private SecurityContext basicAuthentication(HttpRequest request, HttpResponse response)
throws IOException {
List<String> headers = request.getHttpHeaders().getRequestHeader(HttpHeaderNames.AUTHORIZATION);
if (!headers.isEmpty()) {
String auth = headers.get(0);
if (auth.length() > 5) {
String type = auth.substring(0, 5);
type = type.toLowerCase();
if ("basic".equals(type)) {
String cookie = auth.substring(6);
cookie = new String(Base64.decodeBase64(cookie.getBytes()));
String[] split = cookie.split(":");
Principal user = null;
try {
user = domain.authenticate(split[0], split[1]);
return new NettySecurityContext(user, domain, "BASIC", true);
} catch (SecurityException e) {
response.sendError(HttpResponseCodes.SC_UNAUTHORIZED);
return null;
}
} else {
response.sendError(HttpResponseCodes.SC_UNAUTHORIZED);
return null;
}
}
}
return null;
}
protected void writeFailure(HttpRequest request, HttpResponse response, Response jaxrsResponse) {
response.reset();
try {
writeJaxrsResponse(request, response, jaxrsResponse);
} catch (WebApplicationException ex) {
if (response.isCommitted())
throw new UnhandledException("Request was committed couldn't handle exception", ex);
// don't think I want to call writeJaxrsResponse infinately! so we'll just write the status
response.reset();
response.setStatus(ex.getResponse().getStatus());
} catch (Exception e1) {
throw new UnhandledException(e1); // we're screwed, can't handle the exception
}
}
public void doWrite(
HttpResponse response,
Object toOutput,
Class type,
Type genericType,
Annotation[] annotations,
MediaType mediaType)
throws IOException {
doWrite(
toOutput,
type,
genericType,
mediaType,
annotations,
response.getOutputHeaders(),
response.getOutputStream());
}
protected void handleWebApplicationException(
HttpRequest request, HttpResponse response, WebApplicationException wae) {
if (!(wae instanceof NoLogWebApplicationException)) logger.error("failed to execute", wae);
if (response.isCommitted())
throw new UnhandledException("Request was committed couldn't handle exception", wae);
writeFailure(request, response, wae.getResponse());
}
public void build(HttpResponse response) {
String origin = request.getHttpHeaders().getRequestHeaders().getFirst(ORIGIN_HEADER);
if (origin == null) {
logger.debug("No origin returning");
return;
}
if (!preflight
&& (allowedOrigins == null
|| (!allowedOrigins.contains(origin)
&& !allowedOrigins.contains(ACCESS_CONTROL_ALLOW_ORIGIN_WILDCARD)))) {
logger.debug("!preflight and no origin");
return;
}
logger.debug("build CORS headers and return");
response.getOutputHeaders().add(ACCESS_CONTROL_ALLOW_ORIGIN, origin);
if (preflight) {
if (allowedMethods != null) {
response
.getOutputHeaders()
.add(ACCESS_CONTROL_ALLOW_METHODS, CollectionUtil.join(allowedMethods));
} else {
response.getOutputHeaders().add(ACCESS_CONTROL_ALLOW_METHODS, DEFAULT_ALLOW_METHODS);
}
}
if (!preflight && exposedHeaders != null) {
response
.getOutputHeaders()
.add(ACCESS_CONTROL_EXPOSE_HEADERS, CollectionUtil.join(exposedHeaders));
}
response.getOutputHeaders().add(ACCESS_CONTROL_ALLOW_CREDENTIALS, Boolean.toString(auth));
if (preflight) {
if (auth) {
response
.getOutputHeaders()
.add(
ACCESS_CONTROL_ALLOW_HEADERS,
String.format("%s, %s", DEFAULT_ALLOW_HEADERS, AUTHORIZATION_HEADER));
} else {
response.getOutputHeaders().add(ACCESS_CONTROL_ALLOW_HEADERS, DEFAULT_ALLOW_HEADERS);
}
}
if (preflight) {
response.getOutputHeaders().add(ACCESS_CONTROL_MAX_AGE, DEFAULT_MAX_AGE);
}
}
protected void handleFailure(HttpRequest request, HttpResponse response, Failure failure) {
if (failure.isLoggable())
logger.error(
"Failed executing " + request.getHttpMethod() + " " + request.getUri().getPath(),
failure);
else
logger.debug(
"Failed executing " + request.getHttpMethod() + " " + request.getUri().getPath(),
failure);
if (failure.getResponse() != null) {
writeFailure(request, response, failure.getResponse());
} else {
try {
if (failure.getMessage() != null) {
response.sendError(failure.getErrorCode(), failure.getMessage());
} else {
response.sendError(failure.getErrorCode());
}
} catch (IOException e1) {
throw new UnhandledException(e1);
}
}
}
