Following this link:
http://www.unix.org.ua/orelly/java-ent/servlet/ch08_01.htmwe can extend the OFBIZ SOAPEventHandler to support basic authentication.
Add the following code snipped to the start of SOAPEventHandler.invoke(..):
Map serviceContext = new HashMap();
String auth = request.getHeader("Authorization");
try {
// Do we have the authentication information?
if (auth == null) {
// Send response to get login information
response.setHeader("WWW-Authenticate", "BASIC realm=\"users\"");
response.sendError(response.SC_UNAUTHORIZED);
return null;
}
} catch(IOException e) {
sendError(response, e);
throw new EventHandlerException("Error sending " + response.SC_UNAUTHORIZED + " response", e);
}
// Extract authentication information
if (!auth.toUpperCase().startsWith("BASIC ")) {
sendError(response, "Only basic authentication is supported!");
throw new EventHandlerException("Only basic authentication is supported!");
}
// Get encoded user and password, comes after "BASIC "
String userpassEncoded = auth.substring(6);
try {
// Decode it, using any base 64 decoder
sun.misc.BASE64Decoder dec = new sun.misc.BASE64Decoder();
String userpassDecoded = new String(dec.decodeBuffer(userpassEncoded));
int sepIndex = userpassDecoded.indexOf(":");
String user = userpassDecoded.substring(0, sepIndex);
String pwd = userpassDecoded.substring(sepIndex + 1);
serviceContext.put("login.password", pwd);
serviceContext.put("login.username", user);
} catch(IOException e) {
sendError(response, e);
throw new EventHandlerException("Error decoding authenticated information", e);
}
Michael
Locked
