Clover coverage report - Cactus 1.5 for J2EE API 1.3
Coverage timestamp: Wed Feb 18 2004 09:09:13 EST
file stats: LOC: 285   Methods: 5
NCLOC: 116   Classes: 1
 
 Source file Conditionals Statements Methods TOTAL
BasicAuthentication.java 0% 0% 0% 0%
coverage
 1   
 /*
 2   
  * ====================================================================
 3   
  *
 4   
  * The Apache Software License, Version 1.1
 5   
  *
 6   
  * Copyright (c) 2001-2003 The Apache Software Foundation.  All rights
 7   
  * reserved.
 8   
  *
 9   
  * Redistribution and use in source and binary forms, with or without
 10   
  * modification, are permitted provided that the following conditions
 11   
  * are met:
 12   
  *
 13   
  * 1. Redistributions of source code must retain the above copyright
 14   
  *    notice, this list of conditions and the following disclaimer.
 15   
  *
 16   
  * 2. Redistributions in binary form must reproduce the above copyright
 17   
  *    notice, this list of conditions and the following disclaimer in
 18   
  *    the documentation and/or other materials provided with the
 19   
  *    distribution.
 20   
  *
 21   
  * 3. The end-user documentation included with the redistribution, if
 22   
  *    any, must include the following acknowlegement:
 23   
  *       "This product includes software developed by the
 24   
  *        Apache Software Foundation (http://www.apache.org/)."
 25   
  *    Alternately, this acknowlegement may appear in the software itself,
 26   
  *    if and wherever such third-party acknowlegements normally appear.
 27   
  *
 28   
  * 4. The names "The Jakarta Project", "Cactus" and "Apache Software
 29   
  *    Foundation" must not be used to endorse or promote products
 30   
  *    derived from this software without prior written permission. For
 31   
  *    written permission, please contact apache@apache.org.
 32   
  *
 33   
  * 5. Products derived from this software may not be called "Apache"
 34   
  *    nor may "Apache" appear in their names without prior written
 35   
  *    permission of the Apache Group.
 36   
  *
 37   
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
 38   
  * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 39   
  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 40   
  * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
 41   
  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 42   
  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 43   
  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
 44   
  * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
 45   
  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 46   
  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
 47   
  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 48   
  * SUCH DAMAGE.
 49   
  * ====================================================================
 50   
  *
 51   
  * This software consists of voluntary contributions made by many
 52   
  * individuals on behalf of the Apache Software Foundation.  For more
 53   
  * information on the Apache Software Foundation, please see
 54   
  * <http://www.apache.org/>.
 55   
  *
 56   
  */
 57   
 package org.apache.cactus.client.authentication;
 58   
 
 59   
 import java.text.CharacterIterator;
 60   
 import java.text.StringCharacterIterator;
 61   
 
 62   
 import org.apache.cactus.WebRequest;
 63   
 import org.apache.cactus.configuration.Configuration;
 64   
 
 65   
 /**
 66   
  * Basic Authentication support.
 67   
  *
 68   
  * @author <a href="mailto:vmassol@apache.org">Vincent Massol</a>
 69   
  * @author <a href="mailto:Jason.Robertson@acs-inc.com">Jason Robertson</a>
 70   
  *
 71   
  * @since 1.3
 72   
  * @see AbstractAuthentication
 73   
  *
 74   
  * @version $Id: BasicAuthentication.java,v 1.9 2003/05/26 11:45:26 cmlenz Exp $
 75   
  */
 76   
 public class BasicAuthentication extends AbstractAuthentication
 77   
 {
 78   
     /**
 79   
      * Provides encoding of raw bytes to base64-encoded characters, and
 80   
      * decoding of base64 characters to raw bytes.
 81   
      */
 82   
     private static char[] alphabet = 
 83   
         "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="
 84   
         .toCharArray();
 85   
 
 86   
     /**
 87   
      * Lookup table for converting base64 characters to value in range 0..63
 88   
      */
 89   
     private static byte[] codes = new byte[256];
 90   
 
 91   
     static
 92   
     {
 93  0
         for (int i = 0; i < 256; i++)
 94   
         {
 95  0
             codes[i] = -1;
 96   
         }
 97   
 
 98  0
         for (int i = 'A'; i <= 'Z'; i++)
 99   
         {
 100  0
             codes[i] = (byte) (i - 'A');
 101   
         }
 102   
 
 103  0
         for (int i = 'a'; i <= 'z'; i++)
 104   
         {
 105  0
             codes[i] = (byte) (26 + i - 'a');
 106   
         }
 107   
 
 108  0
         for (int i = '0'; i <= '9'; i++)
 109   
         {
 110  0
             codes[i] = (byte) (52 + i - '0');
 111   
         }
 112   
 
 113  0
         codes['+'] = 62;
 114  0
         codes['/'] = 63;
 115   
     }
 116   
 
 117   
     /**
 118   
      * @param theName user name of the Credential
 119   
      * @param thePassword user password of the Credential
 120   
      */
 121  0
     public BasicAuthentication(String theName, String thePassword)
 122   
     {
 123  0
         super(theName, thePassword);
 124   
     }
 125   
 
 126   
     /**
 127   
      * @see AbstractAuthentication#validateName(String)
 128   
      */
 129  0
     protected void validateName(String theName)
 130   
     {
 131   
         // According to HTTP 1.0 Spec:
 132   
         // userid   = [ token ]
 133   
         // token    = 1*<any CHAR except CTLs or tspecials>
 134   
         // CTL      = <any US-ASCII control character (octets 0-31) and
 135   
         //            DEL (127)
 136   
         // tspecial = "(" | ")" | "<" | ">" | "@"
 137   
         //            "," | ";" | ":" | "\" | <">
 138   
         //            "/" | "[" | "]" | "?" | "="
 139   
         //            "{" | "}" | SP | HT
 140   
         // SP       = <US-ASCII SP, space (32)>
 141   
         // HT       = <US-ASCII HT, horizontal-tab (9)>
 142   
         // Validate the given theName
 143   
         // The theName is optional, it can be blank.
 144  0
         if (theName == null)
 145   
         {
 146  0
             return;
 147   
         }
 148   
 
