BasicAuthenticator.java example

Explorer
infinispan-master
package org.infinispan.rest.embedded.netty4.security;

import java.io.IOException;
import java.security.Principal;
import java.util.Base64;
import java.util.List;

import javax.ws.rs.core.SecurityContext;

import org.infinispan.rest.embedded.netty4.NettySecurityContext;
import org.jboss.resteasy.plugins.server.embedded.SecurityDomain;
import org.jboss.resteasy.spi.HttpRequest;
import org.jboss.resteasy.spi.HttpResponse;
import org.jboss.resteasy.util.HttpHeaderNames;
import org.jboss.resteasy.util.HttpResponseCodes;

import io.netty.channel.ChannelHandlerContext;

/**
 * An Authenticator which implements the Basic authentication method
 *
 * @author Tristan Tarrant
 * @since 9.0
 */

public class BasicAuthenticator implements Authenticator {

   private final SecurityDomain domain;
   private final boolean secure;
   private final String realm;
   private final String authenticateHeader;

   public BasicAuthenticator(SecurityDomain domain, boolean secure, String realm) {
      this.domain = domain;
      this.secure = secure;
      this.realm = realm;
      this.authenticateHeader = realm != null ? String.format("Basic realm=\"%s\"", realm) : "Basic";
   }

   @Override
   public SecurityContext authenticate(ChannelHandlerContext ctx, HttpRequest request, HttpResponse response) throws IOException {
      List<String> headers = request.getHttpHeaders().getRequestHeader(HttpHeaderNames.AUTHORIZATION);
      if (!headers.isEmpty()) {
         String auth = headers.get(0);
         if (auth.length() > 5) {
            String type = auth.substring(0, 5);
            type = type.toLowerCase();
            if ("basic".equals(type)) {
               String cookie = auth.substring(6);
               cookie = new String(Base64.getDecoder().decode(cookie.getBytes()));
               String[] split = cookie.split(":");
               try {
                  Principal user = domain.authenticate(split[0], split[1]);
                  return new NettySecurityContext(user, domain, "BASIC", secure);
               } catch (SecurityException e) {
                  sendUnauthorizedResponse(response);
                  return null;
               }
            } else {
               sendUnauthorizedResponse(response);
               return null;
            }
         }
      }
      sendUnauthorizedResponse(response);
      return null;
   }

   private void sendUnauthorizedResponse(HttpResponse response) throws IOException {
      response.getOutputHeaders().add(HttpHeaderNames.WWW_AUTHENTICATE, authenticateHeader);
      response.sendError(HttpResponseCodes.SC_UNAUTHORIZED);
   }
}