001: package com.protomatter.util;
002:
003: /**
004: * {{{ The Protomatter Software License, Version 1.0
005: * derived from The Apache Software License, Version 1.1
006: *
007: * Copyright (c) 1998-2002 Nate Sammons. All rights reserved.
008: *
009: * Redistribution and use in source and binary forms, with or without
010: * modification, are permitted provided that the following conditions
011: * are met:
012: *
013: * 1. Redistributions of source code must retain the above copyright
014: * notice, this list of conditions and the following disclaimer.
015: *
016: * 2. Redistributions in binary form must reproduce the above copyright
017: * notice, this list of conditions and the following disclaimer in
018: * the documentation and/or other materials provided with the
019: * distribution.
020: *
021: * 3. The end-user documentation included with the redistribution,
022: * if any, must include the following acknowledgment:
023: * "This product includes software developed for the
024: * Protomatter Software Project
025: * (http://protomatter.sourceforge.net/)."
026: * Alternately, this acknowledgment may appear in the software itself,
027: * if and wherever such third-party acknowledgments normally appear.
028: *
029: * 4. The names "Protomatter" and "Protomatter Software Project" must
030: * not be used to endorse or promote products derived from this
031: * software without prior written permission. For written
032: * permission, please contact support@protomatter.com.
033: *
034: * 5. Products derived from this software may not be called "Protomatter",
035: * nor may "Protomatter" appear in their name, without prior written
036: * permission of the Protomatter Software Project
037: * (support@protomatter.com).
038: *
039: * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
040: * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
041: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
042: * DISCLAIMED. IN NO EVENT SHALL THE PROTOMATTER SOFTWARE PROJECT OR
043: * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
044: * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
045: * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
046: * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
047: * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
048: * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
049: * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
050: * SUCH DAMAGE. }}}
051: */
052:
053: import java.io.*;
054: import java.util.*;
055: import javax.servlet.http.*;
056:
057: /**
058: * A utility class that provides methods for checking and
059: * requiring basic authentication in servlets.
060: */
061: public class BasicAuthUtil {
062: /**
063: * Private constructor since this is an all-static class.
064: */
065: private BasicAuthUtil() {
066: super ();
067: }
068:
069: /**
070: * Decodes the "Authorization" header and retrieves the
071: * user's name from it. Returns null if the header is not present.
072: */
073: public static String getAuthUsername(HttpServletRequest request) {
074: String header = request.getHeader("Authorization");
075: if (header == null)
076: return null;
077: String encoded = header.substring(header.indexOf(" ") + 1);
078: String decoded = new String(Base64.decode(encoded));
079: return decoded.substring(0, decoded.indexOf(":"));
080: }
081:
082: /**
083: * Decodes the "Authorization" header and retrieves the
084: * password from it. Returns null if the header is not present.
085: */
086: public static String getAuthPassword(HttpServletRequest request) {
087: String header = request.getHeader("Authorization");
088: if (header == null)
089: return null;
090: String encoded = header.substring(header.indexOf(" ") + 1);
091: String decoded = new String(Base64.decode(encoded));
092: return decoded.substring(decoded.indexOf(":") + 1);
093: }
094:
095: /**
096: * Sends coprrect headers to require basic authentication for the
097: * given realm.
098: */
099: public static void requireAuthentication(String realm,
100: HttpServletResponse resp) throws IOException {
101: resp.setHeader("WWW-Authenticate", "Basic realm=\"" + realm
102: + "\"");
103: resp.sendError(HttpServletResponse.SC_UNAUTHORIZED);
104: }
105: }
|