Skip to content

Instantly share code, notes, and snippets.

@nacho4d

nacho4d/BasicAuthenticationFilter.java

Forked from neolitec/BasicAuthenticationFilter.java
Last active July 12, 2018 18:15
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save nacho4d/0f638e1312130a7a11ae52bbd08a9438 to your computer and use it in GitHub Desktop.
Save nacho4d/0f638e1312130a7a11ae52bbd08a9438 to your computer and use it in GitHub Desktop.
Download ZIP
HTTP Basic authentication Java filter (Without external dependencies)
Raw
BasicAuthenticationFilter.java
package com.company.project.filter;
import java.io.IOException;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.UnsupportedEncodingException;
import java.util.Base64;
import java.util.StringTokenizer;
import javax.servlet.annotation.WebFilter;
import javax.servlet.annotation.WebInitParam;
@WebFilter(
urlPatterns = { "/*" },
initParams = {
@WebInitParam(name = "username", value = "user"),
@WebInitParam(name = "password", value = "pass")
}
)
public class BasicAuthenticationFilter implements Filter {
/** Logger */
private static final Logger logger = Logger.getLogger(BasicAuthenticationFilter.class.getName());
private String username = "";
private String password = "";
private String realm = "Protected";
@Override
public void init(FilterConfig filterConfig) throws ServletException {
username = filterConfig.getInitParameter("username");
password = filterConfig.getInitParameter("password");
String paramRealm = filterConfig.getInitParameter("realm");
if (paramRealm != null && paramRealm.length() > 0) {
realm = paramRealm;
}
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
String authHeader = request.getHeader("Authorization");
if (authHeader != null) {
StringTokenizer st = new StringTokenizer(authHeader);
if (st.hasMoreTokens()) {
String basic = st.nextToken();
if (basic.equalsIgnoreCase("Basic")) {
try {
String credentials = new String(Base64.getDecoder().decode(st.nextToken()));
logger.log(Level.INFO, "Credentials: " + credentials);
System.out.println("credentials: " + credentials);
int p = credentials.indexOf(":");
if (p != -1) {
String _username = credentials.substring(0, p).trim();
String _password = credentials.substring(p + 1).trim();
if (!username.equals(_username) || !password.equals(_password)) {
unauthorized(response, "Bad credentials");
}
filterChain.doFilter(servletRequest, servletResponse);
} else {
unauthorized(response, "Invalid authentication token");
}
} catch (UnsupportedEncodingException e) {
throw new Error("Couldn't retrieve authentication", e);
}
}
}
} else {
unauthorized(response);
}
}
@Override
public void destroy() {
}
private void unauthorized(HttpServletResponse response, String message) throws IOException {
response.setHeader("WWW-Authenticate", "Basic realm=\"" + realm + "\"");
response.sendError(401, message);
}
private void unauthorized(HttpServletResponse response) throws IOException {
unauthorized(response, "Unauthorized");
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment