/** * Returns an array with all accepted content types. if the root directory was specified. * * @return database */ public String[] produces() { final String accept = req.getHeader("Accept"); if (accept == null) return new String[0]; final String[] acc = accept.split("\\s*,\\s*"); final int as = acc.length; for (int a = 0; a < as; a++) { if (acc[a].indexOf(';') != -1) acc[a] = acc[a].replaceAll("\\w*;.*", ""); } return acc; }
/** * Constructor. * * @param rq request * @param rs response * @param servlet calling servlet instance * @throws IOException I/O exception */ public HTTPContext( final HttpServletRequest rq, final HttpServletResponse rs, final BaseXServlet servlet) throws IOException { req = rq; res = rs; params = new HTTPParams(this); method = rq.getMethod(); final StringBuilder uri = new StringBuilder(req.getRequestURL()); final String qs = req.getQueryString(); if (qs != null) uri.append('?').append(qs); log('[' + method + "] " + uri, null); // set UTF8 as default encoding (can be overwritten) res.setCharacterEncoding(UTF8); segments = decode(toSegments(req.getPathInfo())); // adopt servlet-specific credentials or use global ones final GlobalOptions mprop = context().globalopts; user = servlet.user != null ? servlet.user : mprop.get(GlobalOptions.USER); pass = servlet.pass != null ? servlet.pass : mprop.get(GlobalOptions.PASSWORD); // overwrite credentials with session-specific data final String auth = req.getHeader(AUTHORIZATION); if (auth != null) { final String[] values = auth.split(" "); if (values[0].equals(BASIC)) { final String[] cred = org.basex.util.Base64.decode(values[1]).split(":", 2); if (cred.length != 2) throw new LoginException(NOPASSWD); user = cred[0]; pass = cred[1]; } else { throw new LoginException(WHICHAUTH, values[0]); } } }
/** * Authenticate the user and returns a new client {@link Context} instance. * * @return client context * @throws LoginException login exception */ public Context authenticate() throws LoginException { final byte[] address = token(req.getRemoteAddr()); try { if (user == null || user.isEmpty() || pass == null || pass.isEmpty()) throw new LoginException(NOPASSWD); final Context ctx = new Context(context(), null); ctx.user = ctx.users.get(user); if (ctx.user == null || !ctx.user.password.equals(md5(pass))) throw new LoginException(); context.blocker.remove(address); return ctx; } catch (final LoginException ex) { // delay users with wrong passwords for (int d = context.blocker.delay(address); d > 0; d--) Performance.sleep(100); throw ex; } }
/** * Returns a string with the remote user address. * * @return user address */ private String address() { return req.getRemoteAddr() + ':' + req.getRemotePort(); }
/** * Returns the content type extension of a request (without an optional encoding). * * @return content type */ public String contentTypeExt() { final String ct = req.getContentType(); return ct != null ? ct.replaceFirst("^.*?;\\s*", "") : null; }