1 /*
2 * Copyright (c) 2002-2021, City of Paris
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright notice
10 * and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright notice
13 * and the following disclaimer in the documentation and/or other materials
14 * provided with the distribution.
15 *
16 * 3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
17 * contributors may be used to endorse or promote products derived from
18 * this software without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
24 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30 * POSSIBILITY OF SUCH DAMAGE.
31 *
32 * License 1.0
33 */
34 package fr.paris.lutece.util.signrequest;
35
36 import java.util.Base64;
37 import java.util.List;
38
39 import javax.servlet.http.HttpServletRequest;
40
41
42
43 /**
44 * BasicAuthorizationAuthenticator.<br>
45 * This authenticator provides a basic username/password authentication.<br>
46 * The request should have a header named Authorization with a value that begins with "Basic" followed by the "username:password" encoded in base64.
47 */
48 public class BasicAuthorizationAuthenticator extends AbstractAuthenticator
49 {
50
51 private static final String HEADER_AUTHORIZATION = "Authorization";
52 private static final String BASIC_AUTHORIZATION_PREFIX = "Basic ";
53 private final String _strUsername;
54 private final String _strPassword;
55
56 /**
57 * Constructor that define credentials
58 *
59 * @param strUsername
60 * The username
61 * @param strPassword
62 * The password
63 */
64 public BasicAuthorizationAuthenticator( String strUsername, String strPassword )
65 {
66 super( );
67 _strUsername = strUsername;
68 _strPassword = strPassword;
69 }
70
71 /**
72 * {@inheritDoc }
73 */
74 @Override
75 public boolean isRequestAuthenticated( HttpServletRequest request )
76 {
77 String strHeader = request.getHeader( HEADER_AUTHORIZATION );
78 int nPos = strHeader.indexOf( BASIC_AUTHORIZATION_PREFIX );
79 if ( nPos == 0 )
80 {
81 String strDigest = strHeader.substring( BASIC_AUTHORIZATION_PREFIX.length( ) );
82 return strDigest.equals( getDigest( ) );
83 }
84 return false;
85 }
86
87 /**
88 * {@inheritDoc }
89 */
90 @Override
91 public AuthenticateRequestInformations getSecurityInformations( List<String> elements )
92 {
93 String strHeader = BASIC_AUTHORIZATION_PREFIX + getDigest( );
94
95 return new AuthenticateRequestInformations().addSecurityHeader(HEADER_AUTHORIZATION, strHeader );
96
97 }
98
99 /**
100 * Build the digest
101 *
102 * @return The digest
103 */
104 private String getDigest( )
105 {
106 String strSecret = _strUsername + ':' + _strPassword;
107 byte [ ] encodedBytes = Base64.getEncoder().encode( strSecret.getBytes() );
108
109 return new String( encodedBytes );
110 }
111
112 }