View Javadoc
1   /*
2    * MIT License
3    *
4    * Copyright (c) 2010-2024 The Waffle Project Contributors: https://github.com/Waffle/waffle/graphs/contributors
5    *
6    * Permission is hereby granted, free of charge, to any person obtaining a copy
7    * of this software and associated documentation files (the "Software"), to deal
8    * in the Software without restriction, including without limitation the rights
9    * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10   * copies of the Software, and to permit persons to whom the Software is
11   * furnished to do so, subject to the following conditions:
12   *
13   * The above copyright notice and this permission notice shall be included in all
14   * copies or substantial portions of the Software.
15   *
16   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22   * SOFTWARE.
23   */
24  package waffle.servlet.spi;
25  
26  import jakarta.servlet.http.HttpServletRequest;
27  import jakarta.servlet.http.HttpServletResponse;
28  
29  import java.io.IOException;
30  import java.nio.charset.StandardCharsets;
31  import java.security.InvalidParameterException;
32  
33  import org.slf4j.Logger;
34  import org.slf4j.LoggerFactory;
35  
36  import waffle.util.AuthorizationHeader;
37  import waffle.windows.auth.IWindowsAuthProvider;
38  import waffle.windows.auth.IWindowsIdentity;
39  
40  /**
41   * A Basic authentication security filter provider. https://tools.ietf.org/html/rfc2617
42   */
43  public class BasicSecurityFilterProvider implements SecurityFilterProvider {
44  
45      /** The Constant LOGGER. */
46      private static final Logger LOGGER = LoggerFactory.getLogger(BasicSecurityFilterProvider.class);
47  
48      /** The realm. */
49      private String realm = "BasicSecurityFilterProvider";
50  
51      /** The auth. */
52      private final IWindowsAuthProvider auth;
53  
54      /**
55       * Instantiates a new basic security filter provider.
56       *
57       * @param newAuthProvider
58       *            the new auth provider
59       */
60      public BasicSecurityFilterProvider(final IWindowsAuthProvider newAuthProvider) {
61          this.auth = newAuthProvider;
62      }
63  
64      @Override
65      public IWindowsIdentity doFilter(final HttpServletRequest request, final HttpServletResponse response)
66              throws IOException {
67  
68          final AuthorizationHeader authorizationHeader = new AuthorizationHeader(request);
69          final String usernamePassword = new String(authorizationHeader.getTokenBytes(), StandardCharsets.UTF_8);
70          final String[] usernamePasswordArray = usernamePassword.split(":", 2);
71          if (usernamePasswordArray.length != 2) {
72              throw new RuntimeException("Invalid username:password in Authorization header.");
73          }
74          BasicSecurityFilterProvider.LOGGER.debug("logging in user: {}", usernamePasswordArray[0]);
75          return this.auth.logonUser(usernamePasswordArray[0], usernamePasswordArray[1]);
76      }
77  
78      @Override
79      public boolean isPrincipalException(final HttpServletRequest request) {
80          return false;
81      }
82  
83      @Override
84      public boolean isSecurityPackageSupported(final String securityPackage) {
85          return "Basic".equalsIgnoreCase(securityPackage);
86      }
87  
88      @Override
89      public void sendUnauthorized(final HttpServletResponse response) {
90          response.addHeader("WWW-Authenticate", "Basic realm=\"" + this.realm + "\"");
91      }
92  
93      /**
94       * Protection space.
95       *
96       * @return Name of the protection space.
97       */
98      public String getRealm() {
99          return this.realm;
100     }
101 
102     /**
103      * Set the protection space.
104      *
105      * @param value
106      *            Protection space name.
107      */
108     public void setRealm(final String value) {
109         this.realm = value;
110     }
111 
112     /**
113      * Init configuration parameters.
114      *
115      * @param parameterName
116      *            the parameter name
117      * @param parameterValue
118      *            the parameter value
119      */
120     @Override
121     public void initParameter(final String parameterName, final String parameterValue) {
122         if ("realm".equals(parameterName)) {
123             this.setRealm(parameterValue);
124         } else {
125             throw new InvalidParameterException(parameterName);
126         }
127     }
128 }