToken();
085    
086                            // We only handle HTTP Basic authentication
087    
088                            if (!basic.equalsIgnoreCase(HttpServletRequest.BASIC_AUTH)) {
089                                    return credentials;
090                            }
091    
092                            String encodedCredentials = st.nextToken();
093    
094                            if (_log.isDebugEnabled()) {
095                                    _log.debug("Encoded credentials are " + encodedCredentials);
096                            }
097    
098                            String decodedCredentials = new String(
099                                    Base64.decode(encodedCredentials));
100    
101                            if (_log.isDebugEnabled()) {
102                                    _log.debug("Decoded credentials are " + decodedCredentials);
103                            }
104    
105                            int pos = decodedCredentials.indexOf(CharPool.COLON);
106    
107                            if (pos == -1) {
108                                    return credentials;
109                            }
110    
111                            String login = GetterUtil.getString(
112                                    decodedCredentials.substring(0, pos));
113                            String password = decodedCredentials.substring(pos + 1);
114    
115                            try {
116                                    long userId = LoginUtil.getAuthenticatedUserId(
117                                            request, login, password, null);
118    
119                                    credentials = new String[3];
120    
121                                    credentials[0] = String.valueOf(userId);
122                                    credentials[1] = password;
123                                    credentials[2] = Boolean.TRUE.toString();
124                            }
125                            catch (Exception e) {
126                                    if (_log.isWarnEnabled()) {
127                                            _log.warn(login + " is not a valid login");
128                                    }
129                            }
130    
131                            return credentials;
132                    }
133                    catch (Exception e) {
134                            throw new AutoLoginException(e);
135                    }
136            }
137    
138            private static Log _log = LogFactoryUtil.getLog(
139                    BasicAuthHeaderAutoLogin.class);
140    
141    }