1 | /* |
---|
2 | * Copyright (C) 2013 DASISH |
---|
3 | * |
---|
4 | * This program is free software; you can redistribute it and/or |
---|
5 | * modify it under the terms of the GNU General Public License |
---|
6 | * as published by the Free Software Foundation; either version 2 |
---|
7 | * of the License, or (at your option) any later version. |
---|
8 | * |
---|
9 | * This program is distributed in the hope that it will be useful, |
---|
10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
---|
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
---|
12 | * GNU General Public License for more details. |
---|
13 | * |
---|
14 | * You should have received a copy of the GNU General Public License |
---|
15 | * along with this program; if not, write to the Free Software |
---|
16 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
---|
17 | */ |
---|
18 | package eu.dasish.annotation.backend.rest; |
---|
19 | |
---|
20 | /** |
---|
21 | * |
---|
22 | * @author olhsha |
---|
23 | */ |
---|
24 | import java.io.IOException; |
---|
25 | import java.security.Principal; |
---|
26 | import java.util.Arrays; |
---|
27 | import java.util.List; |
---|
28 | |
---|
29 | import javax.naming.AuthenticationException; |
---|
30 | import javax.servlet.Filter; |
---|
31 | import javax.servlet.FilterChain; |
---|
32 | import javax.servlet.FilterConfig; |
---|
33 | import javax.servlet.ServletException; |
---|
34 | import javax.servlet.ServletRequest; |
---|
35 | import javax.servlet.ServletResponse; |
---|
36 | import javax.servlet.http.HttpServletRequest; |
---|
37 | import javax.servlet.http.HttpServletRequestWrapper; |
---|
38 | import javax.ws.rs.core.HttpHeaders; |
---|
39 | |
---|
40 | import com.sun.jersey.api.container.MappableContainerException; |
---|
41 | import com.sun.jersey.core.util.Base64; |
---|
42 | |
---|
43 | /** |
---|
44 | * Dummy security filter, very handy for unit testing. |
---|
45 | * |
---|
46 | */ |
---|
47 | public class DummySecurityFilter implements Filter { |
---|
48 | |
---|
49 | private final List<String> ALLOWED_USERS = Arrays.asList(DummyPrincipal.DUMMY_PRINCIPAL.getName()); |
---|
50 | |
---|
51 | /** |
---|
52 | * Dummy validation for unit tests |
---|
53 | * |
---|
54 | * @param username |
---|
55 | * @param password |
---|
56 | * @return |
---|
57 | */ |
---|
58 | private boolean isValid(String username, String password) { |
---|
59 | return ALLOWED_USERS.contains(username); |
---|
60 | } |
---|
61 | |
---|
62 | @Override |
---|
63 | public void destroy() { |
---|
64 | } |
---|
65 | |
---|
66 | @Override |
---|
67 | public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { |
---|
68 | Principal principalResult = null; |
---|
69 | HttpServletRequest req = (HttpServletRequest) request; |
---|
70 | String authentication = req.getHeader(HttpHeaders.AUTHORIZATION); |
---|
71 | |
---|
72 | if (authentication != null) { //if no authentication then do nothing |
---|
73 | if (!authentication.startsWith("Basic ")) { |
---|
74 | throw new MappableContainerException(new AuthenticationException("Only HTTP Basic authentication is supported")); |
---|
75 | } |
---|
76 | authentication = authentication.substring("Basic ".length()); |
---|
77 | String base64Decode = new String(Base64.decode(authentication.getBytes())); |
---|
78 | String[] values = base64Decode.split(":"); |
---|
79 | if (values.length < 2) { |
---|
80 | throw new MappableContainerException(new AuthenticationException("Invalid syntax for username and password")); |
---|
81 | } |
---|
82 | final String username = values[0]; |
---|
83 | String password = values[1]; |
---|
84 | if ((username == null) || (password == null)) { |
---|
85 | throw new MappableContainerException(new AuthenticationException("Missing username or password")); |
---|
86 | } |
---|
87 | if (!isValid(username, password)) { |
---|
88 | throw new MappableContainerException(new AuthenticationException("Invalid user/password")); |
---|
89 | } |
---|
90 | |
---|
91 | principalResult = new DummyPrincipal(username); |
---|
92 | final Principal principal = principalResult; |
---|
93 | HttpServletRequestWrapper wrapper = new HttpServletRequestWrapper(req) { |
---|
94 | public boolean isUserInRole(String role) { |
---|
95 | return true; |
---|
96 | } |
---|
97 | |
---|
98 | public boolean isSecure() { |
---|
99 | return false; |
---|
100 | } |
---|
101 | |
---|
102 | public Principal getUserPrincipal() { |
---|
103 | return principal; |
---|
104 | } |
---|
105 | |
---|
106 | @Override |
---|
107 | public String getAuthType() { |
---|
108 | return HttpServletRequest.BASIC_AUTH; |
---|
109 | } |
---|
110 | |
---|
111 | @Override |
---|
112 | public String getRemoteUser() { |
---|
113 | return username; |
---|
114 | } |
---|
115 | }; |
---|
116 | |
---|
117 | chain.doFilter(wrapper, response); |
---|
118 | } else { |
---|
119 | final Principal principal = principalResult; |
---|
120 | HttpServletRequestWrapper wrapper = new HttpServletRequestWrapper(req) { |
---|
121 | public boolean isUserInRole(String role) { |
---|
122 | return true; |
---|
123 | } |
---|
124 | |
---|
125 | public boolean isSecure() { |
---|
126 | return false; |
---|
127 | } |
---|
128 | |
---|
129 | public Principal getUserPrincipal() { |
---|
130 | return principal; |
---|
131 | } |
---|
132 | |
---|
133 | @Override |
---|
134 | public String getAuthType() { |
---|
135 | return HttpServletRequest.BASIC_AUTH; |
---|
136 | } |
---|
137 | |
---|
138 | @Override |
---|
139 | public String getRemoteUser() { |
---|
140 | return null; |
---|
141 | } |
---|
142 | }; |
---|
143 | chain.doFilter(wrapper, response); |
---|
144 | } |
---|
145 | } |
---|
146 | |
---|
147 | @Override |
---|
148 | public void init(FilterConfig filterConfig) throws ServletException { |
---|
149 | } |
---|
150 | } |
---|