Author: chathura
Date: Thu Jan 3 21:51:07 2008
New Revision: 11828
Log:
Implementing HTTP basic authentication support for resource content access.
Added:
trunk/registry/modules/core/src/main/java/org/wso2/registry/servlet/ResourceRequestProcessor.java
- copied, changed from r11777,
trunk/registry/modules/core/src/main/java/org/wso2/registry/servlet/ResourceHandlerUtil.java
Removed:
trunk/registry/modules/core/src/main/java/org/wso2/registry/servlet/ResourceHandlerUtil.java
Modified:
trunk/registry/modules/core/src/main/java/org/wso2/registry/servlet/RegistryServlet.java
trunk/registry/modules/core/src/main/java/org/wso2/registry/servlet/Utils.java
Modified:
trunk/registry/modules/core/src/main/java/org/wso2/registry/servlet/RegistryServlet.java
==============================================================================
---
trunk/registry/modules/core/src/main/java/org/wso2/registry/servlet/RegistryServlet.java
(original)
+++
trunk/registry/modules/core/src/main/java/org/wso2/registry/servlet/RegistryServlet.java
Thu Jan 3 21:51:07 2008
@@ -35,6 +35,7 @@
import org.wso2.registry.jdbc.realm.RegistryRealm;
import org.wso2.registry.jdbc.utils.RegistryDataSource;
import org.wso2.registry.secure.SecureRegistry;
+import org.wso2.registry.secure.AuthorizationFailedException;
import javax.naming.Context;
import javax.naming.InitialContext;
@@ -213,35 +214,7 @@
path = path + "?" + qPart;
}
- Resource resource ;
- try {
- resource = ResourceHandlerUtil.getResource(request, path);
- } catch (RegistryException e) {
-
request.getSession().setAttribute(RegistryConstants.ERROR_MESSAGE,
e.getMessage());
- request.getRequestDispatcher(RegistryConstants.ERROR_JSP);
- return;
- }
-
- if (resource == null) {
-
request.getSession().setAttribute(RegistryConstants.ERROR_MESSAGE, "404 Not
Found");
- request.getRequestDispatcher(RegistryConstants.ERROR_JSP);
- return;
- }
-
- // handle if-modified-since header
- long modifiedSince = request.getDateHeader("If-Modified-Since");
- if (modifiedSince > 0 && !resource.getLastModified().after(new
Date(modifiedSince))) {
- response.setStatus(304);
- response.getWriter().flush();
- return;
- }
-
-
- if (resource.isDirectory()) {
- response.sendRedirect("/wso2registry/web" + path);
- } else {
- sendResourceContent(request, response, path);
- }
+ ResourceRequestProcessor.processResourceGET(request, response,
path);
}
}
@@ -289,45 +262,6 @@
}
}
- private void sendResourceContent(HttpServletRequest request,
HttpServletResponse response, String path) {
-
- Resource resource = null;
- try {
- resource = ResourceHandlerUtil.getResource(request, path);
- } catch (RegistryException e) {
- setErrorMessage(request, e.getMessage());
- e.printStackTrace();
- }
-
- try {
- Object content = null;
- if (resource != null) {
- content = resource.getContent();
- }
- if (content != null) {
-
- response.setDateHeader("Last-Modified",
resource.getLastModified().getTime());
-
- if (resource.getMediaType() != null &&
resource.getMediaType().length() > 0) {
- response.setContentType(resource.getMediaType());
- } else {
- response.setContentType("application/download");
- }
-
- if (content instanceof byte[]) {
- response.getOutputStream().write((byte[]) content);
- response.flushBuffer();
- } else {
- response.getWriter().write(content.toString());
- }
- }
-
- response.getWriter().flush();
- } catch (IOException e) {
- e.printStackTrace();
- }
- }
-
private void setErrorMessage(HttpServletRequest request, String message) {
request.getSession().setAttribute(RegistryConstants.ERROR_MESSAGE,
message);
}
Copied:
trunk/registry/modules/core/src/main/java/org/wso2/registry/servlet/ResourceRequestProcessor.java
(from r11777,
trunk/registry/modules/core/src/main/java/org/wso2/registry/servlet/ResourceHandlerUtil.java)
==============================================================================
---
trunk/registry/modules/core/src/main/java/org/wso2/registry/servlet/ResourceHandlerUtil.java
(original)
+++
trunk/registry/modules/core/src/main/java/org/wso2/registry/servlet/ResourceRequestProcessor.java
Thu Jan 3 21:51:07 2008
@@ -22,11 +22,124 @@
import org.wso2.registry.RegistryConstants;
import org.wso2.registry.jdbc.realm.RegistryRealm;
import org.wso2.registry.secure.SecureRegistry;
+import org.wso2.registry.secure.AuthorizationFailedException;
+import org.apache.axiom.om.util.Base64;
import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
import javax.servlet.ServletContext;
+import java.util.Date;
+import java.io.IOException;
-public class ResourceHandlerUtil {
+public class ResourceRequestProcessor {
+
+ public static void processResourceGET(
+ HttpServletRequest request, HttpServletResponse response, String
path)
+ throws IOException {
+
+ Resource resource;
+ try {
+ // if the client has sent "Authorization" header, log in as the
new user.
