You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@lenya.apache.org by an...@apache.org on 2009/02/03 20:40:41 UTC

svn commit: r740393 - /lenya/branches/BRANCH_2_0_X/src/modules-core/ac/java/src/org/apache/lenya/ac/impl/UserAuthenticator.java

Author: andreas
Date: Tue Feb  3 19:40:41 2009
New Revision: 740393

URL: http://svn.apache.org/viewvc?rev=740393&view=rev
Log:
Consider the Authorization header only if the authorization is basic. Fixes bug 43823.

Modified:
    lenya/branches/BRANCH_2_0_X/src/modules-core/ac/java/src/org/apache/lenya/ac/impl/UserAuthenticator.java

Modified: lenya/branches/BRANCH_2_0_X/src/modules-core/ac/java/src/org/apache/lenya/ac/impl/UserAuthenticator.java
URL: http://svn.apache.org/viewvc/lenya/branches/BRANCH_2_0_X/src/modules-core/ac/java/src/org/apache/lenya/ac/impl/UserAuthenticator.java?rev=740393&r1=740392&r2=740393&view=diff
==============================================================================
--- lenya/branches/BRANCH_2_0_X/src/modules-core/ac/java/src/org/apache/lenya/ac/impl/UserAuthenticator.java (original)
+++ lenya/branches/BRANCH_2_0_X/src/modules-core/ac/java/src/org/apache/lenya/ac/impl/UserAuthenticator.java Tue Feb  3 19:40:41 2009
@@ -41,24 +41,28 @@
     public boolean authenticate(AccreditableManager accreditableManager, Request request)
             throws AccessControlException {
 
-        String encoded = "";
-        String unencoded = "";
-        String username = "";
-        String password = "";
+        String username = null;
+        String password = null;
+        
+        boolean useHeader = false;
         if (request.getHeader("Authorization") != null) {
-            encoded = request.getHeader("Authorization");
-        }
-        if (encoded.indexOf("Basic") > -1) {
-            encoded = encoded.trim();
-            encoded = encoded.substring(encoded.indexOf(' ') + 1);
-            unencoded = new String(Base64.decodeBase64(encoded.getBytes()));
-        }
-        if (unencoded.indexOf(":") - 1 > -1) {
-            username = unencoded.substring(0, unencoded.indexOf(":"));
-            password = unencoded.substring(unencoded.indexOf(":") + 1);
-        }
+            String encoded = request.getHeader("Authorization");
 
-        if (encoded.length() == 0 && request.getParameter("username") != null) {
+            if (encoded.indexOf("Basic") > -1) {
+                encoded = encoded.trim();
+                encoded = encoded.substring(encoded.indexOf(' ') + 1);
+                String unencoded = new String(Base64.decodeBase64(encoded.getBytes()));
+
+                if (unencoded.indexOf(":") - 1 > -1) {
+                    useHeader = true;
+                    username = unencoded.substring(0, unencoded.indexOf(":"));
+                    password = unencoded.substring(unencoded.indexOf(":") + 1);
+                }
+
+            }
+        }
+        
+        if (!useHeader && request.getParameter("username") != null) {
             username = request.getParameter("username").toLowerCase();
             password = request.getParameter("password");
         }



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@lenya.apache.org
For additional commands, e-mail: commits-help@lenya.apache.org