All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.viaoa.servlet.SecurityServlet Maven / Gradle / Ivy

/*  Copyright 1999 Vince Via [email protected]
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.
    You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
    Unless required by applicable law or agreed to in writing, software
    distributed under the License is distributed on an "AS IS" BASIS,
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
    limitations under the License.
*/
package com.viaoa.servlet;

import java.awt.image.BufferedImage;
import java.io.IOException;
import java.io.OutputStream;
import java.io.PrintWriter;
import java.util.Date;
import java.util.Enumeration;
import java.util.concurrent.ConcurrentHashMap;
import java.util.logging.Logger;

import javax.servlet.ServletConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import com.viaoa.datasource.OASelect;
import com.viaoa.image.OAImageUtil;
import com.viaoa.object.OAObject;
import com.viaoa.object.OAObjectCacheDelegate;
import com.viaoa.util.Base64;
import com.viaoa.util.OAConv;
import com.viaoa.util.OADateTime;
import com.viaoa.util.OAString;

/**
 * 
 * 
 * @author vincevia
 */
public class SecurityServlet extends HttpServlet {
    private static Logger LOG = Logger.getLogger(JsonServlet.class.getName());

    private String userId;
    private String password;
    
    public SecurityServlet() {
    }
    public SecurityServlet(String userId, String password) {
        this.userId = userId;
        this.password = password;
    }

    
    @Override
    public void init(ServletConfig config) throws ServletException {
        super.init(config);
        
        if (OAString.isEmpty(userId)) {
            userId = getValue("userId", config);
        }
        if (OAString.isEmpty(password)) {
            password = getValue("password", config);
        }
    }
    private String getValue(String name, ServletConfig config) {
        if (name == null) return null;
        Enumeration enumx = config.getInitParameterNames();
        for ( ; enumx.hasMoreElements(); ) {
            String s = enumx.nextElement();
            if (name.equalsIgnoreCase(s)) {
                name = s;
                break;
            }
        }
        return config.getInitParameter(name);
    }
    
    
    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        ServletContext sc = getServletContext();

        PrintWriter out = resp.getWriter();
        
        out.println("Secure pw protected information");
        
       // super.doGet(req, resp);
    }
    @Override
    protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        // TODO Auto-generated method stub
        super.doPost(req, resp);
    }
    
    @Override
    public void service(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
        String auth = request.getHeader("Authorization");

        boolean bValid = false;
        String userId = null;
        String pw = null;
        if (auth != null && auth.toUpperCase().startsWith("BASIC ")) {
            String userpassEncoded = auth.substring(6);
            String s = Base64.decode(userpassEncoded);
            int pos = s.indexOf(':');
            userId = s.substring(0, pos); 
            pw = s.substring(pos+1);
            
            bValid = (this.userId.equals(userId) && this.password.equals(pw));
        }
        if (!bValid) {
            response.setHeader("WWW-Authenticate", "BASIC realm=\"security servlet\"");
            response.sendError(response.SC_UNAUTHORIZED);
        }
        super.service(request, response);
    }

}




© 2015 - 2025 Weber Informatics LLC | Privacy Policy