001
014
015 package com.liferay.portal.security.auth;
016
017 import com.liferay.portal.kernel.log.Log;
018 import com.liferay.portal.kernel.log.LogFactoryUtil;
019 import com.liferay.portal.kernel.util.Base64;
020 import com.liferay.portal.kernel.util.CharPool;
021 import com.liferay.portal.kernel.util.GetterUtil;
022 import com.liferay.portlet.login.util.LoginUtil;
023
024 import java.util.StringTokenizer;
025
026 import javax.servlet.http.HttpServletRequest;
027 import javax.servlet.http.HttpServletResponse;
028
029
061 public class BasicAuthHeaderAutoLogin implements AutoLogin {
062
063 public String[] login(
064 HttpServletRequest request, HttpServletResponse response)
065 throws AutoLoginException {
066
067 try {
068 String[] credentials = null;
069
070
071
072 String authorization = request.getHeader("Authorization");
073
074 if (authorization == null) {
075 return credentials;
076 }
077
078 StringTokenizer st = new StringTokenizer(authorization);
079
080 if (!st.hasMoreTokens()) {
081 return credentials;
082 }
083
084 String basic = st.nextToken();
085
086
087
088 if (!basic.equalsIgnoreCase(HttpServletRequest.BASIC_AUTH)) {
089 return credentials;
090 }
091
092 String encodedCredentials = st.nextToken();
093
094 if (_log.isDebugEnabled()) {
095 _log.debug("Encoded credentials are " + encodedCredentials);
096 }
097
098 String decodedCredentials = new String(
099 Base64.decode(encodedCredentials));
100
101 if (_log.isDebugEnabled()) {
102 _log.debug("Decoded credentials are " + decodedCredentials);
103 }
104
105 int pos = decodedCredentials.indexOf(CharPool.COLON);
106
107 if (pos == -1) {
108 return credentials;
109 }
110
111 String login = GetterUtil.getString(
112 decodedCredentials.substring(0, pos));
113 String password = decodedCredentials.substring(pos + 1);
114
115 try {
116 long userId = LoginUtil.getAuthenticatedUserId(
117 request, login, password, null);
118
119 credentials = new String[3];
120
121 credentials[0] = String.valueOf(userId);
122 credentials[1] = password;
123 credentials[2] = Boolean.TRUE.toString();
124 }
125 catch (Exception e) {
126 if (_log.isWarnEnabled()) {
127 _log.warn(login + " is not a valid login");
128 }
129 }
130
131 return credentials;
132 }
133 catch (Exception e) {
134 throw new AutoLoginException(e);
135 }
136 }
137
138 private static Log _log = LogFactoryUtil.getLog(
139 BasicAuthHeaderAutoLogin.class);
140
141 }