Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- package mori.web.controller;
- import javax.servlet.http.*;
- import java.util.*;
- import java.sql.*;
- import java.io.*;
- import java.net.*;
- import java.util.*;
- import javax.servlet.*;
- import javax.servlet.http.*;
- import sun.misc.*; // See warning below
- import org.apache.struts.Globals;
- import org.apache.struts.action.*;
- import org.apache.commons.lang.StringUtils;
- import org.apache.commons.logging.*;
- import mori.web.model.registry.*;
- /*
- import net.vitarara.web.struts.controller.BaseAction;
- import net.vitarara.ejb.*;
- import net.vitarara.utils.*;
- import mori.ejb.data.registry.SiteUserPermsValue;
- import mori.ejb.model.registry.GLMemberManagerBean;
- import mori.service.*;
- import mori.service.fundraising.*;
- import mori.service.registry.*;
- import mori.web.model.registry.*;
- import mori.web.view.*;
- import mori.web.*;
- */
- public class MORIHttpBasicAuthBaseAction extends MORIBaseAction {
- public ActionForward execute ( ActionMapping mapping, ActionForm form,
- HttpServletRequest request, HttpServletResponse response )
- throws Exception {
- if (doBasicAuth (request, response) ) {
- // Attempt to service the request checking role based permissions.
- String url = request.getRequestURI (); // Need to know the requested URI to test for role based permissions.
- // Get the user's object.
- SiteUserBean user = getSiteUser ( request );
- // Check that the user has the proper role
- // for the service.
- if (getPermissionsManager().userHasRole ( user, url ) ) {
- return _execute(mapping, form, request, response);
- } else {
- // user not permitted; ELSE: user is permitted
- // Send a 500 error code.
- response.sendError (500);
- return null;
- }
- } else {
- // login or password can not be blank.
- response.sendError(500);
- return null;
- }
- }
- private boolean doBasicAuth (HttpServletRequest request, HttpServletResponse response) {
- String userID = null;
- String password = null;
- // Get the Authorization header, if one was supplied
- String authHeader = request.getHeader("Authorization");
- return authHeaderWellFormed (authHeader) && doLogin (extractLogin (authHeader), extractPassword (authHeader), request);
- }
- private boolean authHeaderWellFormed (String authHeader) {
- boolean result = false;
- if (!StringUtils.isBlank (authHeader) ) {
- StringTokenizer st = new StringTokenizer (authHeader);
- if (st.countTokens == 2) {
- String authType = st.nextToken ();
- String loginPassword = st.nextToken ();
- // We only support HTTP Basic Authentication.
- // The loginPassword must contain a ":".
- if (authType.equalsIgnoreCase ("Basic") && loginPassword.indexOf (":") != -1) {
- result = true;
- }
- }
- }
- return result;
- }
- /**
- * Extract the login from the Authorization header String. This method requires
- * a properly formatted Basic auth header be passed to him.
- */
- private String extractLogin (String authHeader) {
- // Get the loginPassword off of the authHeader.
- StringTokenizer st = new StringTokenizer(authHeader);
- st.nextToken();
- String loginPassword = st.nextToken();
- // The loginPassword is a delimited String of login:password.
- return loginPassword.substring (0, loginPassword.indexOf (":") );
- }
- /**
- * Extract the password from the Authorization header String. This method requires
- * a properly formatted Basic auth header be passed to him.
- */
- private String extractPassword (String authHeader) {
- // Get the loginPassword off of the authHeader.
- StringTokenizer st = new StringTokenizer(authHeader);
- st.nextToken();
- String loginPassword = st.nextToken();
- return loginPassword.substring (loginPassword.indexOf(":") + 1);
- }
- }
Add Comment
Please, Sign In to add comment