2007-01-21 21:44:48 UTC
A header "authorization" is expected.
I believe the value is Base 64 encoded, but before the encoding should have looked liket either :
BASIC uid=johanh,ou=People,dc=castrix,dc=se:password
or
BASIC johanh:password
If this exists timetrix assumes that the user has been autenticated by something else (Apache) and extracts the username.
the below code might explain some, can be found in the source:
String authValue = request.getHeader("authorization");
if (authValue != null)
{
if (!authValue.toUpperCase().startsWith("BASIC "))
{
logger.error("The authorization is not of basic type");
}
else
{
// Get encoded user and password, that comes after "BASIC "
String userpassEncoded = authValue.substring(6);
// Decode it, using sun base 64 decoder
sun.misc.BASE64Decoder dec = new sun.misc.BASE64Decoder();
try
{
String userpassDecoded = new String(dec.decodeBuffer(userpassEncoded));
logger.debug("BASE64 decoded to '" + userpassDecoded + "'");
// Parse the username out of the decoded string
int startIdx = userpassDecoded.indexOf('=');
int endIdx = userpassDecoded.indexOf(',');
if ((startIdx >= 0) && (endIdx >= 0))
{ // For strings looking like "uid=johanh,ou=People,dc=castrix,dc=se:password"
return userpassDecoded.substring(startIdx + 1, endIdx);
}
else
{
endIdx = userpassDecoded.indexOf(':');
if (endIdx >= 0)
{ // For strings looking like "johanh:password"
return userpassDecoded.substring(0, endIdx);
}
return userpassDecoded;
}
}
catch (IOException e)
{
logger.error("Can't decode " + authValue);
logger.info("Message: " + e.getMessage());
logger.debug("Catch of exception made in getAuthorizationUser().",e);
}
}
}
else
{
logger.error("The authorization element can't be found in the http header");
}
return null;
