[jboss-svn-commits] JBL Code SVN: r21508 - in labs/jbossesb/workspace/dbevenius/security/product/rosetta: tests/src/org/jboss/soa/esb/services/security/auth/http and 1 other directory.
jboss-svn-commits at lists.jboss.org
jboss-svn-commits at lists.jboss.org
Wed Aug 13 08:11:55 EDT 2008
Author: beve
Date: 2008-08-13 08:11:55 -0400 (Wed, 13 Aug 2008)
New Revision: 21508
Added:
labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/auth/http/HttpSecurityInfoExtractor.java
labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/http/HttpSecurityInfoExtractorUnitTest.java
Log:
Added an extractor for Http BASIC authentication.
Added: labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/auth/http/HttpSecurityInfoExtractor.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/auth/http/HttpSecurityInfoExtractor.java (rev 0)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/auth/http/HttpSecurityInfoExtractor.java 2008-08-13 12:11:55 UTC (rev 21508)
@@ -0,0 +1,72 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.soa.esb.services.security.auth.http;
+
+import java.util.HashSet;
+import java.util.Set;
+import javax.servlet.http.HttpServletRequest;
+import org.jboss.soa.esb.services.security.auth.AuthenticationRequest;
+import org.jboss.soa.esb.services.security.auth.AuthenticationRequestImpl;
+import org.jboss.soa.esb.services.security.auth.SecurityInfoExtractor;
+import org.jboss.soa.esb.services.security.principals.User;
+import org.jboss.util.Base64;
+
+/**
+ * Extracts secuirty information from a HttpServletRequest
+ * </p>
+ * Supports BASIC authentication.
+ *
+ * @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
+ *
+ */
+public class HttpSecurityInfoExtractor implements SecurityInfoExtractor<HttpServletRequest>
+{
+
+ public AuthenticationRequest extractSecurityInfo(HttpServletRequest httpRequest)
+ {
+ final String authType = httpRequest.getAuthType();
+ if ( authType == null )
+ return null;
+
+ Set<Object> credentials = new HashSet<Object>();
+ if ( authType.equals("BASIC"))
+ {
+ String auth = httpRequest.getHeader("Authorization");
+ auth = auth.substring(auth.indexOf(" "));
+ // decode the Base64 encoded username:password
+ String decoded = new String( Base64.decode(auth) );
+ final int separator = decoded.indexOf(":");
+ final String username = decoded.substring(0,separator);
+ String pwd = decoded.substring(separator+1,decoded.length());
+ credentials.add( pwd.toCharArray() );
+ pwd = null;
+ decoded = null;
+ return new AuthenticationRequestImpl.Builder(new User(username), credentials ).bulid();
+ }
+ if ( authType.equals("DIGEST"))
+ {
+ // not supported yet.
+ }
+
+ return null;
+ }
+
+}
Added: labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/http/HttpSecurityInfoExtractorUnitTest.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/http/HttpSecurityInfoExtractorUnitTest.java (rev 0)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/http/HttpSecurityInfoExtractorUnitTest.java 2008-08-13 12:11:55 UTC (rev 21508)
@@ -0,0 +1,373 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.soa.esb.services.security.auth.http;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.security.Principal;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Locale;
+import java.util.Map;
+
+import javax.servlet.RequestDispatcher;
+import javax.servlet.ServletInputStream;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+
+import junit.framework.JUnit4TestAdapter;
+
+import org.jboss.soa.esb.services.security.auth.AuthenticationRequest;
+import org.jboss.util.Base64;
+import org.junit.Test;
+
+/**
+ * Unit test for {@link HttpSecurityInfoExtractor}
+ * <p>
+ *
+ * @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
+ * @since 4.4
+ */
+public class HttpSecurityInfoExtractorUnitTest
+{
+ private String username = "Bob";
+ private String password = "Kelso";
+
+ @Test
+ public void extractSecurityInfo() throws IOException
+ {
+ HttpSecurityInfoExtractor extractor = new HttpSecurityInfoExtractor();
+ MockHttpServletRequest httpRequest = new MockHttpServletRequest();
+ httpRequest.setAuthType("BASIC");
+ String userNamePassword= username + ":" + password;
+ String base64Userpass = Base64.encodeBytes(userNamePassword.getBytes());
+ final String authString = "Basic " + base64Userpass;
+
+ httpRequest.addHeader("Authorization", authString);
+ AuthenticationRequest authRequest = extractor.extractSecurityInfo(httpRequest);
