[Fix] Fixed Basic auth
This commit is contained in:
parent
3727bdca70
commit
2e904754ab
|
@ -17,8 +17,7 @@ package li.strolch.rest.filters;
|
||||||
|
|
||||||
import static li.strolch.rest.StrolchRestfulConstants.STROLCH_CERTIFICATE;
|
import static li.strolch.rest.StrolchRestfulConstants.STROLCH_CERTIFICATE;
|
||||||
import static li.strolch.rest.StrolchRestfulConstants.STROLCH_REQUEST_SOURCE;
|
import static li.strolch.rest.StrolchRestfulConstants.STROLCH_REQUEST_SOURCE;
|
||||||
import static li.strolch.utils.helper.StringHelper.isEmpty;
|
import static li.strolch.utils.helper.StringHelper.*;
|
||||||
import static li.strolch.utils.helper.StringHelper.isNotEmpty;
|
|
||||||
|
|
||||||
import javax.annotation.Priority;
|
import javax.annotation.Priority;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
@ -153,31 +152,22 @@ public class AuthenticationRequestFilter implements ContainerRequestFilter {
|
||||||
* authorization token
|
* authorization token
|
||||||
*/
|
*/
|
||||||
protected Certificate validateSession(ContainerRequestContext requestContext, String remoteIp) {
|
protected Certificate validateSession(ContainerRequestContext requestContext, String remoteIp) {
|
||||||
|
|
||||||
String authorization = requestContext.getHeaderString(HttpHeaders.AUTHORIZATION);
|
String authorization = requestContext.getHeaderString(HttpHeaders.AUTHORIZATION);
|
||||||
authorization = authorization == null ? "" : authorization.trim();
|
authorization = trimOrEmpty(authorization);
|
||||||
|
|
||||||
if (isEmpty(authorization) || (authorization.startsWith("Basic ") && !getRestful().isBasicAuthEnabled())) {
|
if (authorization.isEmpty())
|
||||||
return validateCookie(requestContext, remoteIp);
|
return validateCookie(requestContext, remoteIp);
|
||||||
}
|
|
||||||
|
|
||||||
boolean basicAuth = authorization.startsWith("Basic ");
|
if (authorization.startsWith("Basic ")) {
|
||||||
if (basicAuth) {
|
if (!getRestful().isBasicAuthEnabled()) {
|
||||||
|
logger.error("Basic Auth is not available for URL " + requestContext.getUriInfo().getPath());
|
||||||
|
requestContext.abortWith(Response.status(Response.Status.FORBIDDEN)
|
||||||
|
.header(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN).entity("Basic Auth not available")
|
||||||
|
.build());
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
// do basic auth, if enabled
|
return authenticateBasic(requestContext, authorization, remoteIp);
|
||||||
if (getRestful().isBasicAuthEnabled())
|
|
||||||
return authenticateBasic(requestContext, authorization, remoteIp);
|
|
||||||
|
|
||||||
// otherwise see if we can do cookie auth
|
|
||||||
String sessionId = getSessionIdFromCookie(requestContext);
|
|
||||||
if (!sessionId.isEmpty())
|
|
||||||
return validateCertificate(requestContext, sessionId, remoteIp);
|
|
||||||
|
|
||||||
logger.error("Basic Auth not enabled. Can not process URL " + requestContext.getUriInfo().getPath());
|
|
||||||
requestContext.abortWith(
|
|
||||||
Response.status(Response.Status.FORBIDDEN).header(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN)
|
|
||||||
.entity("Basic Auth not enabled").build());
|
|
||||||
return null;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return validateCertificate(requestContext, authorization, remoteIp);
|
return validateCertificate(requestContext, authorization, remoteIp);
|
||||||
|
|
Loading…
Reference in New Issue