HttpAuthFilter xref


1   package com.atlassian.seraph.filter;
2   
3   import com.atlassian.seraph.util.SecurityUtils;
4   
5   import javax.servlet.http.HttpServletRequest;
6   
7   /**
8    * This is a filter that logs the user in. It parses a standard HTTP based authentication requst and logs the user in.
9    * At the moment it supports only a BASIC authentication scheme. The simple way of using it manually is to request a URL in the following form:
10   * protocol://user:password@host[:port]/path
11   * e.g.:
12   * https://juancho:sillyPass@bamboo.developer.atlassian.com/
13   * <p>
14   * If authentication is successful, the user will be redirected by the filter to the URL given
15   * by the session attribute at SecurityFilter.ORIGINAL_URL_KEY.
16   * <p>
17   * If this URL doesn't exist, it will look for a parameter 'os_destination' to use as the redirected URL instead.
18   * <p>
19   * If neither is found, it is assumed that the page will check the authorisation status and handle redirection itself.
20   * <p>
21   * From the any other filter in the request, or the servlet/JSP/action which processes the request, you can look up the
22   * status of the authorisation attempt. The status is a String request attribute, with the key 'os_authstatus'.
23   * <p>
24   * The possible statuses are:
25   * <ul>
26   *  <li> LoginFilter.LOGIN_SUCCESS - the login was processed, and user was logged in
27   *  <li> LoginFilter.LOGIN_FAILURE - the login was processed, the user gave a bad username or password
28   *  <li> LoginFilter.LOGIN_ERROR - the login was processed, an exception occurred trying to log the user in
29   *  <li> LoginFilter.LOGIN_NOATTEMPT - the login was no processed, no form parameters existed
30   * </ul>
31   */
32  public class HttpAuthFilter extends PasswordBasedLoginFilter
33  {
34  	protected UserPasswordPair extractUserPasswordPair(HttpServletRequest request)
35  	{
36          String auth = request.getHeader("Authorization");
37  		if (SecurityUtils.isBasicAuthorizationHeader(auth))
38          {
39              SecurityUtils.UserPassCredentials creds = SecurityUtils.decodeBasicAuthorizationCredentials(auth);
40              if (!"".equals(creds.getUsername()))
41              {
42                  return new UserPasswordPair(creds.getUsername(), creds.getPassword(), false);
43              }
44          }
45  		return null;
46  	}
47  }