Coverage Report - org.mule.transport.http.filters.HttpBasicAuthenticationFilter
 
Classes in this File Line Coverage Branch Coverage Complexity
HttpBasicAuthenticationFilter
0%
0/74
0%
0/28
0
 
 1  
 /*
 2  
  * Copyright (c) MuleSoft, Inc.  All rights reserved.  http://www.mulesoft.com
 3  
  * The software in this package is published under the terms of the CPAL v1.0
 4  
  * license, a copy of which has been included with this distribution in the
 5  
  * LICENSE.txt file.
 6  
  */
 7  
 package org.mule.transport.http.filters;
 8  
 
 9  
 import org.mule.api.MuleEvent;
 10  
 import org.mule.api.MuleMessage;
 11  
 import org.mule.api.lifecycle.InitialisationException;
 12  
 import org.mule.api.security.Authentication;
 13  
 import org.mule.api.security.SecurityContext;
 14  
 import org.mule.api.security.SecurityException;
 15  
 import org.mule.api.security.SecurityProviderNotFoundException;
 16  
 import org.mule.api.security.UnauthorisedException;
 17  
 import org.mule.api.security.UnknownAuthenticationTypeException;
 18  
 import org.mule.api.security.UnsupportedAuthenticationSchemeException;
 19  
 import org.mule.config.i18n.CoreMessages;
 20  
 import org.mule.security.AbstractEndpointSecurityFilter;
 21  
 import org.mule.security.DefaultMuleAuthentication;
 22  
 import org.mule.security.MuleCredentials;
 23  
 import org.mule.transport.http.HttpConnector;
 24  
 import org.mule.transport.http.HttpConstants;
 25  
 import org.mule.transport.http.i18n.HttpMessages;
 26  
 
 27  
 import org.apache.commons.codec.binary.Base64;
 28  
 import org.apache.commons.logging.Log;
 29  
 import org.apache.commons.logging.LogFactory;
 30  
 
 31  
 
 32  
 /**
 33  
  * <code>HttpBasicAuthenticationFilter</code> TODO
 34  
  */
 35  
 public class HttpBasicAuthenticationFilter extends AbstractEndpointSecurityFilter
 36  
 {
 37  
     /**
 38  
      * logger used by this class
 39  
      */
 40  0
     protected static final Log logger = LogFactory.getLog(HttpBasicAuthenticationFilter.class);
 41  
 
 42  
     private String realm;
 43  
 
 44  0
     private boolean realmRequired = true;
 45  
 
 46  
     public HttpBasicAuthenticationFilter()
 47  
     {
 48  0
         super();
 49  0
     }
 50  
 
 51  
     public HttpBasicAuthenticationFilter(String realm)
 52  0
     {
 53  0
         this.realm = realm;
 54  0
     }
 55  
 
 56  
     @Override
 57  
     protected void doInitialise() throws InitialisationException
 58  
     {
 59  0
         if (realm == null)
 60  
         {
 61  0
             if (isRealmRequired())
 62  
             {
 63  0
                 throw new InitialisationException(HttpMessages.authRealmMustBeSetOnFilter(), this);
 64  
             }
 65  
             else
 66  
             {
 67  0
                 logger.warn("There is no security realm set, using default: null");
 68  
             }
 69  
         }
 70  0
     }
 71  
 
 72  
     public String getRealm()
 73  
     {
 74  0
         return realm;
 75  
     }
 76  
 
 77  
     public void setRealm(String realm)
 78  
     {
 79  0
         this.realm = realm;
 80  0
     }
 81  
 
 82  
     public boolean isRealmRequired()
 83  
     {
 84  0
         return realmRequired;
 85  
     }
 86  
 
 87  
     public void setRealmRequired(boolean realmRequired)
 88  
     {
 89  0
         this.realmRequired = realmRequired;
 90  0
     }
 91  
 
 92  
     /**
 93  
      * Authenticates the current message if authenticate is set to true. This method
 94  
      * will always populate the secure context in the session
 95  
      *
 96  
      * @param event the current message recieved
 97  
      * @throws org.mule.api.security.SecurityException if authentication fails
 98  
      */
 99  
     @Override
 100  
     public void authenticateInbound(MuleEvent event)
 101  
         throws SecurityException, SecurityProviderNotFoundException, UnknownAuthenticationTypeException
 102  
     {
 103  0
         String header = event.getMessage().getInboundProperty(HttpConstants.HEADER_AUTHORIZATION);
 104  
 
 105  0
         if (logger.isDebugEnabled())
 106  
         {
 107  0
             logger.debug("Authorization header: " + header);
 108  
         }
 109  
 
