| Classes in this File | Line Coverage | Branch Coverage | Complexity | ||||
| HttpAuthorization |
|
| 3.0;3 |
| 1 | /* | |
| 2 | * $Source: /usr/cvsroot/melati/melati/src/site/resources/withWebmacro/org.melati.login.HttpAuthorization.html,v $ | |
| 3 | * $Revision: 1.1 $ | |
| 4 | * | |
| 5 | * Copyright (C) 2000 William Chesters | |
| 6 | * | |
| 7 | * Part of Melati (http://melati.org), a framework for the rapid | |
| 8 | * development of clean, maintainable web applications. | |
| 9 | * | |
| 10 | * Melati is free software; Permission is granted to copy, distribute | |
| 11 | * and/or modify this software under the terms either: | |
| 12 | * | |
| 13 | * a) the GNU General Public License as published by the Free Software | |
| 14 | * Foundation; either version 2 of the License, or (at your option) | |
| 15 | * any later version, | |
| 16 | * | |
| 17 | * or | |
| 18 | * | |
| 19 | * b) any version of the Melati Software License, as published | |
| 20 | * at http://melati.org | |
| 21 | * | |
| 22 | * You should have received a copy of the GNU General Public License and | |
| 23 | * the Melati Software License along with this program; | |
| 24 | * if not, write to the Free Software Foundation, Inc., | |
| 25 | * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA to obtain the | |
| 26 | * GNU General Public License and visit http://melati.org to obtain the | |
| 27 | * Melati Software License. | |
| 28 | * | |
| 29 | * Feel free to contact the Developers of Melati (http://melati.org), | |
| 30 | * if you would like to work out a different arrangement than the options | |
| 31 | * outlined here. It is our intention to allow Melati to be used by as | |
| 32 | * wide an audience as possible. | |
| 33 | * | |
| 34 | * This program is distributed in the hope that it will be useful, | |
| 35 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 36 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
| 37 | * GNU General Public License for more details. | |
| 38 | * | |
| 39 | * Contact details for copyright holder: | |
| 40 | * | |
| 41 | * William Chesters <williamc At paneris.org> | |
| 42 | * http://paneris.org/~williamc | |
| 43 | * Obrechtstraat 114, 2517VX Den Haag, The Netherlands | |
| 44 | */ | |
| 45 | ||
| 46 | package org.melati.login; | |
| 47 | ||
| 48 | import javax.servlet.http.HttpServletRequest; | |
| 49 | ||
| 50 | import org.apache.commons.codec.binary.Base64; | |
| 51 | ||
| 52 | ||
| 53 | /** | |
| 54 | * The information contained in an HTTP authorization. | |
| 55 | * | |
| 56 | * See http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html and | |
| 57 | * http://www.ietf.org/rfc/rfc2617.txt | |
| 58 | */ | |
| 59 | final class HttpAuthorization { | |
| 60 | String type; | |
| 61 | String username; | |
| 62 | String password; | |
| 63 | ||
| 64 | 0 | private HttpAuthorization() { |
| 65 | // Utility classes should not have a public or default constructor. | |
| 66 | 0 | } |
| 67 | ||
| 68 | /** | |
| 69 | * Private constructor. | |
| 70 | * | |
| 71 | * @param type Authorization type - assumed to be "Basic" | |
| 72 | * @param username user name to check | |
| 73 | * @param password user password | |
| 74 | */ | |
| 75 | 2 | private HttpAuthorization(String type, String username, String password) { |
| 76 | 2 | this.type = type; |
| 77 | 2 | this.username = username; |
| 78 | 2 | this.password = password; |
| 79 | 2 | } |
| 80 | ||
| 81 | /** | |
| 82 | * Create an Authorization from an HTTP Authorization header. | |
| 83 | * | |
| 84 | * @param authHeader | |
| 85 | * @return a new Authorization or null | |
| 86 | */ | |
| 87 | static HttpAuthorization from(String authHeader) { | |
| 88 | // Space is only valid separator, | |
| 89 | // from my reading of http://www.ietf.org/rfc/rfc2617.txt | |
| 90 | // only one. | |
| 91 | // This has worked well for a long time. | |
| 92 | 8 | if (authHeader.regionMatches(0, "Basic ", 0, 6)) { |
| 93 | ||
| 94 | 4 | String logpas = new String(Base64.decodeBase64( |
| 95 | authHeader.substring(6).getBytes())); | |
| 96 | ||
| 97 | 4 | int colon = logpas.indexOf(':'); |
| 98 | ||
| 99 | 4 | if (colon == -1) |
| 100 | 2 | throw new HttpAuthorizationMelatiException( |
| 101 | "The browser sent Basic Authorization credentials with no colon " + | |
| 102 | "(that's not legal)"); | |
| 103 | ||
| 104 | 2 | return new HttpAuthorization("Basic", |
| 105 | logpas.substring(0, colon).trim(), | |
| 106 | logpas.substring(colon + 1).trim()); | |
| 107 | } | |
| 108 | else { | |
| 109 | 4 | int space = authHeader.indexOf(' '); |
| 110 | 4 | if (space == -1) |
| 111 | 2 | throw new HttpAuthorizationMelatiException( |
| 112 | "The browser sent an Authorization header without a space, " + | |
| 113 | "so it can't be anything Melati understands: " + | |
| 114 | authHeader); | |
| 115 | ||
| 116 | 2 | String type = authHeader.substring(0, space); |
| 117 | 2 | throw new HttpAuthorizationMelatiException( |
| 118 | "The browser tried to authenticate using an authorization type " + | |
| 119 | "`" + type + "' which Melati doesn't understand"); | |
| 120 | } | |
| 121 | } | |
| 122 | ||
| 123 | /** | |
| 124 | * Create an Authorization from a request. | |
| 125 | * | |
| 126 | * @param request to extract Authorization header from | |
| 127 | * @return a new Authorization or null | |
| 128 | */ | |
| 129 | static HttpAuthorization from(HttpServletRequest request) { | |
| 130 | 62 | String header = request.getHeader("Authorization"); |
| 131 | 62 | return header == null ? null : from(header); |
| 132 | } | |
| 133 | } | |
| 134 |