예제 #1
0
 private boolean whitelisted(String path) {
   for (UriPathWildcardMatcher pattern : whitelist) {
     if (pattern.matches(path)) {
       return true;
     }
   }
   return false;
 }
예제 #2
0
  @Override
  public void doFilter(
      ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
      throws IOException, ServletException {
    validateRequestType(servletRequest);
    validateResponseType(servletResponse);

    final HttpServletRequest request = (HttpServletRequest) servletRequest;
    final HttpServletResponse response = (HttpServletResponse) servletResponse;

    final String path =
        request.getContextPath() + (request.getPathInfo() == null ? "" : request.getPathInfo());

    if (request.getMethod().equals("OPTIONS") || whitelisted(path)) {
      filterChain.doFilter(servletRequest, servletResponse);
      return;
    }

    final String header = request.getHeader(HttpHeaders.AUTHORIZATION);
    if (header == null) {
      noHeader().writeResponse(response);
      return;
    }

    final String[] usernameAndPassword = extractCredential(header);
    if (usernameAndPassword == null) {
      badHeader().writeResponse(response);
      return;
    }

    final String username = usernameAndPassword[0];
    final String password = usernameAndPassword[1];

    switch (authManager.authenticate(username, password)) {
      case PASSWORD_CHANGE_REQUIRED:
        if (!passwordChangeWhitelist.matches(path)) {
          passwordChangeRequired(username, baseURL(request)).writeResponse(response);
          return;
        }
        // fall through
      case SUCCESS:
        filterChain.doFilter(
            new AuthorizedRequestWrapper(BASIC_AUTH, username, request), servletResponse);
        return;
      case TOO_MANY_ATTEMPTS:
        tooManyAttemptes().writeResponse(response);
        return;
      default:
        log.warn(
            "Failed authentication attempt for '%s' from %s", username, request.getRemoteAddr());
        invalidCredential().writeResponse(response);
        return;
    }
  }