org.eclipse.om2m.sdt/org.eclipse.om2m.sdt.home.applications/org.eclipse.om2m.sdt.home.monitoring/src/main/java/org/eclipse/om2m/sdt/home/monitoring/util/AuthFillter.java - gerrit/om2m/org.eclipse.om2m - Git at Google

 /*******************************************************************************
  * Copyright (c) 2014, 2016 Orange.
  * All rights reserved. This program and the accompanying materials
  * are made available under the terms of the Eclipse Public License v1.0
  * which accompanies this distribution, and is available at
  * http://www.eclipse.org/legal/epl-v10.html
  *******************************************************************************/
 package org.eclipse.om2m.sdt.home.monitoring.util;

 import java.io.IOException;
 import java.util.List;

 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;

 import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.eclipse.om2m.sdt.home.monitoring.authentication.service.AuthenticationInfo;
 import org.eclipse.om2m.sdt.home.monitoring.authentication.service.AuthenticationService;

 public class AuthFillter implements Constants {

 	private static Log LOGGER = LogFactory.getLog(AuthFillter.class);

 	public static void validateUserCredentials(HttpServletRequest request, HttpServletResponse response,
 			List<AuthenticationService> authenticationServices) throws IOException {
 //		boolean isValid = false;
 		String name = "";
 		String password = "";
 		String bearer = null;
 		String clientId = null;
 		String serviceName = null;
 		String sessionId = null;

 		HttpSession httpSession = request.getSession();
 		sessionId = httpSession.getId();

 		if ((request.getParameter(NAME) != null) && (request.getParameter(PASSWORD) != null)) {
 			name = request.getParameter(NAME);
 			password = request.getParameter(PASSWORD);
 			LOGGER.info("parameters " + name + "/" + password);
 		} else if (request.getHeader(AUTHORIZATION) != null) {
 			LOGGER.info("Headers Authorization " + request.getHeader(AUTHORIZATION)
 					+ REQUESTED + request.getHeader(REQUESTED));
 			response.addHeader(AUTHENTICATE, "Basic");
 			response.addHeader(AUTHORIZATION, request.getHeader(AUTHORIZATION));
 			if (request.getHeader(REQUESTED) != null)
 				response.addHeader(REQUESTED, request.getHeader(REQUESTED));
 			String authHeader = request.getHeader(AUTHORIZATION);
 			String cred = new String(Base64.decodeBase64(authHeader.substring(6).getBytes()));
 			int idx = cred.indexOf(":");
 			name = cred.substring(0, idx);
 			password = cred.substring(idx + 1);
 			LOGGER.info("headers " + name + "/" + password);
 		} else if ((serviceName = request.getParameter("serviceName")) != null) {
 			AuthenticationService as = getAuthenticationService(serviceName, authenticationServices);
 			if (as != null) {
 				AuthenticationInfo ai = as.getAuthenticationInfo(sessionId);
 				bearer = ai.getAccessToken();
 				clientId = ai.getClientId();
 				name = as.getEndUserInfo(sessionId).getUserId();
 			}
 		} else
 			LOGGER.info("void");

 		boolean createNewSession = false;
 		if (bearer != null) {
 			// check bearer
 			createNewSession = true;
 		} else {
 			String result = ResourceDiscovery.validateUserCredentials(name, password);
 			LOGGER.info("result=" + result);
 			if (result != null) {
 				createNewSession = true;
 			}
 		}

 		if (createNewSession) {
 			// create new session
 			HttpSessionHelper sessionHelper = new HttpSessionHelper(httpSession);
 			sessionHelper.setAuthenticationUser(Boolean.TRUE);
 			sessionHelper.setName(name);
 			sessionHelper.setPassword(password);
 			sessionHelper.setBearer(bearer);
 			sessionHelper.setClientId(clientId);
 			sessionHelper.setServiceName(serviceName);
 		}

 		if (/*! isValid && */request.getHeader(REQUESTED) != null) {
 			response.addHeader(AUTHENTICATE, "Basic");
 			LOGGER.info(REQUESTED + " " + name + "/" + password);
 			response.sendError(HttpServletResponse.SC_UNAUTHORIZED, null);
 			return;
 		}
 		LOGGER.info("authenticated " + name + "/" + password);
 	}

 	private static AuthenticationService getAuthenticationService(String name,
 			List<AuthenticationService> authenticationServices) {
 		for (AuthenticationService as : authenticationServices) {
 			if (name.equals(as.getServiceName())) {
 				return as;
 			}
 		}
 		return null;
 	}

