Merge pull request #1510 from guterresrafael/master

Add support for basic authorization
author: Anton Tananaev <anton.tananaev@gmail.com> 2015-11-14 10:08:35 +1300
committer: Anton Tananaev <anton.tananaev@gmail.com> 2015-11-14 10:08:35 +1300
commit: e62d408f73d34a7f0ed5a43fd8b517f9667dbb5e (patch)
tree: d914cde090b2b36cfed604969b1816c0320738c2
parent: c9d9ef9f2fef278455b37e64f83b8e0851c908d0 (diff)
parent: d7d53864f610211a1591d056ccf8e7295438e4a6 (diff)
download: traccar-server-e62d408f73d34a7f0ed5a43fd8b517f9667dbb5e.tar.gz
traccar-server-e62d408f73d34a7f0ed5a43fd8b517f9667dbb5e.tar.bz2
traccar-server-e62d408f73d34a7f0ed5a43fd8b517f9667dbb5e.zip
2 files changed, 64 insertions, 1 deletions
diff --git a/src/org/traccar/helper/Authorization.java b/src/org/traccar/helper/Authorization.java
new file mode 100644
index 000000000..fc34687cd
--- /dev/null
+++ b/src/org/traccar/helper/Authorization.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2015 Anton Tananaev (anton.tananaev@gmail.com)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.traccar.helper;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.StringTokenizer;
+import org.jboss.netty.buffer.ChannelBuffer;
+import org.jboss.netty.buffer.ChannelBuffers;
+import org.jboss.netty.handler.codec.base64.Base64;
+import org.jboss.netty.util.CharsetUtil;
+
+public final class Authorization {
+
+    private Authorization() {
+    }
+
+    public static final String HEADER = "Authorization";
+    public static final String SCHEME = "Basic";
+    public static final String REGEX = SCHEME + " ";
+    public static final String REPLACEMENT = "";
+    public static final String TOKENIZER = ":";
+    public static final String USERNAME = "username";
+    public static final String PASSWORD = "password";
+
+    public static Map<String, String> parse(String authorization) {
+        Map<String, String> authMap = new HashMap<>();
+        final String encodedUsernameAndPassword = authorization.replaceFirst(REGEX, REPLACEMENT);
+        ChannelBuffer buffer = ChannelBuffers.copiedBuffer(encodedUsernameAndPassword, CharsetUtil.UTF_8);
+        String usernameAndPassword = Base64.decode(buffer).toString(CharsetUtil.UTF_8);
+        final StringTokenizer tokenizer = new StringTokenizer(usernameAndPassword, TOKENIZER);
+        authMap.put(USERNAME, tokenizer.nextToken());
+        authMap.put(PASSWORD, tokenizer.nextToken());
+        return authMap;
+    }
+}
diff --git a/src/org/traccar/web/BaseServlet.java b/src/org/traccar/web/BaseServlet.java
index cfdff40d3..039e3a1f4 100644
--- a/src/org/traccar/web/BaseServlet.java
+++ b/src/org/traccar/web/BaseServlet.java
@@ -20,6 +20,7 @@ import org.traccar.helper.Log;
 import java.io.IOException;
 import java.io.Writer;
 import java.security.AccessControlException;
+import java.util.Map;
 import javax.json.Json;
 import javax.json.JsonObjectBuilder;
 import javax.json.JsonStructure;
@@ -27,6 +28,9 @@ import javax.servlet.ServletException;
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import org.traccar.Context;
+import org.traccar.helper.Authorization;
+import org.traccar.model.User;
 
 public abstract class BaseServlet extends HttpServlet {
 
@@ -57,7 +61,17 @@ public abstract class BaseServlet extends HttpServlet {
     protected abstract boolean handle(
             String command, HttpServletRequest req, HttpServletResponse resp) throws Exception;
 
-    public long getUserId(HttpServletRequest req) {
+    public long getUserId(HttpServletRequest req) throws Exception  {
+        String authorization = req.getHeader(Authorization.HEADER);
+        if (authorization != null && !authorization.isEmpty()) {
+            Map<String, String> authMap = Authorization.parse(authorization);
+            String username = authMap.get(Authorization.USERNAME);
+            String password = authMap.get(Authorization.PASSWORD);
+            User user = Context.getDataManager().login(username, password);
+            if (user != null) {
+                return user.getId();
+            }
+        }
         Long userId = (Long) req.getSession().getAttribute(USER_KEY);
         if (userId == null) {
             throw new AccessControlException("User not logged in");
author	Anton Tananaev <anton.tananaev@gmail.com>	2015-11-14 10:08:35 +1300
committer	Anton Tananaev <anton.tananaev@gmail.com>	2015-11-14 10:08:35 +1300
commit	e62d408f73d34a7f0ed5a43fd8b517f9667dbb5e (patch)
tree	d914cde090b2b36cfed604969b1816c0320738c2
parent	c9d9ef9f2fef278455b37e64f83b8e0851c908d0 (diff)
parent	d7d53864f610211a1591d056ccf8e7295438e4a6 (diff)
download	traccar-server-e62d408f73d34a7f0ed5a43fd8b517f9667dbb5e.tar.gz traccar-server-e62d408f73d34a7f0ed5a43fd8b517f9667dbb5e.tar.bz2 traccar-server-e62d408f73d34a7f0ed5a43fd8b517f9667dbb5e.zip