BasicAuthHeaderAutoLogin.java |
1 /** 2 * Copyright (c) 2000-2007 Liferay, Inc. All rights reserved. 3 * 4 * Permission is hereby granted, free of charge, to any person obtaining a copy 5 * of this software and associated documentation files (the "Software"), to deal 6 * in the Software without restriction, including without limitation the rights 7 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 8 * copies of the Software, and to permit persons to whom the Software is 9 * furnished to do so, subject to the following conditions: 10 * 11 * The above copyright notice and this permission notice shall be included in 12 * all copies or substantial portions of the Software. 13 * 14 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 15 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 19 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 20 * SOFTWARE. 21 */ 22 23 package com.liferay.portal.security.auth; 24 25 import com.liferay.portal.NoSuchUserException; 26 import com.liferay.portal.kernel.util.Base64; 27 import com.liferay.portal.kernel.util.GetterUtil; 28 import com.liferay.portal.kernel.util.StringPool; 29 import com.liferay.portal.service.UserLocalServiceUtil; 30 31 import java.util.StringTokenizer; 32 33 import javax.servlet.http.HttpServletRequest; 34 import javax.servlet.http.HttpServletResponse; 35 36 import org.apache.commons.logging.Log; 37 import org.apache.commons.logging.LogFactory; 38 39 /** 40 * <a href="BasicAuthHeaderAutoLogin.java.html"><b><i>View Source</i></b></a> 41 * 42 * <p> 43 * 1. Install Firefox. These instructions assume you have Firefox 2.0.0.1. 44 * Previous version of Firefox have been tested and are known to work. 45 * </p> 46 * 47 * <p> 48 * 2. Install the Modify Headers 0.5.4 Add-on. Tools > Add Ons. Click the get 49 * extensions link at the bottom of the window. Type in "Modify Headers" in the 50 * Search box. Find Modify Headers in the results page and click on it. Then 51 * click the install now link. 52 * </p> 53 * 54 * <p> 55 * 3. Configure Modify Headers to add a basic authentication header. Tools > 56 * Modify Headers. In the Modify Headers window select the Add drop down. Type 57 * in "Authorization" in the next box. Type in "Basic bGlmZXJheS5jb20uMTp0ZXN0" 58 * in the next box. Click the Add button. 59 * </p> 60 * 61 * <p> 62 * 4. Make sure your header modification is enabled and point your browser to 63 * the Liferay portal. 64 * </p> 65 * 66 * <p> 67 * 5. You should now be authenticated as Joe Bloggs. 68 * </p> 69 * 70 * @author Britt Courtney 71 * @author Brian Wing Shun Chan 72 * 73 */ 74 public class BasicAuthHeaderAutoLogin implements AutoLogin { 75 76 public String[] login(HttpServletRequest req, HttpServletResponse res) 77 throws AutoLoginException { 78 79 try { 80 String[] credentials = null; 81 82 // Get the Authorization header, if one was supplied 83 84 String authHeader = req.getHeader("Authorization"); 85 86 if (authHeader == null) { 87 return credentials; 88 } 89 90 StringTokenizer st = new StringTokenizer(authHeader); 91 92 if (!st.hasMoreTokens()) { 93 return credentials; 94 } 95 96 String basic = st.nextToken(); 97 98 // We only handle HTTP Basic authentication 99 100 if (basic.equalsIgnoreCase("Basic")) { 101 String encodedCredentials = st.nextToken(); 102 103 if (_log.isDebugEnabled()) { 104 _log.debug("Encoded credentials are " + encodedCredentials); 105 } 106 107 String decodedCredentials = new String( 108 Base64.decode(encodedCredentials)); 109 110 if (_log.isDebugEnabled()) { 111 _log.debug("Decoded credentials are " + decodedCredentials); 112 } 113 114 int p = decodedCredentials.indexOf(StringPool.COLON); 115 116 if (p == -1) { 117 return credentials; 118 } 119 120 long userId = GetterUtil.getLong( 121 decodedCredentials.substring(0, p)); 122 String password = decodedCredentials.substring(p + 1); 123 124 try { 125 UserLocalServiceUtil.getUserById(userId); 126 127 credentials = new String[3]; 128 129 credentials[0] = String.valueOf(userId); 130 credentials[1] = password; 131 credentials[2] = Boolean.TRUE.toString(); 132 } 133 catch (NoSuchUserException nsue) { 134 if (_log.isWarnEnabled()) { 135 _log.warn(userId + " is not a valid user id"); 136 } 137 } 138 } 139 140 return credentials; 141 } 142 catch (Exception e) { 143 throw new AutoLoginException(e); 144 } 145 } 146 147 private static Log _log = LogFactory.getLog(BasicAuthHeaderAutoLogin.class); 148 149 }