package org.jivesoftware.openfire.plugin.servlet;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Response.Status;
import org.jivesoftware.openfire.admin.AdminManager;
import org.jivesoftware.openfire.auth.AuthFactory;
import org.jivesoftware.openfire.auth.ConnectionException;
import org.jivesoftware.openfire.auth.InternalUnauthenticatedException;
import org.jivesoftware.openfire.auth.UnauthorizedException;
import com.sun.jersey.spi.container.ContainerRequest;
import com.sun.jersey.spi.container.ContainerRequestFilter;
/**
* Jersey HTTP Basic Auth filter
*
* @author Deisss (LGPLv3)
*/
public class AuthFilter implements ContainerRequestFilter {
/**
* Apply the filter : check input request, validate or not with user auth
*
* @param containerRequest
* The request from Tomcat server
*/
@Override
public ContainerRequest filter(ContainerRequest containerRequest) throws WebApplicationException {
// Get the authentification passed in HTTP headers parameters
String auth = containerRequest.getHeaderValue("authorization");
// If the user does not have the right (does not provide any HTTP Basic
// Auth)
if (auth == null) {
throw new WebApplicationException(Status.UNAUTHORIZED);
}
// lap : loginAndPassword
String[] lap = BasicAuth.decode(auth);
// If login or password fail
if (lap == null || lap.length != 2) {
throw new WebApplicationException(Status.UNAUTHORIZED);
}
boolean userAdmin = AdminManager.getInstance().isUserAdmin(lap[0], true);
if (!userAdmin) {
throw new WebApplicationException(Status.UNAUTHORIZED);
}
try {
AuthFactory.authenticate(lap[0], lap[1]);
} catch (UnauthorizedException e) {
throw new WebApplicationException(Status.UNAUTHORIZED);
} catch (ConnectionException e) {
throw new WebApplicationException(Status.UNAUTHORIZED);
} catch (InternalUnauthenticatedException e) {
throw new WebApplicationException(Status.UNAUTHORIZED);
}
return containerRequest;
}
}