/*
* Copyright 1999-2015 dangdang.com.
* <p>
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* </p>
*/
package com.dangdang.ddframe.job.security;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.codec.binary.Base64;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.FileInputStream;
import java.io.IOException;
import java.util.Properties;
@Slf4j
public final class WwwAuthFilter implements Filter {
private static final String AUTH_PREFIX = "Basic ";
private String root_username = "root";
private String root_password = "root";
private String guest_username = "guest";
private String guest_password = "guest";
@Override
public void init(final FilterConfig filterConfig) throws ServletException {
String fileSeparator = System.getProperty("file.separator");
String configFilePath = Thread.currentThread().getContextClassLoader().getResource("").getPath() + fileSeparator + "conf" + fileSeparator + "auth.properties";
Properties props = new Properties();
try {
props.load(new FileInputStream(configFilePath));
} catch (final IOException ex) {
log.warn("Cannot found auth config file, use default auth config.");
}
root_username = props.getProperty("root.username", root_username);
root_password = props.getProperty("root.password", root_password);
guest_username = props.getProperty("guset.username", guest_username);
guest_password = props.getProperty("guset.password", guest_password);
}
@Override
public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
String authorization = httpRequest.getHeader("authorization");
if (null != authorization && authorization.length() > AUTH_PREFIX.length()) {
authorization = authorization.substring(AUTH_PREFIX.length(), authorization.length());
if ((root_username + ":" + root_password).equals(new String(Base64.decodeBase64(authorization)))) {
authenticateSuccess(httpResponse, false);
chain.doFilter(httpRequest, httpResponse);
} else if ((guest_username + ":" + guest_password).equals(new String(Base64.decodeBase64(authorization)))) {
authenticateSuccess(httpResponse, true);
chain.doFilter(httpRequest, httpResponse);
} else {
needAuthenticate(httpRequest, httpResponse);
}
} else {
needAuthenticate(httpRequest, httpResponse);
}
}
private void authenticateSuccess(final HttpServletResponse response, boolean isGuset) {
response.setStatus(200);
response.setHeader("Pragma", "No-cache");
response.setHeader("Cache-Control", "no-store");
response.setDateHeader("Expires", 0);
response.setHeader("identify", true == isGuset ? guest_username : root_username);
}
private void needAuthenticate(final HttpServletRequest request, final HttpServletResponse response) {
response.setStatus(401);
response.setHeader("Cache-Control", "no-store");
response.setDateHeader("Expires", 0);
response.setHeader("WWW-authenticate", AUTH_PREFIX + "Realm=\"Elastic Job Console Auth\"");
}
@Override
public void destroy() {
}
}