Created
February 7, 2023 17:07
-
-
Save bejean/fec9906de62d79542223692d9235c981 to your computer and use it in GitHub Desktop.
Authentification Solr lors d'une requete
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
public boolean doAuthenticate( | |
HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) | |
throws Exception { | |
String authHeader = request.getHeader("Authorization"); | |
boolean isAjaxRequest = isAjaxRequest(request); | |
if (authHeader != null) { | |
===> si il y a un header Authorization, tentative d'authentification | |
BasicAuthPlugin.authHeader.set(new BasicHeader("Authorization", authHeader)); | |
StringTokenizer st = new StringTokenizer(authHeader); | |
if (st.hasMoreTokens()) { | |
String basic = st.nextToken(); | |
if (basic.equalsIgnoreCase("Basic")) { | |
if (st.hasMoreTokens()) { | |
try { | |
String credentials = | |
new String(Base64.getDecoder().decode(st.nextToken()), StandardCharsets.UTF_8); | |
int p = credentials.indexOf(":"); | |
if (p != -1) { | |
final String username = credentials.substring(0, p).trim(); | |
String pwd = credentials.substring(p + 1).trim(); | |
if (!authenticate(username, pwd)) { | |
===> authentication echoue | |
numWrongCredentials.inc(); | |
log.debug("Bad auth credentials supplied in Authorization header"); | |
authenticationFailure(response, isAjaxRequest, "Bad credentials"); | |
return false; | |
} else { | |
Principal principal = new BasicAuthUserPrincipal(username, pwd); | |
request = wrapWithPrincipal(request, principal, username); | |
numAuthenticated.inc(); | |
filterChain.doFilter(request, response); | |
return true; | |
} | |
} else { | |
numErrors.mark(); | |
authenticationFailure(response, isAjaxRequest, "Invalid authentication token"); | |
return false; | |
} | |
} catch (UnsupportedEncodingException e) { | |
throw new Error("Couldn't retrieve authentication", e); | |
} | |
} else { | |
numErrors.mark(); | |
authenticationFailure(response, isAjaxRequest, "Malformed Basic Auth header"); | |
return false; | |
} | |
} | |
} | |
} | |
// No auth header OR header empty OR Authorization header not of type Basic, i.e. "unknown" user | |
if (blockUnknown) { | |
==> si pas de header Authorization et blockUnknown=true | |
==> erreur car l'authentification est obligatoire | |
numMissingCredentials.inc(); | |
authenticationFailure(response, isAjaxRequest, "require authentication"); | |
return false; | |
} else { | |
===> si blockUnknown=false, on test les regles de secutrity.json et donc la regle "/replication" va etre appliqué" | |
numPassThrough.inc(); | |
request.setAttribute(AuthenticationPlugin.class.getName(), getPromptHeaders(isAjaxRequest)); | |
filterChain.doFilter(request, response); | |
return true; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment