AuthenticationInterceptor.java example

Explorer

wifiserver-master
- WiFiServer
  - src
    - org
      - openintents
        wifiserver
        AuthenticationInterceptor.java
        ConnectivityReceiver.java
        OIWiFiServerActivity.java
        preference
        EditIntPreference.java
        HashedEditTextPreference.java
        OIWiFiPreferencesActivity.java
        OiWiFiPreferences.java
        requesthandler
        AvailableAppsHandler.java
        BasicAuthentiationHandler.java
        FileHandler.java
        LoginHandler.java
        LogoutHandler.java
        notes
        DeleteNote.java
        GetNote.java
        NewNote.java
        NotesHandler.java
        UpdateNote.java
        shoppinglist
        DeleteItem.java
        DeleteShoppinglist.java
        GetItem.java
        GetShoppinglist.java
        NewShoppinglist.java
        RenameShoppinglist.java
        ShoppinglistHandler.java
        UpdateItem.java
        util
        HashUtil.java
        URLEncodedUtils.java
        URLUtil.java
        webserver
        ServerStatusListener.java
        WebServer.java
- WiFiServerTest
  - src
    - org
      - openintents
        wifiserver
        test
        BasicServerTest.java
        TestHTTPMethods.java
        TestNotesInterface.java
        TestPreferencesActivity.java
        TestShoppinglistInterface.java
        util
        StringUtil.java

package org.openintents.wifiserver;

import java.io.IOException;
import java.net.URLDecoder;
import java.util.StringTokenizer;

import org.apache.http.Header;
import org.apache.http.HttpException;
import org.apache.http.HttpRequest;
import org.apache.http.HttpRequestInterceptor;
import org.apache.http.protocol.HttpContext;
import org.apache.http.protocol.HttpRequestHandler;
import org.openintents.wifiserver.util.HashUtil;

/**
 * The authentication interceptor is called before a request is processed by a
 * {@link HttpRequestHandler}.
 * It checks whether the user is allowed to execute the request and sets a
 * context attribute which indicates if the check was successful or not.
 *
 * @author Stanley Förster
 *
 */
public class AuthenticationInterceptor implements HttpRequestInterceptor {

    private String TAG = AuthenticationInterceptor.class.getSimpleName();

    private final static String ATTRIBUTE_AUTHENTICATED = "authenticated";
    private final static String COOKIE_SESSIONID = "session";

    /**
     * <p>
     * {@inheritDoc}
     * </p>
     *
     * A cookie is required to authenticate the request. The cookie's key is
     * "session" and its value is a hashed, random number.
     * If the cookie is correct the context attribute "authenticated" is set to
     * true. This attribute is used by {@link HttpRequestHandler}s to decide
     * what to do.
     */
    @Override
    public void process(HttpRequest request, HttpContext context) throws HttpException, IOException {
        context.setAttribute(ATTRIBUTE_AUTHENTICATED, Boolean.FALSE);

        if (request.containsHeader("Cookie")) {
            Header cookieHdr = request.getHeaders("Cookie")[0];
            String cookieStr = URLDecoder.decode(cookieHdr.getValue(), "UTF-8");

            StringTokenizer tokens = new StringTokenizer(cookieStr, "=;");
            String key = null;
            String value = null;

            while (tokens.hasMoreTokens()) {
                key = tokens.nextToken().trim();
                value = tokens.nextToken().trim();

                if (key.equals(COOKIE_SESSIONID) && value.length() > HashUtil.SALT_LENGTH) {
                    String sessionID = value.substring(0, value.length() - HashUtil.SALT_LENGTH);
                    String salt = value.substring(value.length() - HashUtil.SALT_LENGTH);
                    String hashedSalt = HashUtil.sha256(salt);

                    if (sessionID.equals(hashedSalt))
                        context.setAttribute("authenticated", Boolean.TRUE);
                    break;
                }
            }
        }
    }
}