1   /**
2    * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
3    *
4    * The contents of this file are subject to the terms of the Liferay Enterprise
5    * Subscription License ("License"). You may not use this file except in
6    * compliance with the License. You can obtain a copy of the License by
7    * contacting Liferay, Inc. See the License for the specific language governing
8    * permissions and limitations under the License, including but not limited to
9    * distribution rights of the Software.
10   *
11   *
12   *
13   */
14  
15  package com.liferay.portal.security.auth;
16  
17  import com.liferay.portal.NoSuchUserException;
18  import com.liferay.portal.kernel.log.Log;
19  import com.liferay.portal.kernel.log.LogFactoryUtil;
20  import com.liferay.portal.kernel.util.Base64;
21  import com.liferay.portal.kernel.util.CharPool;
22  import com.liferay.portal.kernel.util.GetterUtil;
23  import com.liferay.portal.service.UserLocalServiceUtil;
24  
25  import java.util.StringTokenizer;
26  
27  import javax.servlet.http.HttpServletRequest;
28  import javax.servlet.http.HttpServletResponse;
29  
30  /**
31   * <a href="BasicAuthHeaderAutoLogin.java.html"><b><i>View Source</i></b></a>
32   *
33   * <p>
34   * 1. Install Firefox. These instructions assume you have Firefox 2.0.0.1.
35   * Previous version of Firefox have been tested and are known to work.
36   * </p>
37   *
38   * <p>
39   * 2. Install the Modify Headers 0.5.4 Add-on. Tools > Add Ons. Click the get
40   * extensions link at the bottom of the window. Type in "Modify Headers" in the
41   * Search box. Find Modify Headers in the results page and click on it. Then
42   * click the install now link.
43   * </p>
44   *
45   * <p>
46   * 3. Configure Modify Headers to add a basic authentication header. Tools >
47   * Modify Headers. In the Modify Headers window select the Add drop down. Type
48   * in "Authorization" in the next box. Type in "Basic bGlmZXJheS5jb20uMTp0ZXN0"
49   * in the next box. Click the Add button.
50   * </p>
51   *
52   * <p>
53   * 4. Make sure your header modification is enabled and point your browser to
54   * the Liferay portal.
55   * </p>
56   *
57   * <p>
58   * 5. You should now be authenticated as Joe Bloggs.
59   * </p>
60   *
61   * @author Britt Courtney
62   * @author Brian Wing Shun Chan
63   */
64  public class BasicAuthHeaderAutoLogin implements AutoLogin {
65  
66      public String[] login(
67              HttpServletRequest request, HttpServletResponse response)
68          throws AutoLoginException {
69  
70          try {
71              String[] credentials = null;
72  
73              // Get the Authorization header, if one was supplied
74  
75              String authorization = request.getHeader("Authorization");
76  
77              if (authorization == null) {
78                  return credentials;
79              }
80  
81              StringTokenizer st = new StringTokenizer(authorization);
82  
83              if (!st.hasMoreTokens()) {
84                  return credentials;
85              }
86  
87              String basic = st.nextToken();
88  
89              // We only handle HTTP Basic authentication
90  
91              if (!basic.equalsIgnoreCase(HttpServletRequest.BASIC_AUTH)) {
92                  return credentials;
93              }
94  
95              String encodedCredentials = st.nextToken();
96  
97              if (_log.isDebugEnabled()) {
98                  _log.debug("Encoded credentials are " + encodedCredentials);
99              }
100 
101             String decodedCredentials = new String(
102                 Base64.decode(encodedCredentials));
103 
104             if (_log.isDebugEnabled()) {
105                 _log.debug("Decoded credentials are " + decodedCredentials);
106             }
107 
108             int pos = decodedCredentials.indexOf(CharPool.COLON);
109 
110             if (pos == -1) {
111                 return credentials;
112             }
113 
114             long userId = GetterUtil.getLong(
115                 decodedCredentials.substring(0, pos));
116             String password = decodedCredentials.substring(pos + 1);
117 
118             try {
119                 UserLocalServiceUtil.getUserById(userId);
120 
121                 credentials = new String[3];
122 
123                 credentials[0] = String.valueOf(userId);
124                 credentials[1] = password;
125                 credentials[2] = Boolean.TRUE.toString();
126             }
127             catch (NoSuchUserException nsue) {
128                 if (_log.isWarnEnabled()) {
129                     _log.warn(userId + " is not a valid user id");
130                 }
131             }
132 
133             return credentials;
134         }
135         catch (Exception e) {
136             throw new AutoLoginException(e);
137         }
138     }
139 
140     private static Log _log = LogFactoryUtil.getLog(
141         BasicAuthHeaderAutoLogin.class);
142 
143 }