access.log(Level.WARN,"WARNING! BasicAuth has been used over an insecure channel");
}
try {
String temp = Symm.base64noSplit.decode(authz.substring(6));
int colon = temp.lastIndexOf(':');
access.log(Level.WARN,"WARNING! BasicAuth has been used over an insecure channel");
}
try {
String temp = Symm.base64noSplit.decode(authz.substring(6));
int colon = temp.lastIndexOf(':');
user = temp.substring(0,colon);
password = temp.substring(colon+1);
} else {
user = temp.substring(0,colon);
password = temp.substring(colon+1);
} else {
access.encrypt(temp));
return new BasicHttpTafResp(access,null,"Malformed BasicAuth entry",RESP.FAIL,resp,realm,false);
}
access.encrypt(temp));
return new BasicHttpTafResp(access,null,"Malformed BasicAuth entry",RESP.FAIL,resp,realm,false);
}
- if(!rbac.validate(user,Type.PASSWORD,password.getBytes(),req)) {
+ if (!rbac.validate(user,Type.PASSWORD,password.getBytes(),req)) {
return new BasicHttpTafResp(access,null,buildMsg(null,req,"user/pass combo invalid for ",user,"from",req.getRemoteAddr()),
RESP.TRY_AUTHENTICATING,resp,realm,true);
}
return new BasicHttpTafResp(access,null,buildMsg(null,req,"user/pass combo invalid for ",user,"from",req.getRemoteAddr()),
RESP.TRY_AUTHENTICATING,resp,realm,true);
}
pclient.content.password(user, password);
String scope=FQI.reverseDomain(client_id);
Result<TimedToken> rtt = pclient.content.getToken('B',scope);
pclient.content.password(user, password);
String scope=FQI.reverseDomain(client_id);
Result<TimedToken> rtt = pclient.content.getToken('B',scope);
return new BasicHttpTafResp(access,null,"BasicAuth/OAuth Token: Token Expired",RESP.FAIL,resp,realm,true);
} else {
TimedToken tt = rtt.value;
Result<OAuth2Principal> prin = tkMgr.toPrincipal(tt.getAccessToken(), cred);
return new BasicHttpTafResp(access,null,"BasicAuth/OAuth Token: Token Expired",RESP.FAIL,resp,realm,true);
} else {
TimedToken tt = rtt.value;
Result<OAuth2Principal> prin = tkMgr.toPrincipal(tt.getAccessToken(), cred);
return new BasicHttpTafResp(access,prin.value,"BasicAuth/OAuth Token Authentication",RESP.IS_AUTHENTICATED,resp,realm,true);
} else {
return new BasicHttpTafResp(access,null,"BasicAuth/OAuth Token: " + prin.code + ' ' + prin.error,RESP.FAIL,resp,realm,true);
return new BasicHttpTafResp(access,prin.value,"BasicAuth/OAuth Token Authentication",RESP.IS_AUTHENTICATED,resp,realm,true);
} else {
return new BasicHttpTafResp(access,null,"BasicAuth/OAuth Token: " + prin.code + ' ' + prin.error,RESP.FAIL,resp,realm,true);
protected String buildMsg(Principal pr, HttpServletRequest req, Object ... msg) {
StringBuilder sb = new StringBuilder();
protected String buildMsg(Principal pr, HttpServletRequest req, Object ... msg) {
StringBuilder sb = new StringBuilder();
// return Resp.UNVALIDATED;
// }
// return rbac.validate(ba.getName(), Type.PASSWORD, ba.getCred(), state)?Resp.REVALIDATED:Resp.UNVALIDATED;
// return Resp.UNVALIDATED;
// }
// return rbac.validate(ba.getName(), Type.PASSWORD, ba.getCred(), state)?Resp.REVALIDATED:Resp.UNVALIDATED;