Gitiles
Code Review Sign In
korap.ids-mannheim.de / KorAP / Kustvakt / 387e468c9d407f92edef37322a876912fa12a89f / . / src / main / java / de / ids_mannheim / korap / authentication / http / HttpAuthorizationHandler.java
blob: 241e9ce1efb11e8eb7c94510734f85320f400335 [file] [log] [blame]
margaretha56e8e552017-12-05 16:31:21 +0100[diff] [blame]1package de.ids_mannheim.korap.authentication.http;
margaretha4b5c1412017-11-15 20:55:04 +0100[diff] [blame]2
margaretha4b5c1412017-11-15 20:55:04 +0100[diff] [blame]3import org.springframework.stereotype.Component;
4
margaretha0e8f4e72018-04-05 14:11:52 +0200[diff] [blame]5import de.ids_mannheim.korap.constant.AuthenticationScheme;
margaretha4b5c1412017-11-15 20:55:04 +0100[diff] [blame]6import de.ids_mannheim.korap.exceptions.KustvaktException;
7import de.ids_mannheim.korap.exceptions.StatusCodes;
8import de.ids_mannheim.korap.utils.ParameterChecker;
9
margaretha4b0eb3d2019-04-11 10:25:56 +0200[diff] [blame]10/**
11 * Implementation of Basic HTTP authentication scheme (see RFC 7253
12 * and 7617) for client asking for authorization and sending user
13 * data.
margaretha4b5c1412017-11-15 20:55:04 +0100[diff] [blame]14 *
15 * @author margaretha
16 *
17 */
18@Component
19public class HttpAuthorizationHandler {
20
margaretha4b0eb3d2019-04-11 10:25:56 +0200[diff] [blame]21 public static String createBasicAuthorizationHeaderValue (String username,
margaretha2afb97d2017-12-07 19:18:44 +0100[diff] [blame]22 String password) throws KustvaktException {
margaretha4b5c1412017-11-15 20:55:04 +0100[diff] [blame]23 ParameterChecker.checkStringValue(username, "username");
24 ParameterChecker.checkStringValue(password, "password");
25
margaretha064eb6f2018-07-10 18:33:01 +0200[diff] [blame]26 String credentials = TransferEncoding.encodeBase64(username, password);
margaretha4b0eb3d2019-04-11 10:25:56 +0200[diff] [blame]27 return AuthenticationScheme.BASIC.displayName() + " " + credentials;
margaretha4b5c1412017-11-15 20:55:04 +0100[diff] [blame]28 }
29
margaretha2afb97d2017-12-07 19:18:44 +0100[diff] [blame]30 public AuthorizationData parseAuthorizationHeaderValue (
margaretha4b5c1412017-11-15 20:55:04 +0100[diff] [blame]31 String authorizationHeader) throws KustvaktException {
32 ParameterChecker.checkStringValue(authorizationHeader,
33 "authorization header");
34
35 String[] values = authorizationHeader.split(" ");
36 if (values.length != 2) {
margaretha56e8e552017-12-05 16:31:21 +0100[diff] [blame]37 throw new KustvaktException(StatusCodes.AUTHENTICATION_FAILED,
margaretha4b5c1412017-11-15 20:55:04 +0100[diff] [blame]38 "Cannot parse authorization header value "
39 + authorizationHeader
40 + ". Use this format: [authentication "
margarethad1ef4d92023-04-03 17:20:27 +0200[diff] [blame]41 + "scheme] [authentication token]",
margaretha4b5c1412017-11-15 20:55:04 +0100[diff] [blame]42 authorizationHeader);
43 }
44
45 AuthorizationData data = new AuthorizationData();
margaretha4b0eb3d2019-04-11 10:25:56 +0200[diff] [blame]46 String scheme = values[0];
47 try {
48 data.setAuthenticationScheme(
49 AuthenticationScheme.valueOf(scheme.toUpperCase()));
50 }
51 catch (IllegalArgumentException e) {
52 throw new KustvaktException(StatusCodes.AUTHENTICATION_FAILED,
53 "Authentication scheme is not supported.", scheme);
54 }
margaretha4b5c1412017-11-15 20:55:04 +0100[diff] [blame]55 data.setToken(values[1]);
56 return data;
57 }
58
margaretha2afb97d2017-12-07 19:18:44 +0100[diff] [blame]59 public AuthorizationData parseBasicToken (AuthorizationData data)
margaretha56e8e552017-12-05 16:31:21 +0100[diff] [blame]60 throws KustvaktException {
margaretha064eb6f2018-07-10 18:33:01 +0200[diff] [blame]61 String[] credentials = TransferEncoding.decodeBase64(data.getToken());
margarethacd206792017-11-17 14:48:09 +0100[diff] [blame]62 data.setUsername(credentials[0]);
63 data.setPassword(credentials[1]);
64 return data;
margaretha4b5c1412017-11-15 20:55:04 +0100[diff] [blame]65 }
margaretha4b5c1412017-11-15 20:55:04 +0100[diff] [blame]66}