aboutsummaryrefslogtreecommitdiff
path: root/src/main/java/org
diff options
context:
space:
mode:
authorAnton Tananaev <anton@traccar.org>2022-06-22 08:43:50 -0700
committerAnton Tananaev <anton@traccar.org>2022-06-22 08:43:50 -0700
commit6a608f109ab587803092374591d1ec22e8f40fb7 (patch)
tree168c5b57bf46c1428c38629dbc1dfbe7e0e39614 /src/main/java/org
parent1271b2e7a772c8458b567d7f424d5a38365b5d75 (diff)
downloadtrackermap-server-6a608f109ab587803092374591d1ec22e8f40fb7.tar.gz
trackermap-server-6a608f109ab587803092374591d1ec22e8f40fb7.tar.bz2
trackermap-server-6a608f109ab587803092374591d1ec22e8f40fb7.zip
Support token API authentication
Diffstat (limited to 'src/main/java/org')
-rw-r--r--src/main/java/org/traccar/api/security/SecurityRequestFilter.java10
1 files changed, 8 insertions, 2 deletions
diff --git a/src/main/java/org/traccar/api/security/SecurityRequestFilter.java b/src/main/java/org/traccar/api/security/SecurityRequestFilter.java
index eaf5b28c4..ada7bf997 100644
--- a/src/main/java/org/traccar/api/security/SecurityRequestFilter.java
+++ b/src/main/java/org/traccar/api/security/SecurityRequestFilter.java
@@ -43,6 +43,7 @@ public class SecurityRequestFilter implements ContainerRequestFilter {
public static final String AUTHORIZATION_HEADER = "Authorization";
public static final String WWW_AUTHENTICATE = "WWW-Authenticate";
public static final String BASIC_REALM = "Basic realm=\"api\"";
+ public static final String BEARER_PREFIX = "Bearer ";
public static final String X_REQUESTED_WITH = "X-Requested-With";
public static final String XML_HTTP_REQUEST = "XMLHttpRequest";
@@ -82,8 +83,13 @@ public class SecurityRequestFilter implements ContainerRequestFilter {
if (authHeader != null) {
try {
- String[] auth = decodeBasicAuth(authHeader);
- User user = loginService.login(auth[0], auth[1]);
+ User user;
+ if (authHeader.startsWith(BEARER_PREFIX)) {
+ user = loginService.login(authHeader.substring(BEARER_PREFIX.length()));
+ } else {
+ String[] auth = decodeBasicAuth(authHeader);
+ user = loginService.login(auth[0], auth[1]);
+ }
if (user != null) {
statisticsManager.registerRequest(user.getId());
securityContext = new UserSecurityContext(new UserPrincipal(user.getId()));