1. Project Clover database Tue Dec 20 2016 21:24:09 CET
  2. Package com.xpn.xwiki.user.impl.xwiki

File MyBasicAuthenticator.java

 

Coverage histogram

../../../../../../img/srcFileCovDistChart5.png
74% of files have more coverage

Code metrics

26
59
11
1
214
138
25
0.42
5.36
11
2.27

Classes

Class Line # Actions
MyBasicAuthenticator 38 59 0% 25 55
0.4270833442.7%
 

Contributing tests

No tests hitting this source file were found.

Source view

1    /*
2    * See the NOTICE file distributed with this work for additional
3    * information regarding copyright ownership.
4    *
5    * This is free software; you can redistribute it and/or modify it
6    * under the terms of the GNU Lesser General Public License as
7    * published by the Free Software Foundation; either version 2.1 of
8    * the License, or (at your option) any later version.
9    *
10    * This software is distributed in the hope that it will be useful,
11    * but WITHOUT ANY WARRANTY; without even the implied warranty of
12    * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13    * Lesser General Public License for more details.
14    *
15    * You should have received a copy of the GNU Lesser General Public
16    * License along with this software; if not, write to the Free
17    * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
18    * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
19    */
20    package com.xpn.xwiki.user.impl.xwiki;
21   
22    import java.io.IOException;
23    import java.security.Principal;
24   
25    import javax.servlet.http.HttpServletRequest;
26    import javax.servlet.http.HttpServletResponse;
27   
28    import org.apache.commons.codec.binary.Base64;
29    import org.apache.commons.lang3.StringUtils;
30    import org.securityfilter.authenticator.BasicAuthenticator;
31    import org.securityfilter.filter.SecurityFilter;
32    import org.securityfilter.filter.SecurityRequestWrapper;
33    import org.securityfilter.realm.SimplePrincipal;
34   
35    import com.xpn.xwiki.XWikiContext;
36    import com.xpn.xwiki.XWikiException;
37   
 
38    public class MyBasicAuthenticator extends BasicAuthenticator implements XWikiAuthenticator
39    {
 
40  0 toggle @Override
41    public boolean processLogin(SecurityRequestWrapper request, HttpServletResponse response) throws Exception
42    {
43  0 return processLogin(request, response, null);
44    }
45   
 
46  0 toggle @Override
47    public boolean processLogin(SecurityRequestWrapper request, HttpServletResponse response, XWikiContext context)
48    throws Exception
49    {
50  0 Principal principal = checkLogin(request, response, context);
51   
52  0 if (principal == null) {
53    // login failed
54    // show the basic authentication window again.
55  0 showLogin(request.getCurrentRequest(), response);
56  0 return true;
57    }
58   
59  0 return false;
60    }
61   
 
62  0 toggle @Override
63    public boolean processLogin(String username, String password, String rememberme, SecurityRequestWrapper request,
64    HttpServletResponse response, XWikiContext context) throws Exception
65    {
66  0 Principal principal = authenticate(username, password, context);
67  0 if (principal != null) {
68    // login successful
69  0 request.getSession().removeAttribute(LOGIN_ATTEMPTS);
70   
71    // make sure the Principal contains wiki name information
72  0 if (!StringUtils.contains(principal.getName(), ':')) {
73  0 principal = new SimplePrincipal(context.getWikiId() + ":" + principal.getName());
74    }
75   
76  0 request.setUserPrincipal(principal);
77  0 return false;
78    } else {
79    // login failed
80    // show the basic authentication window again.
81  0 showLogin(request.getCurrentRequest(), response);
82  0 return true;
83    }
84    }
85   
 
86  6306 toggle private static String convertUsername(String username, XWikiContext context)
87    {
88  6306 return context.getWiki().convertUsername(username, context);
89    }
90   
 
91  13038 toggle public static Principal checkLogin(SecurityRequestWrapper request, HttpServletResponse response,
92    XWikiContext context) throws Exception
93    {
94    // Always verify authentication
95  13038 String authorizationHeader = request.getHeader("Authorization");
96  13022 if (authorizationHeader != null) {
97  6306 String decoded = decodeBasicAuthorizationString(authorizationHeader);
98  6306 String username = convertUsername(parseUsername(decoded), context);
99  6306 String password = parsePassword(decoded);
100   
101  6306 Principal principal = authenticate(username, password, context);
102   
103  6306 if (principal != null) {
104    // login successful
105  6306 request.getSession().removeAttribute(LOGIN_ATTEMPTS);
106   
107    // make sure the Principal contains wiki name information
108  6306 if (!StringUtils.contains(principal.getName(), ':')) {
109  6306 principal = new SimplePrincipal(context.getWikiId() + ":" + principal.getName());
110    }
111   
112  6306 request.setUserPrincipal(principal);
113   
114  6306 return principal;
115    }
116    }
117   
118  6719 return null;
119    }
120   
121    /**
122    * Parse the user name out of the BASIC authorization header string.
123    *
124    * @param decoded
125    * @return user name parsed out of decoded string
126    */
 
127  6306 toggle public static String parseUsername(String decoded)
128    {
129  6306 if (decoded == null) {
130  0 return null;
131    } else {
132  6306 int colon = decoded.indexOf(':');
133  6306 if (colon < 0) {
134  0 return null;
135    } else {
136  6306 return decoded.substring(0, colon).trim();
137    }
138    }
139    }
140   
141    /**
142    * Parse the password out of the decoded BASIC authorization header string.
143    *
144    * @param decoded
145    * @return password parsed out of decoded string
146    */
 
147  6306 toggle public static String parsePassword(String decoded)
148    {
149  6306 if (decoded == null) {
150  0 return null;
151    } else {
152  6306 int colon = decoded.indexOf(':');
153  6306 if (colon < 0) {
154  0 return (null);
155    } else {
156  6306 return decoded.substring(colon + 1).trim();
157    }
158    }
159    }
160   
161    /**
162    * Decode the BASIC authorization string.
163    *
164    * @param authorization
165    * @return decoded string
166    */
 
167  6306 toggle public static String decodeBasicAuthorizationString(String authorization)
168    {
169  6306 if (authorization == null || !authorization.toLowerCase().startsWith("basic ")) {
170  0 return null;
171    } else {
172  6306 authorization = authorization.substring(6).trim();
173    // Decode and parse the authorization credentials
174  6306 return new String(Base64.decodeBase64(authorization.getBytes()));
175    }
176    }
177   
 
178  6306 toggle public static Principal authenticate(String username, String password, XWikiContext context) throws XWikiException
179    {
180  6306 return context.getWiki().getAuthService().authenticate(username, password, context);
181    }
182   
 
183  0 toggle public static void showLogin(HttpServletRequest request, HttpServletResponse response, String realmName)
184    throws IOException
185    {
186    // save this request
187  0 SecurityFilter.saveRequestInformation(request);
188   
189    // determine the number of login attempts
190  0 int loginAttempts;
191  0 if (request.getSession().getAttribute(LOGIN_ATTEMPTS) != null) {
192  0 loginAttempts = ((Integer) request.getSession().getAttribute(LOGIN_ATTEMPTS)).intValue();
193  0 loginAttempts += 1;
194    } else {
195  0 loginAttempts = 1;
196    }
197  0 request.getSession().setAttribute(LOGIN_ATTEMPTS, loginAttempts);
198   
199  0 if (loginAttempts <= MAX_ATTEMPTS) {
200  0 response.setHeader("WWW-Authenticate", "BASIC realm=\"" + realmName + "\"");
201  0 response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
202    } else {
203  0 request.getSession().removeAttribute(LOGIN_ATTEMPTS);
204  0 response.sendError(HttpServletResponse.SC_UNAUTHORIZED, LOGIN_FAILED_MESSAGE);
205    }
206    }
207   
 
208  0 toggle @Override
209    public void showLogin(HttpServletRequest request, HttpServletResponse response, XWikiContext context)
210    throws IOException
211    {
212  0 showLogin(request, response, this.realmName);
213    }
214    }