This is an automated email from the ASF dual-hosted git repository. radcortez pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomee.git
commit cdd673a8c4f78daddaec6f5080acd13edabb5856 Author: Roberto Cortez <[email protected]> AuthorDate: Tue Dec 18 18:03:37 2018 +0000 TOMEE-2365 - Added credentials API for Basic Auth. --- .../credential/AbstractClearableCredential.java | 39 +++++++++++++ .../credential/BasicAuthenticationCredential.java | 67 ++++++++++++++++++++++ .../security/enterprise/credential/Password.java | 56 ++++++++++++++++++ .../credential/UsernamePasswordCredential.java | 54 +++++++++++++++++ 4 files changed, 216 insertions(+) diff --git a/tomee/tomee-security/src/main/java/javax/security/enterprise/credential/AbstractClearableCredential.java b/tomee/tomee-security/src/main/java/javax/security/enterprise/credential/AbstractClearableCredential.java new file mode 100644 index 0000000..8b9ac9c --- /dev/null +++ b/tomee/tomee-security/src/main/java/javax/security/enterprise/credential/AbstractClearableCredential.java @@ -0,0 +1,39 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package javax.security.enterprise.credential; + +public abstract class AbstractClearableCredential implements Credential { + + private volatile boolean cleared = false; + + @Override + public final boolean isCleared() { + return cleared; + } + + protected final void setCleared() { + this.cleared = true; + } + + @Override + public final void clear() { + clearCredential(); + setCleared(); + } + + protected abstract void clearCredential(); +} diff --git a/tomee/tomee-security/src/main/java/javax/security/enterprise/credential/BasicAuthenticationCredential.java b/tomee/tomee-security/src/main/java/javax/security/enterprise/credential/BasicAuthenticationCredential.java new file mode 100644 index 0000000..404cc3c --- /dev/null +++ b/tomee/tomee-security/src/main/java/javax/security/enterprise/credential/BasicAuthenticationCredential.java @@ -0,0 +1,67 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package javax.security.enterprise.credential; + +import java.io.UnsupportedEncodingException; +import java.util.Base64; + +public class BasicAuthenticationCredential extends UsernamePasswordCredential { + + public BasicAuthenticationCredential(String authorizationHeader) { + super(parseUsername(authorizationHeader), parsePassword(authorizationHeader)); + } + + private static String decodeHeader(String authorizationHeader) { + final String BASIC_AUTH_CHARSET = "US-ASCII"; + + if (null == authorizationHeader) { + throw new NullPointerException("authorization header"); + } + + if (authorizationHeader.isEmpty()) { + throw new IllegalArgumentException("authorization header is empty"); + } + + final Base64.Decoder decoder = Base64.getMimeDecoder(); + byte[] decodedBytes = decoder.decode(authorizationHeader); + try { + return new String(decodedBytes, BASIC_AUTH_CHARSET); + } catch (UnsupportedEncodingException e) { + throw new IllegalStateException("Unknown Charset: " + BASIC_AUTH_CHARSET, e); + } + } + + private static String parseUsername(String authorizationHeader) { + String decodedAuthorizationHeader = decodeHeader(authorizationHeader); + int delimiterIndex = decodedAuthorizationHeader.indexOf(':'); + if (delimiterIndex > -1) { + return decodedAuthorizationHeader.substring(0, delimiterIndex); + } else { + return decodedAuthorizationHeader; + } + } + + private static Password parsePassword(String authorizationHeader) { + String decodedAuthorizationHeader = decodeHeader(authorizationHeader); + int delimiterIndex = decodedAuthorizationHeader.indexOf(':'); + if (delimiterIndex > -1) { + return new Password(decodedAuthorizationHeader.substring(delimiterIndex + 1)); + } else { + return new Password(""); + } + } +} diff --git a/tomee/tomee-security/src/main/java/javax/security/enterprise/credential/Password.java b/tomee/tomee-security/src/main/java/javax/security/enterprise/credential/Password.java new file mode 100644 index 0000000..b52c429 --- /dev/null +++ b/tomee/tomee-security/src/main/java/javax/security/enterprise/credential/Password.java @@ -0,0 +1,56 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package javax.security.enterprise.credential; + +import java.util.Arrays; + +import static java.util.Arrays.copyOf; +import static java.util.Objects.requireNonNull; + +public class Password { + private static final char[] EMPTY_VALUE = new char[0]; + private volatile char[] value; + + public Password(char[] value) { + requireNonNull(value, "Password value may not be null"); + + this.value = copyOf(value, value.length); + } + + public Password(String value) { + this(null == value ? null : value.toCharArray()); + } + + public char[] getValue() { + return value; + } + + public void clear() { + if (EMPTY_VALUE == value) { return; } + + char[] tempValue = value; + value = EMPTY_VALUE; + + for (int i = 0; i < tempValue.length; i++) { + tempValue[i] = 0x00; + } + } + + public boolean compareTo(String password) { + return password != null && Arrays.equals(password.toCharArray(), value); + } +} diff --git a/tomee/tomee-security/src/main/java/javax/security/enterprise/credential/UsernamePasswordCredential.java b/tomee/tomee-security/src/main/java/javax/security/enterprise/credential/UsernamePasswordCredential.java new file mode 100644 index 0000000..6521397 --- /dev/null +++ b/tomee/tomee-security/src/main/java/javax/security/enterprise/credential/UsernamePasswordCredential.java @@ -0,0 +1,54 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package javax.security.enterprise.credential; + +public class UsernamePasswordCredential extends AbstractClearableCredential { + + private final String caller; + private final Password password; + + public UsernamePasswordCredential(String callerName, String password) { + this.caller = callerName; + this.password = new Password(password); + } + + public UsernamePasswordCredential(String callerName, Password password) { + this.caller = callerName; + this.password = password; + } + + public Password getPassword() { + return password; + } + + public String getPasswordAsString() { + return String.valueOf(getPassword().getValue()); + } + + @Override + public void clearCredential() { + password.clear(); + } + + public String getCaller() { + return caller; + } + + public boolean compareTo(String callerName, String password) { + return getCaller().equals(callerName) && getPassword().compareTo(password); + } +}
