/*
* $Header: /home/data/cvs/rt/org.eclipse.ecf/tests/bundles/org.eclipse.ecf.tests.apache.httpclient.server/src/org/apache/commons/httpclient/server/ProxyAuthRequestHandler.java,v 1.1 2009/02/13 18:07:50 slewis Exp $
* $Revision: 1.1 $
* $Date: 2009/02/13 18:07:50 $
*
* ====================================================================
*
* Copyright 1999-2004 The Apache Software Foundation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
*/
package org.apache.commons.httpclient.server;
import java.io.IOException;
import org.apache.commons.httpclient.Credentials;
import org.apache.commons.httpclient.Header;
import org.apache.commons.httpclient.HttpStatus;
import org.apache.commons.httpclient.UsernamePasswordCredentials;
import org.apache.commons.httpclient.auth.BasicScheme;
/**
* This request handler guards access to a proxy when used in a request handler
* chain. It checks the headers for valid credentials and performs the
* authentication handshake if necessary.
*
* @author Ortwin Glueck
* @author Oleg Kalnichevski
*/
public class ProxyAuthRequestHandler implements HttpRequestHandler {
private Credentials credentials = null;
private String realm = null;
private boolean keepalive = true;
/**
* The proxy authenticate response header.
*/
public static final String PROXY_AUTH_RESP = "Proxy-Authorization";
/**
* TODO replace creds parameter with a class specific to an auth scheme
* encapsulating all required information for a specific scheme
*
* @param creds
*/
public ProxyAuthRequestHandler(final Credentials creds, final String realm, boolean keepalive) {
if (creds == null)
throw new IllegalArgumentException("Credentials may not be null");
this.credentials = creds;
this.keepalive = keepalive;
if (realm != null) {
this.realm = realm;
} else {
this.realm = "test";
}
}
public ProxyAuthRequestHandler(final Credentials creds, final String realm) {
this(creds, realm, true);
}
public ProxyAuthRequestHandler(final Credentials creds) {
this(creds, null, true);
}
public boolean processRequest(
final SimpleHttpServerConnection conn,
final SimpleRequest request) throws IOException
{
Header clientAuth = request.getFirstHeader(PROXY_AUTH_RESP);
if (clientAuth != null && checkAuthorization(clientAuth)) {
return false;
} else {
SimpleResponse response = performBasicHandshake(conn, request);
// Make sure the request body is fully consumed
request.getBodyBytes();
conn.writeResponse(response);
return true;
}
}
//TODO add more auth schemes
private SimpleResponse performBasicHandshake(
final SimpleHttpServerConnection conn,
final SimpleRequest request) {
SimpleResponse response = new SimpleResponse();
response.setStatusLine(
request.getRequestLine().getHttpVersion(),
HttpStatus.SC_PROXY_AUTHENTICATION_REQUIRED);
if (!request.getRequestLine().getMethod().equalsIgnoreCase("HEAD")) {
response.setBodyString("unauthorized");
}
response.addHeader(new Header("Proxy-Authenticate", "basic realm=\"" + this.realm + "\""));
if (this.keepalive) {
response.addHeader(new Header("Proxy-Connection", "keep-alive"));
conn.setKeepAlive(true);
} else {
response.addHeader(new Header("Proxy-Connection", "close"));
conn.setKeepAlive(false);
}
return response;
}
/**
* Checks if the credentials provided by the client match the required
* credentials
*
* @return true if the client is authorized, false if not.
* @param clientAuth
*/
private boolean checkAuthorization(Header clientAuth) {
String expectedAuthString = BasicScheme.authenticate(
(UsernamePasswordCredentials)credentials,
"ISO-8859-1");
return expectedAuthString.equals(clientAuth.getValue());
}
}