BasicAuthHeaderAutoLogin.java |
1 /** 2 * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved. 3 * 4 * Permission is hereby granted, free of charge, to any person obtaining a copy 5 * of this software and associated documentation files (the "Software"), to deal 6 * in the Software without restriction, including without limitation the rights 7 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 8 * copies of the Software, and to permit persons to whom the Software is 9 * furnished to do so, subject to the following conditions: 10 * 11 * The above copyright notice and this permission notice shall be included in 12 * all copies or substantial portions of the Software. 13 * 14 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 15 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 19 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 20 * SOFTWARE. 21 */ 22 23 package com.liferay.portal.security.auth; 24 25 import com.liferay.portal.NoSuchUserException; 26 import com.liferay.portal.kernel.log.Log; 27 import com.liferay.portal.kernel.log.LogFactoryUtil; 28 import com.liferay.portal.kernel.util.Base64; 29 import com.liferay.portal.kernel.util.GetterUtil; 30 import com.liferay.portal.kernel.util.StringPool; 31 import com.liferay.portal.service.UserLocalServiceUtil; 32 33 import java.util.StringTokenizer; 34 35 import javax.servlet.http.HttpServletRequest; 36 import javax.servlet.http.HttpServletResponse; 37 38 /** 39 * <a href="BasicAuthHeaderAutoLogin.java.html"><b><i>View Source</i></b></a> 40 * 41 * <p> 42 * 1. Install Firefox. These instructions assume you have Firefox 2.0.0.1. 43 * Previous version of Firefox have been tested and are known to work. 44 * </p> 45 * 46 * <p> 47 * 2. Install the Modify Headers 0.5.4 Add-on. Tools > Add Ons. Click the get 48 * extensions link at the bottom of the window. Type in "Modify Headers" in the 49 * Search box. Find Modify Headers in the results page and click on it. Then 50 * click the install now link. 51 * </p> 52 * 53 * <p> 54 * 3. Configure Modify Headers to add a basic authentication header. Tools > 55 * Modify Headers. In the Modify Headers window select the Add drop down. Type 56 * in "Authorization" in the next box. Type in "Basic bGlmZXJheS5jb20uMTp0ZXN0" 57 * in the next box. Click the Add button. 58 * </p> 59 * 60 * <p> 61 * 4. Make sure your header modification is enabled and point your browser to 62 * the Liferay portal. 63 * </p> 64 * 65 * <p> 66 * 5. You should now be authenticated as Joe Bloggs. 67 * </p> 68 * 69 * @author Britt Courtney 70 * @author Brian Wing Shun Chan 71 * 72 */ 73 public class BasicAuthHeaderAutoLogin implements AutoLogin { 74 75 public String[] login( 76 HttpServletRequest request, HttpServletResponse response) 77 throws AutoLoginException { 78 79 try { 80 String[] credentials = null; 81 82 // Get the Authorization header, if one was supplied 83 84 String authorization = request.getHeader("Authorization"); 85 86 if (authorization == null) { 87 return credentials; 88 } 89 90 StringTokenizer st = new StringTokenizer(authorization); 91 92 if (!st.hasMoreTokens()) { 93 return credentials; 94 } 95 96 String basic = st.nextToken(); 97 98 // We only handle HTTP Basic authentication 99 100 if (!basic.equalsIgnoreCase(HttpServletRequest.BASIC_AUTH)) { 101 return credentials; 102 } 103 104 String encodedCredentials = st.nextToken(); 105 106 if (_log.isDebugEnabled()) { 107 _log.debug("Encoded credentials are " + encodedCredentials); 108 } 109 110 String decodedCredentials = new String( 111 Base64.decode(encodedCredentials)); 112 113 if (_log.isDebugEnabled()) { 114 _log.debug("Decoded credentials are " + decodedCredentials); 115 } 116 117 int pos = decodedCredentials.indexOf(StringPool.COLON); 118 119 if (pos == -1) { 120 return credentials; 121 } 122 123 long userId = GetterUtil.getLong( 124 decodedCredentials.substring(0, pos)); 125 String password = decodedCredentials.substring(pos + 1); 126 127 try { 128 UserLocalServiceUtil.getUserById(userId); 129 130 credentials = new String[3]; 131 132 credentials[0] = String.valueOf(userId); 133 credentials[1] = password; 134 credentials[2] = Boolean.TRUE.toString(); 135 } 136 catch (NoSuchUserException nsue) { 137 if (_log.isWarnEnabled()) { 138 _log.warn(userId + " is not a valid user id"); 139 } 140 } 141 142 return credentials; 143 } 144 catch (Exception e) { 145 throw new AutoLoginException(e); 146 } 147 } 148 149 private static Log _log = 150 LogFactoryUtil.getLog(BasicAuthHeaderAutoLogin.class); 151 152 }