diff options
author | Anton Tananaev <anton.tananaev@gmail.com> | 2015-11-14 10:08:35 +1300 |
---|---|---|
committer | Anton Tananaev <anton.tananaev@gmail.com> | 2015-11-14 10:08:35 +1300 |
commit | e62d408f73d34a7f0ed5a43fd8b517f9667dbb5e (patch) | |
tree | d914cde090b2b36cfed604969b1816c0320738c2 | |
parent | c9d9ef9f2fef278455b37e64f83b8e0851c908d0 (diff) | |
parent | d7d53864f610211a1591d056ccf8e7295438e4a6 (diff) | |
download | trackermap-server-e62d408f73d34a7f0ed5a43fd8b517f9667dbb5e.tar.gz trackermap-server-e62d408f73d34a7f0ed5a43fd8b517f9667dbb5e.tar.bz2 trackermap-server-e62d408f73d34a7f0ed5a43fd8b517f9667dbb5e.zip |
Merge pull request #1510 from guterresrafael/master
Add support for basic authorization
-rw-r--r-- | src/org/traccar/helper/Authorization.java | 49 | ||||
-rw-r--r-- | src/org/traccar/web/BaseServlet.java | 16 |
2 files changed, 64 insertions, 1 deletions
diff --git a/src/org/traccar/helper/Authorization.java b/src/org/traccar/helper/Authorization.java new file mode 100644 index 000000000..fc34687cd --- /dev/null +++ b/src/org/traccar/helper/Authorization.java @@ -0,0 +1,49 @@ +/* + * Copyright 2015 Anton Tananaev (anton.tananaev@gmail.com) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.traccar.helper; + +import java.util.HashMap; +import java.util.Map; +import java.util.StringTokenizer; +import org.jboss.netty.buffer.ChannelBuffer; +import org.jboss.netty.buffer.ChannelBuffers; +import org.jboss.netty.handler.codec.base64.Base64; +import org.jboss.netty.util.CharsetUtil; + +public final class Authorization { + + private Authorization() { + } + + public static final String HEADER = "Authorization"; + public static final String SCHEME = "Basic"; + public static final String REGEX = SCHEME + " "; + public static final String REPLACEMENT = ""; + public static final String TOKENIZER = ":"; + public static final String USERNAME = "username"; + public static final String PASSWORD = "password"; + + public static Map<String, String> parse(String authorization) { + Map<String, String> authMap = new HashMap<>(); + final String encodedUsernameAndPassword = authorization.replaceFirst(REGEX, REPLACEMENT); + ChannelBuffer buffer = ChannelBuffers.copiedBuffer(encodedUsernameAndPassword, CharsetUtil.UTF_8); + String usernameAndPassword = Base64.decode(buffer).toString(CharsetUtil.UTF_8); + final StringTokenizer tokenizer = new StringTokenizer(usernameAndPassword, TOKENIZER); + authMap.put(USERNAME, tokenizer.nextToken()); + authMap.put(PASSWORD, tokenizer.nextToken()); + return authMap; + } +} diff --git a/src/org/traccar/web/BaseServlet.java b/src/org/traccar/web/BaseServlet.java index cfdff40d3..039e3a1f4 100644 --- a/src/org/traccar/web/BaseServlet.java +++ b/src/org/traccar/web/BaseServlet.java @@ -20,6 +20,7 @@ import org.traccar.helper.Log; import java.io.IOException; import java.io.Writer; import java.security.AccessControlException; +import java.util.Map; import javax.json.Json; import javax.json.JsonObjectBuilder; import javax.json.JsonStructure; @@ -27,6 +28,9 @@ import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.traccar.Context; +import org.traccar.helper.Authorization; +import org.traccar.model.User; public abstract class BaseServlet extends HttpServlet { @@ -57,7 +61,17 @@ public abstract class BaseServlet extends HttpServlet { protected abstract boolean handle( String command, HttpServletRequest req, HttpServletResponse resp) throws Exception; - public long getUserId(HttpServletRequest req) { + public long getUserId(HttpServletRequest req) throws Exception { + String authorization = req.getHeader(Authorization.HEADER); + if (authorization != null && !authorization.isEmpty()) { + Map<String, String> authMap = Authorization.parse(authorization); + String username = authMap.get(Authorization.USERNAME); + String password = authMap.get(Authorization.PASSWORD); + User user = Context.getDataManager().login(username, password); + if (user != null) { + return user.getId(); + } + } Long userId = (Long) req.getSession().getAttribute(USER_KEY); if (userId == null) { throw new AccessControlException("User not logged in"); |