 }
	/*******************************************************************************
	* Copyright (c) 2014, 2016 Orange.
	* All rights reserved. This program and the accompanying materials
	* are made available under the terms of the Eclipse Public License v1.0
	* which accompanies this distribution, and is available at
	* http://www.eclipse.org/legal/epl-v10.html
	*******************************************************************************/
	package org.eclipse.om2m.sdt.home.monitoring.util;

	import java.io.IOException;
	import java.util.List;

	import javax.servlet.http.HttpServletRequest;
	import javax.servlet.http.HttpServletResponse;
	import javax.servlet.http.HttpSession;

	import org.apache.commons.codec.binary.Base64;
	import org.apache.commons.logging.Log;
	import org.apache.commons.logging.LogFactory;
	import org.eclipse.om2m.sdt.home.monitoring.authentication.service.AuthenticationInfo;
	import org.eclipse.om2m.sdt.home.monitoring.authentication.service.AuthenticationService;

	public class AuthFillter implements Constants {

	private static Log LOGGER = LogFactory.getLog(AuthFillter.class);

	public static void validateUserCredentials(HttpServletRequest request, HttpServletResponse response,
	List<AuthenticationService> authenticationServices) throws IOException {
	// boolean isValid = false;
	String name = "";
	String password = "";
	String bearer = null;
	String clientId = null;
	String serviceName = null;
	String sessionId = null;

	HttpSession httpSession = request.getSession();
	sessionId = httpSession.getId();

	if ((request.getParameter(NAME) != null) && (request.getParameter(PASSWORD) != null)) {
	name = request.getParameter(NAME);
	password = request.getParameter(PASSWORD);
	LOGGER.info("parameters " + name + "/" + password);
	} else if (request.getHeader(AUTHORIZATION) != null) {
	LOGGER.info("Headers Authorization " + request.getHeader(AUTHORIZATION)
	+ REQUESTED + request.getHeader(REQUESTED));
	response.addHeader(AUTHENTICATE, "Basic");
	response.addHeader(AUTHORIZATION, request.getHeader(AUTHORIZATION));
	if (request.getHeader(REQUESTED) != null)
	response.addHeader(REQUESTED, request.getHeader(REQUESTED));
	String authHeader = request.getHeader(AUTHORIZATION);
	String cred = new String(Base64.decodeBase64(authHeader.substring(6).getBytes()));
	int idx = cred.indexOf(":");
	name = cred.substring(0, idx);
	password = cred.substring(idx + 1);
	LOGGER.info("headers " + name + "/" + password);
	} else if ((serviceName = request.getParameter("serviceName")) != null) {
	AuthenticationService as = getAuthenticationService(serviceName, authenticationServices);
	if (as != null) {
	AuthenticationInfo ai = as.getAuthenticationInfo(sessionId);
	bearer = ai.getAccessToken();
	clientId = ai.getClientId();
	name = as.getEndUserInfo(sessionId).getUserId();
	}
	} else
	LOGGER.info("void");

	boolean createNewSession = false;
	if (bearer != null) {
	// check bearer
	createNewSession = true;
	} else {
	String result = ResourceDiscovery.validateUserCredentials(name, password);
	LOGGER.info("result=" + result);
	if (result != null) {
	createNewSession = true;
	}
	}

	if (createNewSession) {
	// create new session
	HttpSessionHelper sessionHelper = new HttpSessionHelper(httpSession);
	sessionHelper.setAuthenticationUser(Boolean.TRUE);
	sessionHelper.setName(name);
	sessionHelper.setPassword(password);
	sessionHelper.setBearer(bearer);
	sessionHelper.setClientId(clientId);
	sessionHelper.setServiceName(serviceName);
	}

	if (/! isValid && /request.getHeader(REQUESTED) != null) {
	response.addHeader(AUTHENTICATE, "Basic");
	LOGGER.info(REQUESTED + " " + name + "/" + password);
	response.sendError(HttpServletResponse.SC_UNAUTHORIZED, null);
	return;
	}
	LOGGER.info("authenticated " + name + "/" + password);
	}

	private static AuthenticationService getAuthenticationService(String name,
	List<AuthenticationService> authenticationServices) {
	for (AuthenticationService as : authenticationServices) {
	if (name.equals(as.getServiceName())) {
	return as;
	}
	}
	return null;
	}

	}