aboutsummaryrefslogtreecommitdiff
path: root/src/org/traccar
diff options
context:
space:
mode:
authorRafael Guterres <guterresrafael@gmail.com>2015-11-05 22:03:00 -0200
committerRafael Guterres <guterresrafael@gmail.com>2015-11-05 22:03:00 -0200
commit2490884fd74e20b69e5913533be77fc057731a47 (patch)
treed38e20a284fe0cf3e9bd057e07679f7b15279b77 /src/org/traccar
parentb14974fec3c529e4cc29db6f86372efddc87b959 (diff)
downloadtraccar-server-2490884fd74e20b69e5913533be77fc057731a47.tar.gz
traccar-server-2490884fd74e20b69e5913533be77fc057731a47.tar.bz2
traccar-server-2490884fd74e20b69e5913533be77fc057731a47.zip
Add support to authorization basic http header in alternative to cookie and java session.
Modification to allow traccar api stateless.
Diffstat (limited to 'src/org/traccar')
-rw-r--r--src/org/traccar/helper/Authorization.java45
-rw-r--r--src/org/traccar/web/BaseServlet.java14
2 files changed, 58 insertions, 1 deletions
diff --git a/src/org/traccar/helper/Authorization.java b/src/org/traccar/helper/Authorization.java
new file mode 100644
index 000000000..992254d04
--- /dev/null
+++ b/src/org/traccar/helper/Authorization.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright 2015 Anton Tananaev (anton.tananaev@gmail.com)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.traccar.helper;
+
+import java.util.Base64;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.StringTokenizer;
+
+public final class Authorization {
+
+ private Authorization() {
+ }
+
+ public static final String HEADER = "Authorization";
+ public static final String SCHEME = "Basic";
+ public static final String REGEX = SCHEME + " ";
+ public static final String REPLACEMENT = "";
+ public static final String TOKENIZER = ":";
+ public static final String USERNAME = "username";
+ public static final String PASSWORD = "password";
+
+ public static Map<String, String> parse(String authorization) {
+ Map<String, String> authMap = new HashMap<>();
+ final String encodedUsernameAndPassword = authorization.replaceFirst(REGEX, REPLACEMENT);
+ String usernameAndPassword = new String(Base64.getDecoder().decode(encodedUsernameAndPassword));
+ final StringTokenizer tokenizer = new StringTokenizer(usernameAndPassword, TOKENIZER);
+ authMap.put(USERNAME, tokenizer.nextToken());
+ authMap.put(PASSWORD, tokenizer.nextToken());
+ return authMap;
+ }
+}
diff --git a/src/org/traccar/web/BaseServlet.java b/src/org/traccar/web/BaseServlet.java
index cfdff40d3..a77ad0908 100644
--- a/src/org/traccar/web/BaseServlet.java
+++ b/src/org/traccar/web/BaseServlet.java
@@ -20,6 +20,7 @@ import org.traccar.helper.Log;
import java.io.IOException;
import java.io.Writer;
import java.security.AccessControlException;
+import java.util.Map;
import javax.json.Json;
import javax.json.JsonObjectBuilder;
import javax.json.JsonStructure;
@@ -27,6 +28,9 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.traccar.Context;
+import org.traccar.helper.Authorization;
+import org.traccar.model.User;
public abstract class BaseServlet extends HttpServlet {
@@ -57,7 +61,15 @@ public abstract class BaseServlet extends HttpServlet {
protected abstract boolean handle(
String command, HttpServletRequest req, HttpServletResponse resp) throws Exception;
- public long getUserId(HttpServletRequest req) {
+ public long getUserId(HttpServletRequest req) throws Exception {
+ String authorization = req.getHeader(Authorization.HEADER);
+ if (authorization != null && !authorization.isEmpty()) {
+ Map<String, String> authMap = Authorization.parse(authorization);
+ User user = Context.getDataManager().login(authMap.get(Authorization.USERNAME), authMap.get(Authorization.PASSWORD));
+ if (user != null) {
+ return user.getId();
+ }
+ }
Long userId = (Long) req.getSession().getAttribute(USER_KEY);
if (userId == null) {
throw new AccessControlException("User not logged in");