protected boolean authenticate(HttpServletRequest request) {
    if (provider.isAuthenticated(request.getSession())) return true;

    String user = null, pass = null;
    String authorization = request.getHeader("Authorization");
    if (authorization != null) {
      String userpass = Base64.base64Decode(authorization.substring(6));
      user = userpass.substring(0, userpass.indexOf(":"));
      pass = userpass.substring(userpass.indexOf(":") + 1);
    }

    if (provider.authenticate(request.getSession(), user, pass)) {
      log.info("Web API authenticated " + request.getSession() + " for user " + user);
      if (user != null) {
        request.getSession().setAttribute(AUTHENTICATED_USER_SESSION_ATTRIBUTE, user);
      }
      return true;
    }

    return false;
  }
 protected boolean handleLogout(HttpServletRequest request) {
   if ("/logout".equals(request.getRequestURI()) || "/v1/logout".equals(request.getRequestURI())) {
     log.info(
         "Web API logging out "
             + request.getSession()
             + " for user "
             + request.getSession().getAttribute(AUTHENTICATED_USER_SESSION_ATTRIBUTE));
     provider.logout(request.getSession());
     request.getSession().removeAttribute(AUTHENTICATED_USER_SESSION_ATTRIBUTE);
     request.getSession().invalidate();
     return true;
   }
   return false;
 }