private boolean whitelisted(String path) {
for (UriPathWildcardMatcher pattern : whitelist) {
if (pattern.matches(path)) {
return true;
}
}
return false;
}
@Override
public void doFilter(
ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
throws IOException, ServletException {
validateRequestType(servletRequest);
validateResponseType(servletResponse);
final HttpServletRequest request = (HttpServletRequest) servletRequest;
final HttpServletResponse response = (HttpServletResponse) servletResponse;
final String path =
request.getContextPath() + (request.getPathInfo() == null ? "" : request.getPathInfo());
if (request.getMethod().equals("OPTIONS") || whitelisted(path)) {
filterChain.doFilter(servletRequest, servletResponse);
return;
}
final String header = request.getHeader(HttpHeaders.AUTHORIZATION);
if (header == null) {
noHeader().writeResponse(response);
return;
}
final String[] usernameAndPassword = extractCredential(header);
if (usernameAndPassword == null) {
badHeader().writeResponse(response);
return;
}
final String username = usernameAndPassword[0];
final String password = usernameAndPassword[1];
switch (authManager.authenticate(username, password)) {
case PASSWORD_CHANGE_REQUIRED:
if (!passwordChangeWhitelist.matches(path)) {
passwordChangeRequired(username, baseURL(request)).writeResponse(response);
return;
}
// fall through
case SUCCESS:
filterChain.doFilter(
new AuthorizedRequestWrapper(BASIC_AUTH, username, request), servletResponse);
return;
case TOO_MANY_ATTEMPTS:
tooManyAttemptes().writeResponse(response);
return;
default:
log.warn(
"Failed authentication attempt for '%s' from %s", username, request.getRemoteAddr());
invalidCredential().writeResponse(response);
return;
}
}