• Home
• org.camunda.bpm
• camunda-engine-rest-core
• 7.16.0-alpha3
• source code
• HttpBasicAuthenticationProvider.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.camunda.bpm.engine.rest.security.auth.impl.HttpBasicAuthenticationProvider Maven / Gradle / Ivy

/*
 * Copyright Camunda Services GmbH and/or licensed to Camunda Services GmbH
 * under one or more contributor license agreements. See the NOTICE file
 * distributed with this work for additional information regarding copyright
 * ownership. Camunda licenses this file to you under the Apache License,
 * Version 2.0; you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.camunda.bpm.engine.rest.security.auth.impl;

import org.camunda.bpm.engine.ProcessEngine;
import org.camunda.bpm.engine.impl.digest._apacheCommonsCodec.Base64;
import org.camunda.bpm.engine.rest.security.auth.AuthenticationProvider;
import org.camunda.bpm.engine.rest.security.auth.AuthenticationResult;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.core.HttpHeaders;

/**
 * 

 * Authenticates a request against the provided process engine's identity service by applying http basic authentication.
 * 
 *
 * @author Thorben Lindhauer
 */
public class HttpBasicAuthenticationProvider implements AuthenticationProvider {

  protected static final String BASIC_AUTH_HEADER_PREFIX = "Basic ";

  @Override
  public AuthenticationResult extractAuthenticatedUser(HttpServletRequest request,
      ProcessEngine engine) {
    String authorizationHeader = request.getHeader(HttpHeaders.AUTHORIZATION);

    if (authorizationHeader != null && authorizationHeader.startsWith(BASIC_AUTH_HEADER_PREFIX)) {
      String encodedCredentials = authorizationHeader.substring(BASIC_AUTH_HEADER_PREFIX.length());
      String decodedCredentials = new String(Base64.decodeBase64(encodedCredentials));
      int firstColonIndex = decodedCredentials.indexOf(":");

      if (firstColonIndex == -1) {
        return AuthenticationResult.unsuccessful();
      } else {
        String userName = decodedCredentials.substring(0, firstColonIndex);
        String password = decodedCredentials.substring(firstColonIndex + 1);
        if (isAuthenticated(engine, userName, password)) {
          return AuthenticationResult.successful(userName);
        } else {
          return AuthenticationResult.unsuccessful(userName);
        }
      }
    } else {
      return AuthenticationResult.unsuccessful();
    }
  }

  protected boolean isAuthenticated(ProcessEngine engine, String userName, String password) {
    return engine.getIdentityService().checkPassword(userName, password);
  }

  @Override
  public void augmentResponseByAuthenticationChallenge(
      HttpServletResponse response, ProcessEngine engine) {
    response.setHeader(HttpHeaders.WWW_AUTHENTICATE, BASIC_AUTH_HEADER_PREFIX + "realm=\"" + engine.getName() + "\"");
  }
}