bejean/gist:fec9906de62d79542223692d9235c981

## gistfile1.txt
  public boolean doAuthenticate(
      HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
      throws Exception {
    String authHeader = request.getHeader("Authorization");
    boolean isAjaxRequest = isAjaxRequest(request);

    if (authHeader != null) {

 ===> si il y a un header Authorization, tentative d'authentification


      BasicAuthPlugin.authHeader.set(new BasicHeader("Authorization", authHeader));
      StringTokenizer st = new StringTokenizer(authHeader);
      if (st.hasMoreTokens()) {
        String basic = st.nextToken();
        if (basic.equalsIgnoreCase("Basic")) {
          if (st.hasMoreTokens()) {
            try {
              String credentials =
                  new String(Base64.getDecoder().decode(st.nextToken()), StandardCharsets.UTF_8);
              int p = credentials.indexOf(":");
              if (p != -1) {
                final String username = credentials.substring(0, p).trim();
                String pwd = credentials.substring(p + 1).trim();
                if (!authenticate(username, pwd)) {


  ===> authentication echoue

                  numWrongCredentials.inc();
                  log.debug("Bad auth credentials supplied in Authorization header");
                  authenticationFailure(response, isAjaxRequest, "Bad credentials");
                  return false;
                } else {
                  Principal principal = new BasicAuthUserPrincipal(username, pwd);
                  request = wrapWithPrincipal(request, principal, username);
                  numAuthenticated.inc();
                  filterChain.doFilter(request, response);
                  return true;
                }
              } else {
                numErrors.mark();
                authenticationFailure(response, isAjaxRequest, "Invalid authentication token");
                return false;
              }
            } catch (UnsupportedEncodingException e) {
              throw new Error("Couldn't retrieve authentication", e);
            }
          } else {
            numErrors.mark();
            authenticationFailure(response, isAjaxRequest, "Malformed Basic Auth header");
            return false;
          }
        }
      }
    }


    // No auth header OR header empty OR Authorization header not of type Basic, i.e. "unknown" user
    if (blockUnknown) {

   ==> si pas de header Authorization et blockUnknown=true
   ==> erreur car l'authentification est obligatoire

      numMissingCredentials.inc();
      authenticationFailure(response, isAjaxRequest, "require authentication");
      return false;
    } else {

===> si  blockUnknown=false, on test les regles de secutrity.json et donc la regle "/replication" va etre appliqué"

      numPassThrough.inc();
      request.setAttribute(AuthenticationPlugin.class.getName(), getPromptHeaders(isAjaxRequest));
      filterChain.doFilter(request, response);
      return true;
    }
  }
	public boolean doAuthenticate(
	HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
	throws Exception {
	String authHeader = request.getHeader("Authorization");
	boolean isAjaxRequest = isAjaxRequest(request);

	if (authHeader != null) {

	===> si il y a un header Authorization, tentative d'authentification


	BasicAuthPlugin.authHeader.set(new BasicHeader("Authorization", authHeader));
	StringTokenizer st = new StringTokenizer(authHeader);
	if (st.hasMoreTokens()) {
	String basic = st.nextToken();
	if (basic.equalsIgnoreCase("Basic")) {
	if (st.hasMoreTokens()) {
	try {
	String credentials =
	new String(Base64.getDecoder().decode(st.nextToken()), StandardCharsets.UTF_8);
	int p = credentials.indexOf(":");
	if (p != -1) {
	final String username = credentials.substring(0, p).trim();
	String pwd = credentials.substring(p + 1).trim();
	if (!authenticate(username, pwd)) {


	===> authentication echoue

	numWrongCredentials.inc();
	log.debug("Bad auth credentials supplied in Authorization header");
	authenticationFailure(response, isAjaxRequest, "Bad credentials");
	return false;
	} else {
	Principal principal = new BasicAuthUserPrincipal(username, pwd);
	request = wrapWithPrincipal(request, principal, username);
	numAuthenticated.inc();
	filterChain.doFilter(request, response);
	return true;
	}
	} else {
	numErrors.mark();
	authenticationFailure(response, isAjaxRequest, "Invalid authentication token");
	return false;
	}
	} catch (UnsupportedEncodingException e) {
	throw new Error("Couldn't retrieve authentication", e);
	}
	} else {
	numErrors.mark();
	authenticationFailure(response, isAjaxRequest, "Malformed Basic Auth header");
	return false;
	}
	}
	}
	}


	// No auth header OR header empty OR Authorization header not of type Basic, i.e. "unknown" user
	if (blockUnknown) {

	==> si pas de header Authorization et blockUnknown=true
	==> erreur car l'authentification est obligatoire

	numMissingCredentials.inc();
	authenticationFailure(response, isAjaxRequest, "require authentication");
	return false;
	} else {

	===> si blockUnknown=false, on test les regles de secutrity.json et donc la regle "/replication" va etre appliqué"

	numPassThrough.inc();
	request.setAttribute(AuthenticationPlugin.class.getName(), getPromptHeaders(isAjaxRequest));
	filterChain.doFilter(request, response);
	return true;
	}
	}