You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by ra...@apache.org on 2019/01/09 17:25:56 UTC
[tomee] 08/48: TOMEE-2365 - Added credentials API for Basic Auth.
This is an automated email from the ASF dual-hosted git repository.
radcortez pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomee.git
commit cdd673a8c4f78daddaec6f5080acd13edabb5856
Author: Roberto Cortez <ra...@yahoo.com>
AuthorDate: Tue Dec 18 18:03:37 2018 +0000
TOMEE-2365 - Added credentials API for Basic Auth.
---
.../credential/AbstractClearableCredential.java | 39 +++++++++++++
.../credential/BasicAuthenticationCredential.java | 67 ++++++++++++++++++++++
.../security/enterprise/credential/Password.java | 56 ++++++++++++++++++
.../credential/UsernamePasswordCredential.java | 54 +++++++++++++++++
4 files changed, 216 insertions(+)
diff --git a/tomee/tomee-security/src/main/java/javax/security/enterprise/credential/AbstractClearableCredential.java b/tomee/tomee-security/src/main/java/javax/security/enterprise/credential/AbstractClearableCredential.java
new file mode 100644
index 0000000..8b9ac9c
--- /dev/null
+++ b/tomee/tomee-security/src/main/java/javax/security/enterprise/credential/AbstractClearableCredential.java
@@ -0,0 +1,39 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package javax.security.enterprise.credential;
+
+public abstract class AbstractClearableCredential implements Credential {
+
+ private volatile boolean cleared = false;
+
+ @Override
+ public final boolean isCleared() {
+ return cleared;
+ }
+
+ protected final void setCleared() {
+ this.cleared = true;
+ }
+
+ @Override
+ public final void clear() {
+ clearCredential();
+ setCleared();
+ }
+
+ protected abstract void clearCredential();
+}
diff --git a/tomee/tomee-security/src/main/java/javax/security/enterprise/credential/BasicAuthenticationCredential.java b/tomee/tomee-security/src/main/java/javax/security/enterprise/credential/BasicAuthenticationCredential.java
new file mode 100644
index 0000000..404cc3c
--- /dev/null
+++ b/tomee/tomee-security/src/main/java/javax/security/enterprise/credential/BasicAuthenticationCredential.java
@@ -0,0 +1,67 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package javax.security.enterprise.credential;
+
+import java.io.UnsupportedEncodingException;
+import java.util.Base64;
+
+public class BasicAuthenticationCredential extends UsernamePasswordCredential {
+
+ public BasicAuthenticationCredential(String authorizationHeader) {
+ super(parseUsername(authorizationHeader), parsePassword(authorizationHeader));
+ }
+
+ private static String decodeHeader(String authorizationHeader) {
+ final String BASIC_AUTH_CHARSET = "US-ASCII";
+
+ if (null == authorizationHeader) {
+ throw new NullPointerException("authorization header");
+ }
+
+ if (authorizationHeader.isEmpty()) {
+ throw new IllegalArgumentException("authorization header is empty");
+ }
+
+ final Base64.Decoder decoder = Base64.getMimeDecoder();
+ byte[] decodedBytes = decoder.decode(authorizationHeader);
+ try {
+ return new String(decodedBytes, BASIC_AUTH_CHARSET);
+ } catch (UnsupportedEncodingException e) {
+ throw new IllegalStateException("Unknown Charset: " + BASIC_AUTH_CHARSET, e);
+ }
+ }
+
+ private static String parseUsername(String authorizationHeader) {
+ String decodedAuthorizationHeader = decodeHeader(authorizationHeader);
+ int delimiterIndex = decodedAuthorizationHeader.indexOf(':');
+ if (delimiterIndex > -1) {
+ return decodedAuthorizationHeader.substring(0, delimiterIndex);
+ } else {
+ return decodedAuthorizationHeader;
+ }
+ }
+
+ private static Password parsePassword(String authorizationHeader) {
+ String decodedAuthorizationHeader = decodeHeader(authorizationHeader);
+ int delimiterIndex = decodedAuthorizationHeader.indexOf(':');
+ if (delimiterIndex > -1) {
+ return new Password(decodedAuthorizationHeader.substring(delimiterIndex + 1));
+ } else {
+ return new Password("");
+ }
+ }
+}
diff --git a/tomee/tomee-security/src/main/java/javax/security/enterprise/credential/Password.java b/tomee/tomee-security/src/main/java/javax/security/enterprise/credential/Password.java
new file mode 100644
index 0000000..b52c429
--- /dev/null
+++ b/tomee/tomee-security/src/main/java/javax/security/enterprise/credential/Password.java
@@ -0,0 +1,56 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package javax.security.enterprise.credential;
+
+import java.util.Arrays;
+
+import static java.util.Arrays.copyOf;
+import static java.util.Objects.requireNonNull;
+
+public class Password {
+ private static final char[] EMPTY_VALUE = new char[0];
+ private volatile char[] value;
+
+ public Password(char[] value) {
+ requireNonNull(value, "Password value may not be null");
+
+ this.value = copyOf(value, value.length);
+ }
+
+ public Password(String value) {
+ this(null == value ? null : value.toCharArray());
+ }
+
+ public char[] getValue() {
+ return value;
+ }
+
+ public void clear() {
+ if (EMPTY_VALUE == value) { return; }
+
+ char[] tempValue = value;
+ value = EMPTY_VALUE;
+
+ for (int i = 0; i < tempValue.length; i++) {
+ tempValue[i] = 0x00;
+ }
+ }
+
+ public boolean compareTo(String password) {
+ return password != null && Arrays.equals(password.toCharArray(), value);
+ }
+}
diff --git a/tomee/tomee-security/src/main/java/javax/security/enterprise/credential/UsernamePasswordCredential.java b/tomee/tomee-security/src/main/java/javax/security/enterprise/credential/UsernamePasswordCredential.java
new file mode 100644
index 0000000..6521397
--- /dev/null
+++ b/tomee/tomee-security/src/main/java/javax/security/enterprise/credential/UsernamePasswordCredential.java
@@ -0,0 +1,54 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package javax.security.enterprise.credential;
+
+public class UsernamePasswordCredential extends AbstractClearableCredential {
+
+ private final String caller;
+ private final Password password;
+
+ public UsernamePasswordCredential(String callerName, String password) {
+ this.caller = callerName;
+ this.password = new Password(password);
+ }
+
+ public UsernamePasswordCredential(String callerName, Password password) {
+ this.caller = callerName;
+ this.password = password;
+ }
+
+ public Password getPassword() {
+ return password;
+ }
+
+ public String getPasswordAsString() {
+ return String.valueOf(getPassword().getValue());
+ }
+
+ @Override
+ public void clearCredential() {
+ password.clear();
+ }
+
+ public String getCaller() {
+ return caller;
+ }
+
+ public boolean compareTo(String callerName, String password) {
+ return getCaller().equals(callerName) && getPassword().compareTo(password);
+ }
+}