OFBiz OFBiz - Commits

[ofbiz-plugins] branch trunk updated: Improved: Added Enum for HTTP Auth Schemes(OFBIZ-11328)

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
grv-2
Reply | Threaded
Open this post in threaded view
|

[ofbiz-plugins] branch trunk updated: Improved: Added Enum for HTTP Auth Schemes(OFBIZ-11328)

grv-2
This is an automated email from the ASF dual-hosted git repository.

grv pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-plugins.git


The following commit(s) were added to refs/heads/trunk by this push:
     new fabb323  Improved: Added Enum for HTTP Auth Schemes(OFBIZ-11328)
fabb323 is described below

commit fabb323a530db274306e720df9767fb09966cd1d
Author: Girish Vasmatkar <[hidden email]>
AuthorDate: Mon Aug 31 11:28:10 2020 +0530

    Improved: Added Enum for HTTP Auth Schemes(OFBIZ-11328)
---
 .../ofbiz/ws/rs/common/AuthenticationScheme.java   | 35 ++++++++++++++++++++++
 .../ofbiz/ws/rs/security/auth/APIAuthFilter.java   |  6 ++--
 .../ws/rs/security/auth/HttpBasicAuthFilter.java   |  7 +++--
 3 files changed, 42 insertions(+), 6 deletions(-)

diff --git a/ofbiz-rest-impl/src/main/java/org/apache/ofbiz/ws/rs/common/AuthenticationScheme.java b/ofbiz-rest-impl/src/main/java/org/apache/ofbiz/ws/rs/common/AuthenticationScheme.java
new file mode 100644
index 0000000..7badcf7
--- /dev/null
+++ b/ofbiz-rest-impl/src/main/java/org/apache/ofbiz/ws/rs/common/AuthenticationScheme.java
@@ -0,0 +1,35 @@
+/*******************************************************************************
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *******************************************************************************/
+package org.apache.ofbiz.ws.rs.common;
+
+public enum AuthenticationScheme {
+
+    BASIC("Basic"),
+    BEARER("Bearer");
+    private String scheme;
+    AuthenticationScheme(String scheme) {
+        this.scheme = scheme;
+    }
+    /**
+     * @return the scheme
+     */
+    public String getScheme() {
+        return scheme;
+    }
+}
diff --git a/ofbiz-rest-impl/src/main/java/org/apache/ofbiz/ws/rs/security/auth/APIAuthFilter.java b/ofbiz-rest-impl/src/main/java/org/apache/ofbiz/ws/rs/security/auth/APIAuthFilter.java
index 35e331d..1645bb5 100644
--- a/ofbiz-rest-impl/src/main/java/org/apache/ofbiz/ws/rs/security/auth/APIAuthFilter.java
+++ b/ofbiz-rest-impl/src/main/java/org/apache/ofbiz/ws/rs/security/auth/APIAuthFilter.java
@@ -39,6 +39,7 @@ import org.apache.ofbiz.entity.GenericValue;
 import org.apache.ofbiz.entity.util.EntityQuery;
 import org.apache.ofbiz.service.ModelService;
 import org.apache.ofbiz.webapp.control.JWTManager;
+import org.apache.ofbiz.ws.rs.common.AuthenticationScheme;
 import org.apache.ofbiz.ws.rs.security.Secured;
 import org.apache.ofbiz.ws.rs.util.RestApiUtil;
 
@@ -60,7 +61,6 @@ public class APIAuthFilter implements ContainerRequestFilter {
     @Context
     private ServletContext servletContext;
 
-    private static final String AUTHENTICATION_SCHEME = "Bearer";
     private static final String REALM = "OFBiz";
 
     /**
@@ -93,7 +93,7 @@ public class APIAuthFilter implements ContainerRequestFilter {
      * @return
      */
     private boolean isTokenBasedAuthentication(String authorizationHeader) {
-        return authorizationHeader != null && authorizationHeader.toLowerCase().startsWith(AUTHENTICATION_SCHEME.toLowerCase() + " ");
+        return authorizationHeader != null && authorizationHeader.toLowerCase().startsWith(AuthenticationScheme.BEARER.getScheme() + " ");
     }
 
