--- /dev/null
+/**\r
+ * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.\r
+ *\r
+ * Permission is hereby granted, free of charge, to any person obtaining a copy\r
+ * of this software and associated documentation files (the "Software"), to deal\r
+ * in the Software without restriction, including without limitation the rights\r
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell\r
+ * copies of the Software, and to permit persons to whom the Software is\r
+ * furnished to do so, subject to the following conditions:\r
+ *\r
+ * The above copyright notice and this permission notice shall be included in\r
+ * all copies or substantial portions of the Software.\r
+ *\r
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\r
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\r
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\r
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\r
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\r
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\r
+ * SOFTWARE.\r
+ */\r
+\r
+package com.liferay.portal.security.auth;\r
+\r
+import java.util.StringTokenizer;\r
+\r
+import javax.servlet.http.HttpServletRequest;\r
+import javax.servlet.http.HttpServletResponse;\r
+\r
+import com.liferay.portal.kernel.log.Log;\r
+import com.liferay.portal.kernel.log.LogFactoryUtil;\r
+import com.liferay.portal.kernel.util.Base64;\r
+import com.liferay.portal.kernel.util.StringPool;\r
+import com.liferay.portal.model.Company;\r
+import com.liferay.portal.service.UserLocalServiceUtil;\r
+import com.liferay.portal.util.PortalUtil;\r
+\r
+/**\r
+ * <a href="BasicAuthHeaderAutoLogin.java.html"><b><i>View Source</i></b></a>\r
+ *\r
+ * <p>\r
+ * 1. Install Firefox. These instructions assume you have Firefox 2.0.0.1.\r
+ * Previous version of Firefox have been tested and are known to work.\r
+ * </p>\r
+ *\r
+ * <p>\r
+ * 2. Install the Modify Headers 0.5.4 Add-on. Tools > Add Ons. Click the get\r
+ * extensions link at the bottom of the window. Type in "Modify Headers" in the\r
+ * Search box. Find Modify Headers in the results page and click on it. Then\r
+ * click the install now link.\r
+ * </p>\r
+ *\r
+ * <p>\r
+ * 3. Configure Modify Headers to add a basic authentication header. Tools >\r
+ * Modify Headers. In the Modify Headers window select the Add drop down. Type\r
+ * in "Authorization" in the next box. Type in "Basic bGlmZXJheS5jb20uMTp0ZXN0"\r
+ * in the next box. Click the Add button.\r
+ * </p>\r
+ *\r
+ * <p>\r
+ * 4. Make sure your header modification is enabled and point your browser to\r
+ * the Liferay portal.\r
+ * </p>\r
+ *\r
+ * <p>\r
+ * 5. You should now be authenticated as Joe Bloggs.\r
+ * </p>\r
+ *\r
+ * @author Britt Courtney\r
+ * @author Brian Wing Shun Chan\r
+ *\r
+ */\r
+public class BasicEntAuthHeaderAutoLogin implements AutoLogin {\r
+\r
+ public String[] login(\r
+ HttpServletRequest request, HttpServletResponse response)\r
+ throws AutoLoginException {\r
+\r
+ try {\r
+ String[] credentials = null;\r
+\r
+ // Get the Authorization header, if one was supplied\r
+\r
+ String authorization = request.getHeader("Authorization");\r
+ if (authorization == null) {\r
+ return credentials;\r
+ }\r
+\r
+ StringTokenizer st = new StringTokenizer(authorization);\r
+\r
+ if (!st.hasMoreTokens()) {\r
+ return credentials;\r
+ }\r
+\r
+ String basic = st.nextToken();\r
+\r
+ // We only handle HTTP Basic authentication\r
+ if (!basic.equalsIgnoreCase(HttpServletRequest.BASIC_AUTH)) {\r
+ return credentials;\r
+ }\r
+\r
+ String encodedCredentials = st.nextToken();\r
+ if (_log.isDebugEnabled()) {\r
+ _log.debug("Encoded credentials are " + encodedCredentials);\r
+ }\r
+\r
+ String decodedCredentials = new String(\r
+ Base64.decode(encodedCredentials));\r
+ if (_log.isDebugEnabled()) {\r
+ _log.debug("Decoded credentials are " + decodedCredentials);\r
+ }\r
+\r
+ int pos = decodedCredentials.indexOf(StringPool.COLON);\r
+\r
+ if (pos == -1) {\r
+ return credentials;\r
+ }\r
+\r
+ String login = decodedCredentials.substring(0, pos);\r
+ \r
+ Company company = PortalUtil.getCompany(request);\r
+\r
+ String authType = company.getAuthType();\r
+ \r
+ long userId = 0;\r
+\r
+ // ENT Nero --> uniquement login\r
+// if (authType.equals(CompanyConstants.AUTH_TYPE_EA)) {\r
+// userId = UserLocalServiceUtil.getUserIdByEmailAddress(\r
+// company.getCompanyId(), login);\r
+// }\r
+// else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {\r
+ userId = UserLocalServiceUtil.getUserIdByScreenName(\r
+ company.getCompanyId(), login);\r
+// }\r
+// else if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {\r
+// userId = GetterUtil.getLong(login);\r
+// }\r
+// else {\r
+// return credentials;\r
+// }\r
+ \r
+ if (userId==0) {\r
+ // user pas trouve\r
+ return credentials;\r
+ }\r
+ \r
+ String password = decodedCredentials.substring(pos + 1);\r
+ \r
+ LDAPAuth myAuthLDAPConnector = new LDAPAuth();\r
+ \r
+ int resultAuth = myAuthLDAPConnector.FAILURE;\r
+ try{\r
+ resultAuth= myAuthLDAPConnector.authenticate(\r
+ company.getCompanyId(), StringPool.BLANK, login, 0, password);\r
+ _log.debug("LDAP auth return: " + resultAuth);\r
+ }\r
+ catch (Exception e) {\r
+ _log.error("erreur authenticate LDAP",e);\r
+ return credentials;\r
+ }\r
+ if (resultAuth==myAuthLDAPConnector.SUCCESS) {\r
+ credentials = new String[3];\r
+ credentials[0] = String.valueOf(userId);\r
+ credentials[1] = password;\r
+ credentials[2] = Boolean.TRUE.toString();\r
+ }\r
+ return credentials;\r
+ }\r
+ catch (Exception e) {\r
+ throw new AutoLoginException(e);\r
+ }\r
+ }\r
+ \r
+ \r
+\r
+ private static Log _log =\r
+ LogFactoryUtil.getLog(BasicEntAuthHeaderAutoLogin.class);\r
+\r
+}
\ No newline at end of file