• Home
• io.vertx
• vertx-web
• 3.2.1
• source code
• BasicAuthHandlerImpl.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

io.vertx.ext.web.handler.impl.BasicAuthHandlerImpl Maven / Gradle / Ivy

/*
 * Copyright 2014 Red Hat, Inc.
 *
 *  All rights reserved. This program and the accompanying materials
 *  are made available under the terms of the Eclipse Public License v1.0
 *  and Apache License v2.0 which accompanies this distribution.
 *
 *  The Eclipse Public License is available at
 *  http://www.eclipse.org/legal/epl-v10.html
 *
 *  The Apache License v2.0 is available at
 *  http://www.opensource.org/licenses/apache2.0.php
 *
 *  You may elect to redistribute this code under either of these licenses.
 */

package io.vertx.ext.web.handler.impl;

import io.vertx.core.http.HttpHeaders;
import io.vertx.core.http.HttpServerRequest;
import io.vertx.core.json.JsonObject;
import io.vertx.ext.web.RoutingContext;
import io.vertx.ext.auth.AuthProvider;
import io.vertx.ext.auth.User;

import java.util.Base64;

/**
 * @author Paulo Lopes
 * @author Tim Fox
 */
public class BasicAuthHandlerImpl extends AuthHandlerImpl {

  private final String realm;

  public BasicAuthHandlerImpl(AuthProvider authProvider, String realm) {
    super(authProvider);
    this.realm = realm;
  }

  @Override
  public void handle(RoutingContext context) {
    User user = context.user();
    if (user != null) {
      // Already authenticated in, just authorise
      authorise(user, context);
    } else {
      HttpServerRequest request = context.request();
      String authorization = request.headers().get(HttpHeaders.AUTHORIZATION);

      if (authorization == null) {
        handle401(context);
      } else {
        String suser;
        String spass;
        String sscheme;

        try {
          String[] parts = authorization.split(" ");
          sscheme = parts[0];
          String[] credentials = new String(Base64.getDecoder().decode(parts[1])).split(":");
          suser = credentials[0];
          // when the header is: "user:"
          spass = credentials.length > 1 ? credentials[1] : null;
        } catch (ArrayIndexOutOfBoundsException e) {
          handle401(context);
          return;
        } catch (IllegalArgumentException | NullPointerException e) {
          // IllegalArgumentException includes PatternSyntaxException
          context.fail(e);
          return;
        }

        if (!"Basic".equals(sscheme)) {
          context.fail(400);
        } else {
          JsonObject authInfo = new JsonObject().put("username", suser).put("password", spass);
          authProvider.authenticate(authInfo, res -> {
            if (res.succeeded()) {
              User authenticated = res.result();
              context.setUser(authenticated);
              authorise(authenticated, context);
            } else {
              handle401(context);
            }
          });
        }
      }
    }
  }

  private void handle401(RoutingContext context) {
    context.response().putHeader("WWW-Authenticate", "Basic realm=\"" + realm + "\"");
    context.fail(401);
  }
}