1
14
15 package com.liferay.portal.security.auth;
16
17 import com.liferay.portal.NoSuchUserException;
18 import com.liferay.portal.kernel.log.Log;
19 import com.liferay.portal.kernel.log.LogFactoryUtil;
20 import com.liferay.portal.kernel.util.Base64;
21 import com.liferay.portal.kernel.util.CharPool;
22 import com.liferay.portal.kernel.util.GetterUtil;
23 import com.liferay.portal.service.UserLocalServiceUtil;
24
25 import java.util.StringTokenizer;
26
27 import javax.servlet.http.HttpServletRequest;
28 import javax.servlet.http.HttpServletResponse;
29
30
64 public class BasicAuthHeaderAutoLogin implements AutoLogin {
65
66 public String[] login(
67 HttpServletRequest request, HttpServletResponse response)
68 throws AutoLoginException {
69
70 try {
71 String[] credentials = null;
72
73
75 String authorization = request.getHeader("Authorization");
76
77 if (authorization == null) {
78 return credentials;
79 }
80
81 StringTokenizer st = new StringTokenizer(authorization);
82
83 if (!st.hasMoreTokens()) {
84 return credentials;
85 }
86
87 String basic = st.nextToken();
88
89
91 if (!basic.equalsIgnoreCase(HttpServletRequest.BASIC_AUTH)) {
92 return credentials;
93 }
94
95 String encodedCredentials = st.nextToken();
96
97 if (_log.isDebugEnabled()) {
98 _log.debug("Encoded credentials are " + encodedCredentials);
99 }
100
101 String decodedCredentials = new String(
102 Base64.decode(encodedCredentials));
103
104 if (_log.isDebugEnabled()) {
105 _log.debug("Decoded credentials are " + decodedCredentials);
106 }
107
108 int pos = decodedCredentials.indexOf(CharPool.COLON);
109
110 if (pos == -1) {
111 return credentials;
112 }
113
114 long userId = GetterUtil.getLong(
115 decodedCredentials.substring(0, pos));
116 String password = decodedCredentials.substring(pos + 1);
117
118 try {
119 UserLocalServiceUtil.getUserById(userId);
120
121 credentials = new String[3];
122
123 credentials[0] = String.valueOf(userId);
124 credentials[1] = password;
125 credentials[2] = Boolean.TRUE.toString();
126 }
127 catch (NoSuchUserException nsue) {
128 if (_log.isWarnEnabled()) {
129 _log.warn(userId + " is not a valid user id");
130 }
131 }
132
133 return credentials;
134 }
135 catch (Exception e) {
136 throw new AutoLoginException(e);
137 }
138 }
139
140 private static Log _log = LogFactoryUtil.getLog(
141 BasicAuthHeaderAutoLogin.class);
142
143 }