public AuthenticationContext authenticate(ServletRequestResponseContext requestCtx, AuthenticationService authService) throws AuthenticationException { HttpServletRequest request = requestCtx.getRequest(); String method = request.getMethod(); if ("GET".equals(method) && isDisableHttpGet()) { LOG.warn("Username and password via HTTP GET not supported."); return null; } String user = ServletUtils.getParameterValueEqualIgnoreCase(request, getUsernameParameterName()); String pw = ServletUtils.getParameterValueEqualIgnoreCase(request, getPasswordParameterName()); if (user == null) { return null; } CredentialsCallbackHandler callbackHandler = new CredentialsCallbackHandler(); callbackHandler.add(new UsernamePasswordCredential(user, pw)); callbackHandler.add(new IP4AddressCredential(request.getRemoteAddr())); return authService.login(callbackHandler); } };
public AuthenticationContext authenticate(ServletRequestResponseContext requestCtx, AuthenticationService authService) throws AuthenticationException { HttpServletRequest request = requestCtx.getRequest(); String method = request.getMethod(); if ("GET".equals(method) && isDisableHttpGet()) { LOG.warn("Base64 credential login via HTTP GET not supported."); return null; } String cred = ServletUtils.getParameterValueEqualIgnoreCase(request, getCredentialParameterName()); if (cred == null || cred.isEmpty()) { return null; } String user; String pw; String authorizationString = StringUtils.decodeBase64(cred); int colon = authorizationString.indexOf(':'); if (colon < 0) { user = authorizationString; pw = null; } else { user = authorizationString.substring(0, colon); pw= authorizationString.substring(colon + 1); } CredentialsCallbackHandler callbackHandler = new CredentialsCallbackHandler(); callbackHandler.add(new UsernamePasswordCredential(user, pw)); callbackHandler.add(new IP4AddressCredential(request.getRemoteAddr())); return authService.login(callbackHandler); } };