demos/security/org.eclipse.equinox.examples.httpsecurity/src/org/eclipse/equinox/examples/httpsecurity/SecureHttpContext.java - equinox/rt.equinox.incubator - Git at Google

 package org.eclipse.equinox.examples.httpsecurity;

 import java.io.IOException;
 import java.net.URL;
 import java.util.StringTokenizer;

 import javax.security.auth.Subject;
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.callback.NameCallback;
 import javax.security.auth.callback.PasswordCallback;
 import javax.security.auth.callback.UnsupportedCallbackException;
 import javax.security.auth.login.LoginException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;

 import org.eclipse.equinox.security.auth.ISecureContext;
 import org.eclipse.equinox.security.auth.SecurePlatform;
 import org.osgi.service.http.HttpContext;

 public class SecureHttpContext implements HttpContext {

 	public String getMimeType(String name) {
 		// nothing
 		return null;
 	}

 	public URL getResource(String name) {
 		// nothing
 		return null;
 	}

 	public boolean handleSecurity(HttpServletRequest request,
 			HttpServletResponse response) throws IOException {
 		String auth = request.getHeader("Authorization");
 		if (auth != null) {
 			StringTokenizer tok = new StringTokenizer(auth);
 			String authscheme = tok.nextToken();

 			/* Check to see if we are using basic authentication.
 			 * This sample does Basic Authentication.
 			 */
 			if (authscheme.equals("Basic")) {
 				/* Get the username and password from the http request headers. */
 				String base64credentials = tok.nextToken();

 				/* Basic Authentication uses Base64 encoding.  Use BASE64 class to
 				 * decode username and password.
 				 */
 				String credentials = new String(Base64.decode(base64credentials
 						.getBytes()));
 				int colon = credentials.indexOf(':');
 				String userid = credentials.substring(0, colon);
 				String password = credentials.substring(colon + 1);

 				Subject subject = null;;
 				try {
 					subject = login(request, userid, password);
 				} catch (LoginException e) {
 					// do nothing
 				}

 				if (subject != null) {
 					request.setAttribute(HttpContext.REMOTE_USER, userid);
 					request.setAttribute(HttpContext.AUTHENTICATION_TYPE,
 							authscheme);
 					request.setAttribute(HttpContext.AUTHORIZATION,
 							subject);

 					return (true);
 				}
 			}
 		}

 		// force a session to be created
 		request.getSession(true);
 		response.setHeader("WWW-Authenticate",
 				"Basic realm=\"Equinox Handle Security Sample\"");

 		try {
 			response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
 		} catch (IOException e) {
 			// do nothing
 		}

 		return (false);
 	}

 	private Subject login(HttpServletRequest request, final String userid, final String password) throws LoginException {
 		HttpSession session = request.getSession(false);
 		if (session == null)
 			return null;
 		ISecureContext context = (ISecureContext) session.getAttribute("securitycontext");
 		if (context == null) {
 			context = SecurePlatform.createContext("SimpleConfig", Activator.bundle.getEntry("jaas_config.txt"),
 				new CallbackHandler() {
 					public void handle(Callback[] callbacks)
 							throws IOException, UnsupportedCallbackException {
 						for (int i = 0; i < callbacks.length; i++) {
 							if (callbacks[i] instanceof NameCallback)
 								((NameCallback) callbacks[i]).setName(userid);
 							else if (callbacks[i] instanceof PasswordCallback)
 								((PasswordCallback) callbacks[i])
 										.setPassword(password.toCharArray());
 							else
 								throw new UnsupportedCallbackException(
 										callbacks[i]);
 						}
 					}
 				});
 			session.setAttribute("securitycontext", context);
 		}
 		return context.getSubject();
 	}

 }
	package org.eclipse.equinox.examples.httpsecurity;

	import java.io.IOException;
	import java.net.URL;
	import java.util.StringTokenizer;

	import javax.security.auth.Subject;
	import javax.security.auth.callback.Callback;
	import javax.security.auth.callback.CallbackHandler;
	import javax.security.auth.callback.NameCallback;
	import javax.security.auth.callback.PasswordCallback;
	import javax.security.auth.callback.UnsupportedCallbackException;
	import javax.security.auth.login.LoginException;
	import javax.servlet.http.HttpServletRequest;
	import javax.servlet.http.HttpServletResponse;
	import javax.servlet.http.HttpSession;

	import org.eclipse.equinox.security.auth.ISecureContext;
	import org.eclipse.equinox.security.auth.SecurePlatform;
	import org.osgi.service.http.HttpContext;

	public class SecureHttpContext implements HttpContext {

	public String getMimeType(String name) {
	// nothing
	return null;
	}

	public URL getResource(String name) {
	// nothing
	return null;
	}

	public boolean handleSecurity(HttpServletRequest request,
	HttpServletResponse response) throws IOException {
	String auth = request.getHeader("Authorization");
	if (auth != null) {
	StringTokenizer tok = new StringTokenizer(auth);
	String authscheme = tok.nextToken();

	/* Check to see if we are using basic authentication.
	* This sample does Basic Authentication.
	*/
	if (authscheme.equals("Basic")) {
	/* Get the username and password from the http request headers. */
	String base64credentials = tok.nextToken();

	/* Basic Authentication uses Base64 encoding. Use BASE64 class to
	* decode username and password.
	*/
	String credentials = new String(Base64.decode(base64credentials
	.getBytes()));
	int colon = credentials.indexOf(':');
	String userid = credentials.substring(0, colon);
	String password = credentials.substring(colon + 1);

	Subject subject = null;;
	try {
	subject = login(request, userid, password);
	} catch (LoginException e) {
	// do nothing
	}

	if (subject != null) {
	request.setAttribute(HttpContext.REMOTE_USER, userid);
	request.setAttribute(HttpContext.AUTHENTICATION_TYPE,
	authscheme);
	request.setAttribute(HttpContext.AUTHORIZATION,
	subject);

	return (true);
	}
	}
	}

	// force a session to be created
	request.getSession(true);
	response.setHeader("WWW-Authenticate",
	"Basic realm=\"Equinox Handle Security Sample\"");

	try {
	response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
	} catch (IOException e) {
	// do nothing
	}

	return (false);
	}

	private Subject login(HttpServletRequest request, final String userid, final String password) throws LoginException {
	HttpSession session = request.getSession(false);
	if (session == null)
	return null;
	ISecureContext context = (ISecureContext) session.getAttribute("securitycontext");
	if (context == null) {
	context = SecurePlatform.createContext("SimpleConfig", Activator.bundle.getEntry("jaas_config.txt"),
	new CallbackHandler() {
	public void handle(Callback[] callbacks)
	throws IOException, UnsupportedCallbackException {
	for (int i = 0; i < callbacks.length; i++) {
	if (callbacks[i] instanceof NameCallback)
	((NameCallback) callbacks[i]).setName(userid);
	else if (callbacks[i] instanceof PasswordCallback)
	((PasswordCallback) callbacks[i])
	.setPassword(password.toCharArray());
	else
	throw new UnsupportedCallbackException(
	callbacks[i]);
	}
	}
	});
	session.setAttribute("securitycontext", context);
	}
	return context.getSubject();
	}

	}