import org.onap.aaf.cadi.principal.X509Principal;
public class BasicAuthCode extends LocateCode {
- private AAFAuthn<?> authn;
+ private AAFAuthn<?> authn;
- public BasicAuthCode(AAFAuthn<?> authn, LocateFacade facade) {
- super(facade, "AAF Basic Auth",true);
- this.authn = authn;
- }
+ public BasicAuthCode(AAFAuthn<?> authn, LocateFacade facade) {
+ super(facade, "AAF Basic Auth",true);
+ this.authn = authn;
+ }
- @Override
- public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
- Principal p = trans.getUserPrincipal();
- if(p == null) {
- trans.error().log("Transaction not Authenticated... no Principal");
- } else if (p instanceof BasicPrincipal) {
- // the idea is that if call is made with this credential, and it's a BasicPrincipal, it's ok
- // otherwise, it wouldn't have gotten here.
- resp.setStatus(HttpStatus.OK_200);
- return;
- } else if (p instanceof X509Principal) {
- // Since X509Principal has priority, BasicAuth Info might be there, but not validated.
- String ba;
- if((ba=req.getHeader("Authorization"))!=null && ba.startsWith("Basic ")) {
- ba = Symm.base64noSplit.decode(ba.substring(6));
- int colon = ba.indexOf(':');
- if(colon>=0) {
- String err;
- if((err=authn.validate(ba.substring(0, colon), ba.substring(colon+1),trans))==null) {
- resp.setStatus(HttpStatus.OK_200);
- } else {
- trans.audit().log(ba.substring(0,colon),": ",err);
- resp.setStatus(HttpStatus.UNAUTHORIZED_401);
- }
- return;
- }
- }
- }
- trans.checkpoint("Basic Auth Check Failed: This wasn't a Basic Auth Trans");
- // For Auth Security questions, we don't give any info to client on why failed
- resp.setStatus(HttpStatus.FORBIDDEN_403);
- }
+ @Override
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
+ Principal p = trans.getUserPrincipal();
+ if(p == null) {
+ trans.error().log("Transaction not Authenticated... no Principal");
+ } else if (p instanceof BasicPrincipal) {
+ // the idea is that if call is made with this credential, and it's a BasicPrincipal, it's ok
+ // otherwise, it wouldn't have gotten here.
+ resp.setStatus(HttpStatus.OK_200);
+ return;
+ } else if (p instanceof X509Principal) {
+ // Since X509Principal has priority, BasicAuth Info might be there, but not validated.
+ String ba;
+ if((ba=req.getHeader("Authorization"))!=null && ba.startsWith("Basic ")) {
+ ba = Symm.base64noSplit.decode(ba.substring(6));
+ int colon = ba.indexOf(':');
+ if(colon>=0) {
+ String err;
+ if((err=authn.validate(ba.substring(0, colon), ba.substring(colon+1),trans))==null) {
+ resp.setStatus(HttpStatus.OK_200);
+ } else {
+ trans.audit().log(ba.substring(0,colon),": ",err);
+ resp.setStatus(HttpStatus.UNAUTHORIZED_401);
+ }
+ return;
+ }
+ }
+ }
+ trans.checkpoint("Basic Auth Check Failed: This wasn't a Basic Auth Trans");
+ // For Auth Security questions, we don't give any info to client on why failed
+ resp.setStatus(HttpStatus.FORBIDDEN_403);
+ }
}
Code Review / aaf / authz.git / blobdiff