Menu
▾
▴
[Archive-access-cvs] SF.net SVN: archive-access:[3159] trunk/archive-access/projects/wayback/ wayback-core/src/main/java/org/archive/wayback/authenticationcontrol/ HTTPAuthBooleanOperator.java
Revision: 3159
http://archive-access.svn.sourceforge.net/archive-access/?rev=3159&view=rev
Author: bradtofel
Date: 2010-06-24 20:23:06 +0000 (Thu, 24 Jun 2010)
Log Message:
-----------
FEATURE: Unable to use Tomcat's built-in authorization - it's either all or nothing, so doesn't allow no-password access to certain IP range blocks. Now this class parses the users "Authorization" HTTP header to extract BASIC credentials.
Modified Paths:
--------------
trunk/archive-access/projects/wayback/wayback-core/src/main/java/org/archive/wayback/authenticationcontrol/HTTPAuthBooleanOperator.java
Modified: trunk/archive-access/projects/wayback/wayback-core/src/main/java/org/archive/wayback/authenticationcontrol/HTTPAuthBooleanOperator.java
===================================================================
--- trunk/archive-access/projects/wayback/wayback-core/src/main/java/org/archive/wayback/authenticationcontrol/HTTPAuthBooleanOperator.java 2010-06-22 19:15:59 UTC (rev 3158)
+++ trunk/archive-access/projects/wayback/wayback-core/src/main/java/org/archive/wayback/authenticationcontrol/HTTPAuthBooleanOperator.java 2010-06-24 20:23:06 UTC (rev 3159)
@@ -25,6 +25,8 @@
package org.archive.wayback.authenticationcontrol;
import java.util.List;
+import java.io.UnsupportedEncodingException;
+import org.apache.commons.codec.binary.Base64;
import org.archive.wayback.core.WaybackRequest;
import org.archive.wayback.util.operator.BooleanOperator;
@@ -41,12 +43,32 @@
if(allowedUsers == null) {
return false;
}
- String currentUser = value.getRemoteUser();
+ String currentUser = getHTTPAuth(value);
if(currentUser == null) {
return false;
}
return allowedUsers.contains(currentUser);
}
+ private String decodeBasic(String authHeaderValue) {
+ if(authHeaderValue != null) {
+ if(authHeaderValue.startsWith("Basic ")) {
+ String b64 = authHeaderValue.substring(6);
+ byte[] decoded = Base64.decodeBase64(b64.getBytes());
+ try {
+ return new String(decoded,"utf-8");
+ } catch (UnsupportedEncodingException e) {
+ // really?...
+ return new String(decoded);
+ }
+ }
+ }
+ return null;
+
+ }
+ private String getHTTPAuth(WaybackRequest request) {
+ return decodeBasic(request.get("Authorization"));
+ }
+
/**
* @return the List of users that this operator matches against.
*/
@@ -55,6 +77,7 @@
}
/**
* @param allowedUsers the List of users that this operator matches against.
+ * format for values is "username:password"
*/
public void setAllowedUsers(List<String> allowedUsers) {
this.allowedUsers = allowedUsers;
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
