BasicAuthRequestWrapper.java

/**
 * The contents of this file are subject to the license and copyright
 * detailed in the LICENSE file at the root of the source
 * tree and available online at
 *
 * https://github.com/keeps/roda
 */
package org.roda.wui.filter;

import java.nio.charset.Charset;
import java.util.Base64;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;

import org.roda.core.data.common.RodaConstants;
import org.roda.core.data.v2.common.Pair;

/**
 * A {@link HttpServletRequestWrapper} that provides a method to access username
 * and password from Basic auth information.
 * 
 * @author Rui Castro <rui.castro@gmail.com>
 */
public class BasicAuthRequestWrapper extends HttpServletRequestWrapper {

  /**
   * Constructor.
   * 
   * @param request
   *          the HTTP request.
   */
  public BasicAuthRequestWrapper(final HttpServletRequest request) {
    super(request);
  }

  /**
   * Returns a {@link Pair} of {@link String}s with the username and password
   * contained in the HTTP header <strong>Authorization</strong> or
   * <code>null</code> if the credentials could not be extracted.
   * 
   * @return a {@link Pair} with username and password.
   */
  public Pair<String, String> getCredentials() {
    Pair<String, String> ret = null;
    final String authorization = getHeader("Authorization");
    if (authorization != null && authorization.startsWith("Basic")) {
      String credentials = authorization;
      credentials = credentials.replaceFirst("[B|b]asic ", "");
      credentials = new String(Base64.getDecoder().decode(credentials),
        Charset.forName(RodaConstants.DEFAULT_ENCODING));
      final String[] values = credentials.split(":", 2);
      if (values[0] != null && values[1] != null) {
        ret = Pair.of(values[0], values[1]);
      }
    }
    return ret;
  }
}