diff options
author | Anton Tananaev <anton@traccar.org> | 2022-06-22 08:43:50 -0700 |
---|---|---|
committer | Anton Tananaev <anton@traccar.org> | 2022-06-22 08:43:50 -0700 |
commit | 6a608f109ab587803092374591d1ec22e8f40fb7 (patch) | |
tree | 168c5b57bf46c1428c38629dbc1dfbe7e0e39614 /src/main/java/org | |
parent | 1271b2e7a772c8458b567d7f424d5a38365b5d75 (diff) | |
download | trackermap-server-6a608f109ab587803092374591d1ec22e8f40fb7.tar.gz trackermap-server-6a608f109ab587803092374591d1ec22e8f40fb7.tar.bz2 trackermap-server-6a608f109ab587803092374591d1ec22e8f40fb7.zip |
Support token API authentication
Diffstat (limited to 'src/main/java/org')
-rw-r--r-- | src/main/java/org/traccar/api/security/SecurityRequestFilter.java | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/src/main/java/org/traccar/api/security/SecurityRequestFilter.java b/src/main/java/org/traccar/api/security/SecurityRequestFilter.java index eaf5b28c4..ada7bf997 100644 --- a/src/main/java/org/traccar/api/security/SecurityRequestFilter.java +++ b/src/main/java/org/traccar/api/security/SecurityRequestFilter.java @@ -43,6 +43,7 @@ public class SecurityRequestFilter implements ContainerRequestFilter { public static final String AUTHORIZATION_HEADER = "Authorization"; public static final String WWW_AUTHENTICATE = "WWW-Authenticate"; public static final String BASIC_REALM = "Basic realm=\"api\""; + public static final String BEARER_PREFIX = "Bearer "; public static final String X_REQUESTED_WITH = "X-Requested-With"; public static final String XML_HTTP_REQUEST = "XMLHttpRequest"; @@ -82,8 +83,13 @@ public class SecurityRequestFilter implements ContainerRequestFilter { if (authHeader != null) { try { - String[] auth = decodeBasicAuth(authHeader); - User user = loginService.login(auth[0], auth[1]); + User user; + if (authHeader.startsWith(BEARER_PREFIX)) { + user = loginService.login(authHeader.substring(BEARER_PREFIX.length())); + } else { + String[] auth = decodeBasicAuth(authHeader); + user = loginService.login(auth[0], auth[1]); + } if (user != null) { statisticsManager.registerRequest(user.getId()); securityContext = new UserSecurityContext(new UserPrincipal(user.getId())); |