Archives/Athou_commafeed
1
0
Fork 1
mirror of https://github.com/Athou/commafeed.git synced 2026-03-21 21:37:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

use basic authentication if cookie is not found

Browse Source
This commit is contained in:
Athou
2013-04-19 10:39:13 +02:00
parent 185c5de7af
commit 1ba9d32c9f
1 changed files with 26 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
src/main/java/com/commafeed/frontend/rest/resources/AbstractREST.java
View File

@@ -12,6 +12,7 @@ import javax.ws.rs.Consumes;
import javax.ws.rs.Produces; import javax.ws.rs.Produces;
import javax.ws.rs.WebApplicationException; import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context; import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response; import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status; import javax.ws.rs.core.Response.Status;
@@ -22,6 +23,7 @@ import org.apache.wicket.authroles.authorization.strategies.role.Roles;
import org.apache.wicket.protocol.http.servlet.ServletWebRequest; import org.apache.wicket.protocol.http.servlet.ServletWebRequest;
import org.apache.wicket.protocol.http.servlet.ServletWebResponse; import org.apache.wicket.protocol.http.servlet.ServletWebResponse;
import org.apache.wicket.request.cycle.RequestCycle; import org.apache.wicket.request.cycle.RequestCycle;
import org.apache.wicket.util.crypt.Base64;
import com.commafeed.backend.MetricsBean; import com.commafeed.backend.MetricsBean;
import com.commafeed.backend.dao.FeedCategoryDAO; import com.commafeed.backend.dao.FeedCategoryDAO;
@@ -48,6 +50,7 @@ import com.commafeed.frontend.SecurityCheck;
@Produces(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON)
public abstract class AbstractREST { public abstract class AbstractREST {
@Context @Context
HttpServletRequest request; HttpServletRequest request;
@@ -118,9 +121,18 @@ public abstract class AbstractREST {
String[] data = authenticationStrategy.load(); String[] data = authenticationStrategy.load();
if (data != null && data.length > 1) { if (data != null && data.length > 1) {
session.signIn(data[0], data[1]); session.signIn(data[0], data[1]);
} else {
String value = swreq.getHeader(HttpHeaders.AUTHORIZATION);
if (value != null && value.startsWith("Basic ")) {
value = value.substring(6);
String decoded = new String(Base64.decodeBase64(value));
data = decoded.split(":");
if (data != null && data.length > 1) {
session.signIn(data[0], data[1]);
}
}
} }
} }
} }
protected User getUser() { protected User getUser() {
@@ -144,8 +156,18 @@ public abstract class AbstractREST {
SecurityCheck.class)); SecurityCheck.class));
} }
if (!allowed) { if (!allowed) {
throw new WebApplicationException(Response.status(Status.FORBIDDEN) if (user == null) {
.entity("You are not authorized to do this.").build()); throw new WebApplicationException(Response
.status(Status.UNAUTHORIZED)
.entity("You are not authorized to do this.")
.header(HttpHeaders.WWW_AUTHENTICATE,
"Basic realm=\"CommaFeed\"").build());
} else {
throw new WebApplicationException(Response
.status(Status.FORBIDDEN)
.entity("You are not authorized to do this.").build());
}
} }
return context.proceed(); return context.proceed();