 110  0
         if ((header != null) && header.startsWith("Basic "))
 111  
         {
 112  0
             String base64Token = header.substring(6);
 113  0
             String token = new String(Base64.decodeBase64(base64Token.getBytes()));
 114  
 
 115  0
             String username = "";
 116  0
             String password = "";
 117  0
             int delim = token.indexOf(":");
 118  
 
 119  0
             if (delim != -1)
 120  
             {
 121  0
                 username = token.substring(0, delim);
 122  0
                 password = token.substring(delim + 1);
 123  
             }
 124  
 
 125  
             Authentication authResult;
 126  0
             Authentication authentication = createAuthentication(username, password, event);
 127  
 
 128  
             try
 129  
             {
 130  0
                 authResult = getSecurityManager().authenticate(authentication);
 131  
             }
 132  0
             catch (UnauthorisedException e)
 133  
             {
 134  
                 // Authentication failed
 135  0
                 if (logger.isDebugEnabled())
 136  
                 {
 137  0
                     logger.debug("Authentication request for user: " + username + " failed: " + e.toString());
 138  
                 }
 139  0
                 setUnauthenticated(event);
 140  0
                 throw new UnauthorisedException(CoreMessages.authFailedForUser(username), e);
 141  0
             }
 142  
 
 143  
             // Authentication success
 144  0
             if (logger.isDebugEnabled())
 145  
             {
 146  0
                 logger.debug("Authentication success: " + authResult.toString());
 147  
             }
 148  
 
 149  0
             SecurityContext context = getSecurityManager().createSecurityContext(authResult);
 150  0
             context.setAuthentication(authResult);
 151  0
             event.getSession().setSecurityContext(context);
 152  0
         }
 153  0
         else if (header == null)
 154  
         {
 155  0
             setUnauthenticated(event);
 156  0
             throw new UnauthorisedException(event, event.getSession().getSecurityContext(), this);
 157  
         }
 158  
         else
 159  
         {
 160  0
             setUnauthenticated(event);
 161  0
             throw new UnsupportedAuthenticationSchemeException(
 162  
                 HttpMessages.basicFilterCannotHandleHeader(header), event);
 163  
         }
 164  0
     }
 165  
 
 166  
     protected Authentication createAuthentication(String username, String password, MuleEvent event)
 167  
     {
 168  0
         return new DefaultMuleAuthentication(new MuleCredentials(username, password.toCharArray()));
 169  
     }
 170  
 
 171  
     protected void setUnauthenticated(MuleEvent event)
 172  
     {
 173  0
         String realmHeader = "Basic realm=";
 174  0
         if (realm != null)
 175  
         {
 176  0
             realmHeader += "\"" + realm + "\"";
 177  
         }
 178  0
         MuleMessage msg = event.getMessage();
 179  0
         msg.setOutboundProperty(HttpConstants.HEADER_WWW_AUTHENTICATE, realmHeader);
 180  0
         msg.setOutboundProperty(HttpConnector.HTTP_STATUS_PROPERTY, HttpConstants.SC_UNAUTHORIZED);
 181  0
     }
 182  
 
 183  
     /**
 184  
      * Authenticates the current message if authenticate is set to true. This method
 185  
      * will always populate the secure context in the session
 186  
      *
 187  
      * @param event the current event being dispatched
 188  
      * @throws org.mule.api.security.SecurityException if authentication fails
 189  
      */
 190  
     @Override
 191  
     public void authenticateOutbound(MuleEvent event)
 192  
         throws SecurityException, SecurityProviderNotFoundException
 193  
     {
 194  0
         SecurityContext securityContext = event.getSession().getSecurityContext();
 195  0
         if (securityContext == null)
 196  
         {
 197  0
             if (isAuthenticate())
 198  
             {
 199  0
                 throw new UnauthorisedException(event, securityContext, this);
 200  
             }
 201  
             else
 202  
             {
 203  0
                 return;
 204  
             }
 205  
         }
 206  
 
 207  0
         Authentication auth = securityContext.getAuthentication();
 208  0
         if (isAuthenticate())
 209  
         {
 210  0
             auth = getSecurityManager().authenticate(auth);
 211  0
             if (logger.isDebugEnabled())
 212  
             {
 213  0
                 logger.debug("Authentication success: " + auth.toString());
 214  
             }
 215  
         }
 216  
 
 217  0
         StringBuffer header = new StringBuffer(128);
 218  0
         header.append("Basic ");
 219  0
         String token = auth.getCredentials().toString();
 220  0
         header.append(new String(Base64.encodeBase64(token.getBytes())));
 221  
 
 222  0
         event.getMessage().setOutboundProperty(HttpConstants.HEADER_AUTHORIZATION, header.toString());
 223  0
     }
 224  
 
 225  
 }