/*
* Copyright 2015 Petr Bouda
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.joyrest.oauth2;
import java.io.IOException;
import org.joyrest.logging.JoyLogger;
import org.joyrest.model.request.InternalRequest;
import org.joyrest.model.request.Request;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.crypto.codec.Base64;
import org.springframework.security.oauth2.common.exceptions.BadClientCredentialsException;
import org.springframework.security.web.authentication.WebAuthenticationDetails;
import static java.util.Objects.isNull;
public class BasicAuthenticator {
private static final JoyLogger logger = new JoyLogger(BasicAuthenticator.class);
private static final String CREDENTIALS_CHARSET = "UTF-8";
private final AuthenticationManager authenticationManager;
public BasicAuthenticator(final AuthenticationManager oAuth2AuthenticationManager) {
this.authenticationManager = oAuth2AuthenticationManager;
}
public Authentication authenticate(Request<?> request) {
String header = request.getHeader("Authorization")
.orElseThrow(() -> new BadCredentialsException("There is no Authorization header"));
if (isNull(header) || !header.startsWith("Basic ")) {
throw new BadCredentialsException("Failed to decode basic authentication token");
}
try {
String[] tokens = extractAndDecodeHeader(header);
String username = tokens[0];
logger.debug(() -> "Basic Authentication Authorization header found for user '" + username + "'");
UsernamePasswordAuthenticationToken authRequest =
new UsernamePasswordAuthenticationToken(username, tokens[1]);
Authentication authentication = authenticationManager.authenticate(authRequest);
logger.debug(() -> "Authentication success: " + authentication);
return authentication;
} catch (IOException ex) {
throw new BadCredentialsException("Failed to decode basic authentication token");
}
}
/**
* Decodes the header into a username and password.
*
* @throws BadCredentialsException if the Basic header is not present or is not valid Base64
*/
private String[] extractAndDecodeHeader(String header) throws IOException {
byte[] base64Token = header.substring(6).getBytes(CREDENTIALS_CHARSET);
byte[] decoded;
try {
decoded = Base64.decode(base64Token);
} catch (IllegalArgumentException e) {
throw new BadCredentialsException("Failed to decode basic authentication token");
}
String token = new String(decoded, CREDENTIALS_CHARSET);
int delim = token.indexOf(":");
if (delim == -1) {
throw new BadCredentialsException("Invalid basic authentication token");
}
return new String[] {token.substring(0, delim), token.substring(delim + 1)};
}
}