1 /* 2 * $Header: /home/cvs/jakarta-commons/httpclient/src/test/org/apache/commons/httpclient/server/ProxyAuthRequestHandler.java,v 1.1.2.1 2003/12/05 21:02:52 oglueck Exp $ 3 * $Revision: 1.1.2.1 $ 4 * $Date: 2003/12/05 21:02:52 $ 5 * 6 * ==================================================================== 7 * 8 * The Apache Software License, Version 1.1 9 * 10 * Copyright (c) 1999-2003 The Apache Software Foundation. All rights 11 * reserved. 12 * 13 * Redistribution and use in source and binary forms, with or without 14 * modification, are permitted provided that the following conditions 15 * are met: 16 * 17 * 1. Redistributions of source code must retain the above copyright 18 * notice, this list of conditions and the following disclaimer. 19 * 20 * 2. Redistributions in binary form must reproduce the above copyright 21 * notice, this list of conditions and the following disclaimer in 22 * the documentation and/or other materials provided with the 23 * distribution. 24 * 25 * 3. The end-user documentation included with the redistribution, if 26 * any, must include the following acknowlegement: 27 * "This product includes software developed by the 28 * Apache Software Foundation (http://www.apache.org/)." 29 * Alternately, this acknowlegement may appear in the software itself, 30 * if and wherever such third-party acknowlegements normally appear. 31 * 32 * 4. The names "The Jakarta Project", "Commons", and "Apache Software 33 * Foundation" must not be used to endorse or promote products derived 34 * from this software without prior written permission. For written 35 * permission, please contact apache@apache.org. 36 * 37 * 5. Products derived from this software may not be called "Apache" 38 * nor may "Apache" appear in their names without prior written 39 * permission of the Apache Group. 40 * 41 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED 42 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 43 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 44 * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR 45 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 46 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 47 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF 48 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 49 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 50 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 51 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 52 * SUCH DAMAGE. 53 * ==================================================================== 54 * 55 * This software consists of voluntary contributions made by many 56 * individuals on behalf of the Apache Software Foundation. For more 57 * information on the Apache Software Foundation, please see 58 * <http://www.apache.org/>. 59 * 60 * [Additional notices, if required by prior licensing conditions] 61 * 62 */ 63 64 package org.apache.commons.httpclient.server; 65 66 import java.io.IOException; 67 68 import org.apache.commons.httpclient.Credentials; 69 import org.apache.commons.httpclient.Header; 70 import org.apache.commons.httpclient.auth.AuthenticationException; 71 import org.apache.commons.httpclient.auth.BasicScheme; 72 import org.apache.commons.httpclient.auth.HttpAuthenticator; 73 import org.apache.commons.httpclient.auth.MalformedChallengeException; 74 75 /*** 76 * This request handler guards access to a proxy when used in a 77 * request handler chain. It checks the headers for valid credentials 78 * and performs the authentication handshake if necessary. 79 * 80 * @author Ortwin Glueck 81 */ 82 public class ProxyAuthRequestHandler implements HttpRequestHandler { 83 private Credentials credentials; 84 85 /*** 86 * TODO replace creds parameter with a class specific to an auth scheme encapsulating all required information for a specific scheme 87 * @param creds 88 */ 89 public ProxyAuthRequestHandler(Credentials creds) { 90 if (creds == null) throw new IllegalArgumentException("Credentials can not be null"); 91 this.credentials = creds; 92 } 93 94 public boolean processRequest(SimpleHttpServerConnection conn) 95 throws IOException { 96 Header[] headers = conn.getHeaders(); 97 Header clientAuth = findHeader(headers, HttpAuthenticator.PROXY_AUTH_RESP); 98 if (clientAuth != null) { 99 boolean ok = checkAuthorization(clientAuth); 100 if (ok) conn.connectionKeepAlive(); 101 return !ok; 102 } else { 103 performHandshake(conn); 104 } 105 return true; 106 } 107 108 /*** 109 * @param conn 110 */ 111 private void performHandshake(SimpleHttpServerConnection conn) throws IOException { 112 Header challenge = createChallenge(); 113 ResponseWriter out = conn.getWriter(); 114 out.println("HTTP/1.1 407 Proxy Authentication Required"); 115 out.print(challenge.toExternalForm()); 116 out.print(new Header("Proxy-Connection", "Keep-Alive").toExternalForm()); 117 out.print(new Header("Content-Length", "0").toExternalForm()); 118 out.println(); 119 out.flush(); 120 conn.connectionKeepAlive(); 121 } 122 123 /*** 124 * 125 * @return 126 */ 127 private Header createChallenge() { 128 Header header = new Header(); 129 header.setName(HttpAuthenticator.PROXY_AUTH); 130 //TODO add more auth schemes 131 String challenge = "basic realm=test"; 132 header.setValue(challenge); 133 return header; 134 } 135 136 /*** 137 * Checks if the credentials provided by the client match the required credentials 138 * @return true if the client is authorized, false if not. 139 * @param clientAuth 140 */ 141 private boolean checkAuthorization(Header clientAuth) { 142 // TODO Auto-generated method stub 143 BasicScheme scheme; 144 try { 145 scheme = new BasicScheme("basic realm=test"); 146 String expectedAuthString = scheme.authenticate(credentials, null, null); 147 return expectedAuthString.equals(clientAuth.getValue()); 148 } catch (MalformedChallengeException e) { 149 // TODO Auto-generated catch block 150 e.printStackTrace(); 151 } catch (AuthenticationException e) { 152 // TODO Auto-generated catch block 153 e.printStackTrace(); 154 } 155 return false; 156 } 157 158 private Header findHeader(Header[] headers, String name) { 159 for(int i=0; i<headers.length; i++) { 160 Header header = headers[i]; 161 if (header.getName().equalsIgnoreCase(name)) return header; 162 } 163 return null; 164 } 165 166 }

This page was automatically generated by Maven