/** * Check whether the password is the local password. * We ignore the user name but could check whether it's * a valid admin user name. */ private boolean isLocalPassword(String user, String password) { if (!localPassword.isLocalPassword(password)) { logger.finest("Password is not the local password"); return false; } logger.fine("Allowing access using local password"); return true; }
@Override public boolean identify(final Subject subject) throws LoginException { /* * Note that this LoginModule does not authenticate the normal * username/password pairs. That's left to another one. This module * checks for the local password. */ if (localPassword == null) { return false; } final boolean result = localPassword.isLocalPassword(new String(pwCB.getPassword())); if (result) { subject.getPrincipals().add(new AdminLocalPasswordPrincipal()); logger.log(PROGRESS_LEVEL, "AdminLoginModule detected local password"); } return result; }
private PasswordAuthentication basicAuth() throws IOException { final String authHeader = header("Authorization"); if (authHeader == null) { logger.log(PROGRESS_LEVEL, "No Authorization header found; preparing default with username {0} and empty password", defaultAdminUsername); return new PasswordAuthentication(defaultAdminUsername, new char[0]); } String enc = authHeader.substring(BASIC.length()); String dec = new String(decoder.decodeBuffer(enc)); int i = dec.indexOf(':'); if (i < 0) { logger.log(PROGRESS_LEVEL, "Authorization header contained no : to separate the username from the password; proceeding with an empty username and empty password"); return new PasswordAuthentication("", new char[0]); } final char[] password = dec.substring(i + 1).toCharArray(); String username = dec.substring(0, i); if (username.isEmpty() && ! localPassword.isLocalPassword(new String(password))) { logger.log(PROGRESS_LEVEL, "Authorization header contained no username and the password is not the local password, so continue with the default username {0}", defaultAdminUsername); username = defaultAdminUsername; } logger.log(PROGRESS_LEVEL, "basicAuth processing returning PasswordAuthentication with username {0}", username); return new PasswordAuthentication(username, password); }