protected boolean authenticate(HttpServletRequest request) {
if (provider.isAuthenticated(request.getSession())) return true;
String user = null, pass = null;
String authorization = request.getHeader("Authorization");
if (authorization != null) {
String userpass = Base64.base64Decode(authorization.substring(6));
user = userpass.substring(0, userpass.indexOf(":"));
pass = userpass.substring(userpass.indexOf(":") + 1);
}
if (provider.authenticate(request.getSession(), user, pass)) {
log.info("Web API authenticated " + request.getSession() + " for user " + user);
if (user != null) {
request.getSession().setAttribute(AUTHENTICATED_USER_SESSION_ATTRIBUTE, user);
}
return true;
}
return false;
}
protected boolean handleLogout(HttpServletRequest request) {
if ("/logout".equals(request.getRequestURI()) || "/v1/logout".equals(request.getRequestURI())) {
log.info(
"Web API logging out "
+ request.getSession()
+ " for user "
+ request.getSession().getAttribute(AUTHENTICATED_USER_SESSION_ATTRIBUTE));
provider.logout(request.getSession());
request.getSession().removeAttribute(AUTHENTICATED_USER_SESSION_ATTRIBUTE);
request.getSession().invalidate();
return true;
}
return false;
}