+ String auth = request.getHeader("Authorization");
+ if (auth != null && auth.length() > 0) {
+ String[] aParts = auth.trim().split(" ");
+ if (aParts.length == 2) {
+ String credentials = aParts[1];
+ String decodedCredentials = new
String(Base64.decode(credentials));
+ String[] cParts = decodedCredentials.trim().split(":");
+ if (cParts.length == 2) {
+ String userName = cParts[0];
+ String password = cParts[1];
+ Utils.logInUser(request, userName, password);
+ }
+ }
+ }
+
+ resource = ResourceRequestProcessor.getResource(request, path);
+
+ } catch(AuthorizationFailedException ae) {
+
+ response.setStatus(401);
+
+ // if the user is not logged in, give him a challange
+ if (!Utils.isLoggedIn(request)) {
+ response.setHeader("WWW-Authenticate", "Basic
realm=\"WSO2-Registry\"");
+ }
+
+ try {
+ response.getWriter().flush();
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+
+ return;
+
+ } catch (RegistryException e) {
+ request.getSession().setAttribute(RegistryConstants.ERROR_MESSAGE,
e.getMessage());
+ request.getRequestDispatcher(RegistryConstants.ERROR_JSP);
+ return;
+ }
+
+ if (resource == null) {
+ request.getSession().setAttribute(RegistryConstants.ERROR_MESSAGE,
"404 Not Found");
+ request.getRequestDispatcher(RegistryConstants.ERROR_JSP);
+ return;
+ }
+
+ // handle if-modified-since header
+ long modifiedSince = request.getDateHeader("If-Modified-Since");
+ if (modifiedSince > 0 && !resource.getLastModified().after(new
Date(modifiedSince))) {
+ response.setStatus(304);
+ response.getWriter().flush();
+ return;
+ }
+
+ if (resource.isDirectory()) {
+ response.sendRedirect("/wso2registry/web" + path);
+ } else {
+ sendResourceContent(request, response, path);
+ }
+ }
+
+ private static void sendResourceContent(HttpServletRequest request,
HttpServletResponse response, String path) {
+
+ Resource resource = null;
+ try {
+ resource = ResourceRequestProcessor.getResource(request, path);
+ } catch (RegistryException e) {
+ setErrorMessage(request, e.getMessage());
+ e.printStackTrace();
+ }
+
+ try {
+ Object content = resource.getContent();
+ if (content != null) {
+
+ response.setDateHeader("Last-Modified",
resource.getLastModified().getTime());
+
+ if (resource.getMediaType() != null &&
resource.getMediaType().length() > 0) {
+ response.setContentType(resource.getMediaType());
+ } else {
+ response.setContentType("application/download");
+ }
+
+ if (content instanceof byte[]) {
+ response.getOutputStream().write((byte[]) content);
+ response.flushBuffer();
+ } else {
+ response.getWriter().write(content.toString());
+ }
+ }
+
+ response.getWriter().flush();
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+ }
+
+ private static void setErrorMessage(HttpServletRequest request, String
message) {
+ request.getSession().setAttribute(RegistryConstants.ERROR_MESSAGE,
message);
+ }
public static Resource getResource(HttpServletRequest request, String path)
throws RegistryException {
Modified:
trunk/registry/modules/core/src/main/java/org/wso2/registry/servlet/Utils.java
==============================================================================
---
trunk/registry/modules/core/src/main/java/org/wso2/registry/servlet/Utils.java
(original)
+++
trunk/registry/modules/core/src/main/java/org/wso2/registry/servlet/Utils.java
Thu Jan 3 21:51:07 2008
@@ -26,6 +26,7 @@
import org.wso2.registry.secure.SecureRegistry;
import javax.servlet.http.HttpServletRequest;
+import javax.servlet.ServletContext;
import java.util.HashMap;
import java.util.Map;
@@ -82,4 +83,36 @@
HttpServletRequest request, SecureRegistry secureRegistry) {
request.getSession().setAttribute(RegistryConstants.USER_REGISTRY,
secureRegistry);
}
+
+ public static boolean isLoggedIn(HttpServletRequest request) {
+
+ SecureRegistry userRegistry =
+ (SecureRegistry)
request.getSession().getAttribute(RegistryConstants.USER_REGISTRY);
+
+ if (userRegistry == null) {
+ return false;
+
+ } else {
+ if
(userRegistry.getUserID().equals(RegistryConstants.ANONYMOUS_USER)) {
+ return false;
+ } else {
+ return true;
+ }
+ }
+ }
+
+ public static void logInUser(HttpServletRequest request, String userName,
String password)
+ throws RegistryException {
+
+ ServletContext context = request.getSession().getServletContext();
+ Registry jdbcRegistry = (Registry)
context.getAttribute(RegistryConstants.REGISTRY);
+
+ RegistryRealm realm = (RegistryRealm)
request.getSession().getServletContext().
+ getAttribute(RegistryConstants.REGISTRY_REALM);
+
+ SecureRegistry secureRegistry = new SecureRegistry(
+ userName, password, jdbcRegistry, realm);
+
+ request.getSession().setAttribute(RegistryConstants.USER_REGISTRY,
secureRegistry);
+ }
}
_______________________________________________
Registry-dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/registry-dev
