diff options
Diffstat (limited to 'branches/sca-java-1.5/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/util/HttpSecurityUtil.java')
-rw-r--r-- | branches/sca-java-1.5/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/util/HttpSecurityUtil.java | 124 |
1 files changed, 0 insertions, 124 deletions
diff --git a/branches/sca-java-1.5/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/util/HttpSecurityUtil.java b/branches/sca-java-1.5/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/util/HttpSecurityUtil.java deleted file mode 100644 index 88b2ee9fce..0000000000 --- a/branches/sca-java-1.5/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/util/HttpSecurityUtil.java +++ /dev/null @@ -1,124 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.tuscany.sca.policy.security.http.util; - -import java.util.StringTokenizer; - -import javax.security.auth.Subject; -import javax.servlet.http.HttpServletRequest; - -import org.apache.commons.codec.binary.Base64; -import org.apache.tuscany.sca.invocation.Message; -import org.apache.tuscany.sca.policy.authentication.basic.BasicAuthenticationPrincipal; - -/** - * - * @version $Rev$ $Date$ - */ -public class HttpSecurityUtil { - - /** - * Check if Authorization header is available - * @param request - * @param response - * @return - */ - public static boolean hasAuthorizationHeader(HttpServletRequest request) { - boolean result = false; - if(request.getHeader("Authorization") != null) { - result = true; - } - - return result; - } - - /** - * - * @param request - * @param response - * @return - */ - public static String getAuthorizationHeader(HttpServletRequest request) { - return request.getHeader("Authorization"); - } - - public static Subject getSubject(Message msg){ - - Subject subject = null; - HttpServletRequest request = null; - - for (Object header : msg.getHeaders()){ - if (header instanceof Subject){ - subject = (Subject)header; - break; - } else if( header instanceof HttpServletRequest) { - request = (HttpServletRequest) header; - } - } - - //if there is no subject, but request is available - //try to build a subject from authorization header - if (subject == null & request != null) { - if ( hasAuthorizationHeader(request)) { - subject = getSubject(getAuthorizationHeader(request)); - } - - } - if (subject == null){ - subject = new Subject(); - msg.getHeaders().add(subject); - } - - return subject; - - } - - public static Subject getSubject(String httpAuthorizationHeader){ - - - // get the security context - Subject subject = new Subject(); - String user = null; - String password = null; - - if (httpAuthorizationHeader != null) { - StringTokenizer tokens = new StringTokenizer(httpAuthorizationHeader); - if (tokens.hasMoreTokens()) { - String basic = tokens.nextToken(); - if (basic.equalsIgnoreCase("Basic")) { - String credentials = tokens.nextToken(); - String userAndPassword = new String(Base64.decodeBase64(credentials.getBytes())); - int colon = userAndPassword.indexOf(":"); - if (colon != -1) { - user = userAndPassword.substring(0, colon); - password = userAndPassword.substring(colon + 1); - } - } - } - } - - if(user != null && password != null) { - BasicAuthenticationPrincipal principal = new BasicAuthenticationPrincipal(user, password); - subject.getPrincipals().add(principal); - } - - return subject; - } -} |