+
+ assertNotNull(authRequest);
+ char[] passwd = (char[]) authRequest.getCredentials().iterator().next();
+ assertEquals(password, new String(passwd));
+ assertEquals(username, authRequest.getPrincipal().getName());
+ }
+
+ public static junit.framework.Test suite()
+ {
+ return new JUnit4TestAdapter(HttpSecurityInfoExtractorUnitTest.class);
+ }
+
+ private static class MockHttpServletRequest implements HttpServletRequest
+ {
+ private String authType;
+ private Map<String,String> headers = new HashMap<String,String>();
+
+ public void setAuthType(String authType)
+ {
+ this.authType = authType;
+ }
+
+ public String getAuthType()
+ {
+ return authType;
+ }
+
+ public String getContextPath()
+ {
+ return null;
+ }
+
+ public Cookie[] getCookies()
+ {
+ return null;
+ }
+
+ public long getDateHeader(String arg0)
+ {
+ return 0;
+ }
+
+ public String getHeader(String header)
+ {
+ return headers.get(header);
+ }
+ public void addHeader(final String headerName, final String object)
+ {
+ headers.put(headerName, object);
+ }
+
+ public Enumeration getHeaderNames()
+ {
+ return null;
+ }
+
+ public Enumeration getHeaders(String arg0)
+ {
+ return null;
+ }
+
+ public int getIntHeader(String arg0)
+ {
+ return 0;
+ }
+
+ public String getMethod()
+ {
+ return null;
+ }
+
+ public String getPathInfo()
+ {
+ return null;
+ }
+
+ public String getPathTranslated()
+ {
+ return null;
+ }
+
+ public String getQueryString()
+ {
+ return null;
+ }
+
+ public String getRemoteUser()
+ {
+ return null;
+ }
+
+ public String getRequestURI()
+ {
+ return null;
+ }
+
+ public StringBuffer getRequestURL()
+ {
+ return null;
+ }
+
+ public String getRequestedSessionId()
+ {
+ return null;
+ }
+
+ public String getServletPath()
+ {
+ return null;
+ }
+
+ public HttpSession getSession()
+ {
+ return null;
+ }
+
+ public HttpSession getSession(boolean arg0)
+ {
+ return null;
+ }
+
+ private Principal userPrincipal;
+
+ public void setUserPrincipal(Principal userPrincipal)
+ {
+ this.userPrincipal = userPrincipal;
+ }
+
+ public Principal getUserPrincipal()
+ {
+ return this.userPrincipal;
+ }
+
+ public boolean isRequestedSessionIdFromCookie()
+ {
+ return false;
+ }
+
+ public boolean isRequestedSessionIdFromURL()
+ {
+ return false;
+ }
+
+ public boolean isRequestedSessionIdFromUrl()
+ {
+ return false;
+ }
+
+ public boolean isRequestedSessionIdValid()
+ {
+ return false;
+ }
+
+ public boolean isUserInRole(String arg0)
+ {
+ return false;
+ }
+
+ public Object getAttribute(String arg0)
+ {
+ return null;
+ }
+
+ public Enumeration getAttributeNames()
+ {
+ return null;
+ }
+
+ public String getCharacterEncoding()
+ {
+ return null;
+ }
+
+ public int getContentLength()
+ {
+ return 0;
+ }
+
+ public String getContentType()
+ {
+ return null;
+ }
+
+ public ServletInputStream getInputStream() throws IOException
+ {
+ return null;
+ }
+
+ public String getLocalAddr()
+ {
+ return null;
+ }
+
+ public String getLocalName()
+ {
+ return null;
+ }
+
+ public int getLocalPort()
+ {
+ return 0;
+ }
+
+ public Locale getLocale()
+ {
+ return null;
+ }
+
+ public Enumeration getLocales()
+ {
+ return null;
+ }
+
+ public String getParameter(String arg0)
+ {
+ return null;
+ }
+
+ public Map getParameterMap()
+ {
+ return null;
+ }
+
+ public Enumeration getParameterNames()
+ {
+ return null;
+ }
+
+ public String[] getParameterValues(String arg0)
+ {
+ return null;
+ }
+
+ public String getProtocol()
+ {
+ return null;
+ }
+
+ public BufferedReader getReader() throws IOException
+ {
+ return null;
+ }
+
+ public String getRealPath(String arg0)
+ {
+ return null;
+ }
+
+ public String getRemoteAddr()
+ {
+ return null;
+ }
+
+ public String getRemoteHost()
+ {
+ return null;
+ }
+
+ public int getRemotePort()
+ {
+ return 0;
+ }
+
+ public RequestDispatcher getRequestDispatcher(String arg0)
+ {
+ return null;
+ }
+
+ public String getScheme()
+ {
+ return null;
+ }
+
+ public String getServerName()
+ {
+ return null;
+ }
+
+ public int getServerPort()
+ {
+ return 0;
+ }
+
+ public boolean isSecure()
+ {
+ return false;
+ }
+
+ public void removeAttribute(String arg0)
+ {
+ }
+
+ public void setAttribute(String arg0, Object arg1)
+ {
+ }
+
+ public void setCharacterEncoding(String arg0) throws UnsupportedEncodingException
+ {
+ }
+
+ }
+
+}
More information about the jboss-svn-commits
mailing list