     /**
@@ -103,7 +103,7 @@ public class APIAuthFilter implements ContainerRequestFilter {
         if (!isAuthHeaderPresent) {
             requestContext.abortWith(
                     RestApiUtil.errorBuilder(Response.Status.UNAUTHORIZED.getStatusCode(), Response.Status.UNAUTHORIZED.getReasonPhrase(), message)
-                            .header(HttpHeaders.WWW_AUTHENTICATE, AUTHENTICATION_SCHEME + " realm=\"" + REALM + "\"").build());
+                            .header(HttpHeaders.WWW_AUTHENTICATE, AuthenticationScheme.BEARER.getScheme() + " realm=\"" + REALM + "\"").build());
         } else {
             requestContext
                     .abortWith(RestApiUtil.error(Response.Status.FORBIDDEN.getStatusCode(), Response.Status.FORBIDDEN.getReasonPhrase(), message));
diff --git a/ofbiz-rest-impl/src/main/java/org/apache/ofbiz/ws/rs/security/auth/HttpBasicAuthFilter.java b/ofbiz-rest-impl/src/main/java/org/apache/ofbiz/ws/rs/security/auth/HttpBasicAuthFilter.java
index 15a268d..1db9140 100644
--- a/ofbiz-rest-impl/src/main/java/org/apache/ofbiz/ws/rs/security/auth/HttpBasicAuthFilter.java
+++ b/ofbiz-rest-impl/src/main/java/org/apache/ofbiz/ws/rs/security/auth/HttpBasicAuthFilter.java
@@ -40,6 +40,7 @@ import org.apache.ofbiz.entity.GenericValue;
 import org.apache.ofbiz.service.GenericServiceException;
 import org.apache.ofbiz.service.LocalDispatcher;
 import org.apache.ofbiz.service.ServiceUtil;
+import org.apache.ofbiz.ws.rs.common.AuthenticationScheme;
 import org.apache.ofbiz.ws.rs.security.AuthToken;
 import org.apache.ofbiz.ws.rs.util.RestApiUtil;
 
@@ -59,7 +60,6 @@ public class HttpBasicAuthFilter implements ContainerRequestFilter {
     @Context
     private ServletContext servletContext;
 
-    private static final String AUTHENTICATION_SCHEME = "Basic";
     private static final String REALM = "OFBiz";
 
     /**
@@ -89,7 +89,8 @@ public class HttpBasicAuthFilter implements ContainerRequestFilter {
      * @return
      */
     private boolean isBasicAuth(String authorizationHeader) {
-        return authorizationHeader != null && authorizationHeader.toLowerCase().startsWith(AUTHENTICATION_SCHEME.toLowerCase() + " ");
+        return authorizationHeader != null
+                && authorizationHeader.toLowerCase().startsWith(AuthenticationScheme.BASIC.getScheme().toLowerCase() + " ");
     }
 
     /**
@@ -99,7 +100,7 @@ public class HttpBasicAuthFilter implements ContainerRequestFilter {
         if (!isAuthHeaderPresent) {
             requestContext.abortWith(
                     RestApiUtil.errorBuilder(Response.Status.UNAUTHORIZED.getStatusCode(), Response.Status.UNAUTHORIZED.getReasonPhrase(), message)
-                            .header(HttpHeaders.WWW_AUTHENTICATE, AUTHENTICATION_SCHEME + " realm=\"" + REALM + "\"").build());
+                            .header(HttpHeaders.WWW_AUTHENTICATE, AuthenticationScheme.BASIC.getScheme() + " realm=\"" + REALM + "\"").build());
         } else {
             requestContext
                     .abortWith(RestApiUtil.error(Response.Status.FORBIDDEN.getStatusCode(), Response.Status.FORBIDDEN.getReasonPhrase(), message));

Free forum by Nabble Edit this page