raboof/pekko
1
0
Fork 0
Code Issues Pull requests Projects Releases 6 Packages Wiki Activity Actions 10

Fix NullpointerException in the BasicAuth actor when called without "Authorization" header

Browse source
This commit is contained in:
Eckart Hertzler 2009-10-19 20:22:30 +08:00 committed by Jonas Bonér
parent 85ff3b2ecd
commit 80708cd6a1
1 changed files with 25 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

42
akka-security/src/main/scala/Security.scala
View file

@ -226,13 +226,21 @@ trait BasicAuthenticationActor extends AuthenticationActor[BasicCredentials]
Response.status(401).header("WWW-Authenticate","Basic realm=\"" + realm + "\"").build Response.status(401).header("WWW-Authenticate","Basic realm=\"" + realm + "\"").build
override def extractCredentials(r : Req) : Option[BasicCredentials] = { override def extractCredentials(r : Req) : Option[BasicCredentials] = {
val a = r.getHeaderValue("Authorization")
new String(Base64.decode(a.substring(6,a.length).getBytes)).split(":").toList match { val Authorization = """(.*):(.*)""".r
case userName :: password :: _ => Some(BasicCredentials(userName, password))
case userName :: Nil => Some(BasicCredentials(userName, "")) authOption(r) match {
case _ => None case Some(token) => {
} val authResponse = new String(Base64.decode(token.substring(6).getBytes))
} authResponse match {
case Authorization(username, password) => Some(BasicCredentials(username, password))
case _ => None
}
}
case _ => None
}
}
override def mkSecurityContext(r : Req,u : UserInfo) : SecurityContext = override def mkSecurityContext(r : Req,u : UserInfo) : SecurityContext =
mkDefaultSecurityContext(r,u,SecurityContext.BASIC_AUTH) mkDefaultSecurityContext(r,u,SecurityContext.BASIC_AUTH)
@ -353,19 +361,19 @@ trait SpnegoAuthenticationActor extends AuthenticationActor[SpnegoCredentials]
override def unauthorized = override def unauthorized =
Response.status(401).header("WWW-Authenticate", "Negotiate").build Response.status(401).header("WWW-Authenticate", "Negotiate").build
// for some reason the jersey Base64 class does not work with kerberos
// but the commons Base64 does
import _root_.org.apache.commons.codec.binary.Base64
override def extractCredentials(r : Req) : Option[SpnegoCredentials] = { override def extractCredentials(r : Req) : Option[SpnegoCredentials] = {
val a = auth(r) val AuthHeader = """Negotiate\s(.*)""".r
// for some reason the jersey Base64 class does not work with kerberos authOption(r) match {
// but the commons Base64 does case Some(AuthHeader(token)) => {
import _root_.org.apache.commons.codec.binary.Base64 Some(SpnegoCredentials(Base64.decodeBase64(token.trim.getBytes)))
if (a != null && a.startsWith("Negotiate ")) }
Some( case _ => None
SpnegoCredentials(Base64.decodeBase64(a.substring(10).trim.getBytes)) }
)
else
None
} }