Skip to content

Instantly share code, notes, and snippets.

@maxdemarzi

maxdemarzi/LockDownSecurityRule.java

Created September 3, 2014 18:03
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save maxdemarzi/79e778fa4aa4191c81b9 to your computer and use it in GitHub Desktop.
Save maxdemarzi/79e778fa4aa4191c81b9 to your computer and use it in GitHub Desktop.
Download ZIP
Example Neo4j Security Rule
Raw
LockDownSecurityRule.java
package org.neo4j.server.rest.security;
import javax.servlet.http.HttpServletRequest;
import javax.xml.bind.DatatypeConverter;
import java.util.StringTokenizer;
import java.io.UnsupportedEncodingException;
public class LockDownSecurityRule implements SecurityRule {
public static final String REALM = "WallyWorld"; // as per RFC2617 :-);
@Override
public boolean isAuthorized(HttpServletRequest request)
{
String authHeader = request.getHeader("Authorization");
if (authHeader != null) {
StringTokenizer st = new StringTokenizer(authHeader);
if (st.hasMoreTokens()) {
String basic = st.nextToken();
if (basic.equalsIgnoreCase("Basic")) {
try {
byte[] decode = DatatypeConverter.parseBase64Binary(st.nextToken());
String credentials = new String(decode, "UTF-8");
int p = credentials.indexOf(":");
if (p != -1) {
String login = credentials.substring(0, p).trim();
String password = credentials.substring(p + 1).trim();
return login.equals("admin") && password.equals("swordfish");
} else {
return false;
}
} catch (UnsupportedEncodingException e) {
return false;
}
}
}
}
return false;
}
@Override
public String forUriPath()
{
return "/";
}
@Override
public String wwwAuthenticateHeader()
{
return SecurityFilter.basicAuthenticationResponse(REALM);
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment