Xinwen Deng / aem-src

SecurityProvider.java 2.35 KB
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 
/*
 * Decompiled with CFR 0_118.
 * 
 * Could not load the following classes:
 *  javax.servlet.http.HttpServletRequest
 *  javax.servlet.http.HttpServletResponse
 *  org.apache.felix.webconsole.WebConsoleSecurityProvider
 *  org.apache.felix.webconsole.WebConsoleSecurityProvider2
 *  org.apache.jackrabbit.util.Base64
 */
package com.day.crx.explorer.impl.compat;

import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.felix.webconsole.WebConsoleSecurityProvider;
import org.apache.felix.webconsole.WebConsoleSecurityProvider2;
import org.apache.jackrabbit.util.Base64;

class SecurityProvider
implements WebConsoleSecurityProvider2 {
    private final WebConsoleSecurityProvider provider;

    public SecurityProvider(WebConsoleSecurityProvider provider) {
        this.provider = provider;
    }

    public boolean authenticate(HttpServletRequest request, HttpServletResponse response) {
        String password;
        int colon;
        String username;
        Object user;
        if (this.provider instanceof WebConsoleSecurityProvider2) {
            WebConsoleSecurityProvider2 wcsp2 = (WebConsoleSecurityProvider2)this.provider;
            return wcsp2.authenticate(request, response);
        }
        String authorization = request.getHeader("Authorization");
        if (authorization != null && (authorization = authorization.trim()).startsWith("Basic ") && (user = this.authenticate(username = (authorization = Base64.decode((String)authorization.substring("Basic ".length()).trim())).substring(0, colon = authorization.indexOf(58)), password = authorization.substring(colon + 1))) != null) {
            request.setAttribute("org.apache.felix.webconsole.user", user);
            return true;
        }
        try {
            response.setHeader("WWW-Authenticate", "Basic realm=\"CRX\"");
            response.sendError(401);
        }
        catch (IOException ignore) {
            // empty catch block
        }
        return false;
    }

    public Object authenticate(String username, String password) {
        if (this.provider != null) {
            return this.provider.authenticate(username, password);
        }
        return false;
    }

    public boolean authorize(Object user, String role) {
        return this.provider != null && this.provider.authorize(user, role);
    }
}