Menu
▾
▴
[sword-app-changelog] SF.net SVN: sword-app:[507] JavaServer2.0/trunk/src/main/java/org/swordapp/ server
|
From: SVN c. m. f. t. SWORD-A. p. <swo...@li...> - 2012-04-29 17:05:13
|
Revision: 507
http://sword-app.svn.sourceforge.net/sword-app/?rev=507&view=rev
Author: richard-jones
Date: 2012-04-29 17:05:07 +0000 (Sun, 29 Apr 2012)
Log Message:
-----------
allow for unauthenticated GET requests on media resource
Modified Paths:
--------------
JavaServer2.0/trunk/src/main/java/org/swordapp/server/MediaResourceAPI.java
JavaServer2.0/trunk/src/main/java/org/swordapp/server/SwordAPIEndpoint.java
Modified: JavaServer2.0/trunk/src/main/java/org/swordapp/server/MediaResourceAPI.java
===================================================================
--- JavaServer2.0/trunk/src/main/java/org/swordapp/server/MediaResourceAPI.java 2012-04-27 16:37:03 UTC (rev 506)
+++ JavaServer2.0/trunk/src/main/java/org/swordapp/server/MediaResourceAPI.java 2012-04-29 17:05:07 UTC (rev 507)
@@ -40,7 +40,7 @@
AuthCredentials auth = null;
try
{
- auth = this.getAuthCredentials(req);
+ auth = this.getAuthCredentials(req, true);
}
catch (SwordAuthException e)
{
Modified: JavaServer2.0/trunk/src/main/java/org/swordapp/server/SwordAPIEndpoint.java
===================================================================
--- JavaServer2.0/trunk/src/main/java/org/swordapp/server/SwordAPIEndpoint.java 2012-04-27 16:37:03 UTC (rev 506)
+++ JavaServer2.0/trunk/src/main/java/org/swordapp/server/SwordAPIEndpoint.java 2012-04-29 17:05:07 UTC (rev 507)
@@ -35,35 +35,40 @@
this.config = config;
}
- protected AuthCredentials getAuthCredentials(HttpServletRequest request)
+ protected AuthCredentials getAuthCredentials(HttpServletRequest request)
+ throws SwordAuthException
+ {
+ return this.getAuthCredentials(request, false);
+ }
+
+ protected AuthCredentials getAuthCredentials(HttpServletRequest request, boolean allowUnauthenticated)
throws SwordAuthException
{
+ // is the user authenticating?
+ String authHeader = request.getHeader("Authorization");
+
// is there an On-Behalf-Of header?
String obo = request.getHeader("On-Behalf-Of");
- // is authentication required
+ // which authentication scheme do we recognise (should only be Basic)
String authType = this.config.getAuthType();
- boolean authRequired = "Basic".equals(authType);
+ boolean isBasic = "Basic".equals(authType);
- // is the user authenticating?
- String authHeader = request.getHeader("Authorization");
+ if (isBasic && (authHeader == null || "".equals(authHeader)))
+ {
+ if (!allowUnauthenticated)
+ {
+ throw new SwordAuthException(true);
+ }
+ else
+ {
+ log.debug("No Authentication Credentials supplied");
+ return new AuthCredentials(null, null, obo);
+ }
+ }
- // are we meant to authenticate, but haven't been given anything?
- if (authRequired && (authHeader == null || "".equals(authHeader)))
- {
- throw new SwordAuthException(true);
- }
-
- // by this stage we are either meant to authenticate and have been given credentials or
- // we don't need to authenticate. Either way we just fill in the AuthCredentials
+ // decode the auth header and populate the authcredentials object for return
String[] userPass = this.decodeAuthHeader(authHeader);
-
- if (userPass == null)
- {
- log.debug("No Authentication Credentials supplied");
- return new AuthCredentials(null, null, obo);
- }
-
AuthCredentials auth = new AuthCredentials(userPass[0], userPass[1], obo);
return auth;
}
@@ -85,7 +90,7 @@
if (!"Basic".equalsIgnoreCase(authBits[0].trim()))
{
log.warn("Authentication method not supported: " + authBits[0]);
- return null;
+ throw new SwordAuthException("Authentication method not supported: " + authBits[0]);
}
// get the username and password out of the base64 encoded Basic auth string
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
