Skip to main content
summaryrefslogtreecommitdiffstats
path: root/bundles/org.eclipse.equinox.p2.testserver/src/org/eclipse/equinox/p2/testserver/SecureContext.java
blob: d4f295c0d9e2a7515374e0c96a2feed758a4fb7f (plain) (blame) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55

/*******************************************************************************
 * Copyright (c) 2009, 2018 Cloudsmith Inc and others.
 * All rights reserved. This program and the accompanying materials
 * are made available under the terms of the Eclipse Public License v1.0
 * which accompanies this distribution, and is available at
 * http://www.eclipse.org/legal/epl-v10.html
 *
 * Contributors:
 *     Cloudsmith Inc. - initial API and implementation
 *******************************************************************************/

package org.eclipse.equinox.p2.testserver;

import java.net.URL;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.osgi.service.http.HttpContext;

/**
 * The SecureContext can be used to add basic authentication to a path. This
 * implementation requires the user "Aladdin" to log in with the password "open
 * sesame".
 */
public class SecureContext implements HttpContext {
	private final HttpContext theDefaultContext;

	public SecureContext(HttpContext defaultContext) {
		theDefaultContext = defaultContext;
	}

	@Override
	public boolean handleSecurity(HttpServletRequest request, HttpServletResponse response) {
		String auth = request.getHeader("Authorization"); //$NON-NLS-1$
		// Response is Aladdin:open sesame in Base64 encoding (from RFC example)
		if (auth != null && "QWxhZGRpbjpvcGVuIHNlc2FtZQ==".equals(auth.substring(6))) //$NON-NLS-1$
			return true;

		// if not authorized or wrong user/password
		response.setHeader("WWW-Authenticate", "BASIC realm=\"p2 Http Testing Server (Aladdin, open sesame)\""); //$NON-NLS-1$//$NON-NLS-2$
		response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
		return false;

	}

	@Override
	public String getMimeType(String name) {
		return theDefaultContext.getMimeType(name);
	}

	@Override
	public URL getResource(String name) {
		return theDefaultContext.getResource(name);
	}

}

Back to the top