 149   
         // If it's non-blank, there is no maximum length
 150   
         // and it can't contain any illegal characters
 151  0
         String illegalChars = "()<>@,;:\\\"/[]?={} \t";
 152  0
         StringCharacterIterator iter = new StringCharacterIterator(theName);
 153   
 
 154  0
         for (char c = iter.first(); c != CharacterIterator.DONE;
 155   
              c = iter.next())
 156   
         {
 157  0
             if ((illegalChars.indexOf(c) != -1) || ((c >= 0) && (c <= 31))
 158   
                 || (c == 127))
 159   
             {
 160   
                 // Bad theName! Go to your room!
 161  0
                 throw new IllegalArgumentException(
 162   
                     "[" + theName + "] contains illegal characters.");
 163   
             }
 164   
         }
 165   
     }
 166   
 
 167   
     /**
 168   
      * @see AbstractAuthentication#validatePassword(String)
 169   
      */
 170  0
     protected void validatePassword(String thePassword)
 171   
     {
 172   
         // According to HTTP 1.0 Spec:
 173   
         // password = *TEXT
 174   
         // TEXT  = <any OCTET except CTLs, but including LWS>
 175   
         // OCTET = <any 8-bit sequence of data>
 176   
         // CTL   = <any US-ASCII control character (octets 0-31) and DEL (127)
 177   
         // LWS   = [CRLF] 1*( SP | HT )
 178   
         // CRLF  = CR LF
 179   
         // CR    = <US-ASCII CR, carriage return (13)>
 180   
         // LF    = <US-ASCII LF, linefeed (10)>
 181   
         // SP    = <US-ASCII SP, space (32)>
 182   
         // HT    = <US-ASCII HT, horizontal-tab (9)>
 183   
         // Validate the given thePassword
 184   
         // The thePassword can have zero characters, i.e. be blank.
 185  0
         if (thePassword == null)
 186   
         {
 187  0
             return;
 188   
         }
 189   
 
 190   
         // If it's non-blank, there is no maximum length
 191   
         // and it can't contain any illegal characters
 192  0
         String exceptionChars = "\r\n \t"; // CR LF SP HT
 193  0
         StringCharacterIterator iter = new StringCharacterIterator(thePassword);
 194   
 
 195  0
         for (char c = iter.first(); c != CharacterIterator.DONE; 
 196   
             c = iter.next())
 197   
         {
 198  0
             if (((c >= 0) && (c <= 31)) || (c == 127))
 199   
             {
 200  0
                 if (exceptionChars.indexOf(c) != -1)
 201   
                 {
 202  0
                     continue;
 203   
                 }
 204   
 
 205   
                 // Bad thePassword! Go to your room!
 206  0
                 throw new IllegalArgumentException(
 207   
                     "Given thePassword contains illegal characters.");
 208   
             }
 209   
         }
 210   
     }
 211   
 
 212   
     /**
 213   
      * @see AbstractAuthentication#configure(WebRequest, Configuration)
 214   
      */
 215  0
     public void configure(WebRequest theRequest,
 216   
         Configuration theConfiguration)
 217   
     {
 218   
         // According to HTTP 1.0 Spec:
 219   
         // basic-credentials = "Basic" SP basic-cookie
 220   
         // basic-cookie      = <base64 encoding of userid-password,
 221   
         //                     except not limited to 76 char/line>
 222   
         // userid-password   = [ token ] ":" *TEXT
 223   
         //
 224   
         // see setName and setPassword for details of token and TEXT
 225  0
         String basicCookie = getName() + ":" + getPassword();
 226  0
         String basicCredentials = "Basic "
 227   
             + new String(base64Encode(basicCookie.getBytes()));
 228   
 
 229  0
         theRequest.addHeader("Authorization", basicCredentials);
 230   
     }
 231   
 
 232   
     /**
 233   
      * returns an array of base64-encoded characters to represent the
 234   
      * passed theData array.
 235   
      *
 236   
      * @param theData the array of bytes to encode
 237   
      * @return base64-coded character array.
 238   
      */
 239  0
     private static char[] base64Encode(byte[] theData)
 240   
     {
 241  0
         char[] out = new char[((theData.length + 2) / 3) * 4];
 242   
 
 243   
         //
 244   
         // 3 bytes encode to 4 chars. Output is always an even
 245   
         // multiple of 4 characters.
 246   
         //
 247  0
         for (int i = 0, index = 0; i < theData.length; i += 3, index += 4)
 248   
         {
 249  0
             boolean quad = false;
 250  0
             boolean trip = false;
 251   
 
 252  0
             int val = (0xFF & (int) theData[i]);
 253   
 
 254  0
             val <<= 8;
 255   
 
 256  0
             if ((i + 1) < theData.length)
 257   
             {
 258  0
                 val |= (0xFF & (int) theData[i + 1]);
 259  0
                 trip = true;
 260   
             }
 261   
 
 262  0
             val <<= 8;
 263   
 
 264  0
             if ((i + 2) < theData.length)
 265   
             {
 266  0
                 val |= (0xFF & (int) theData[i + 2]);
 267  0
                 quad = true;
 268   
             }
 269   
 
 270  0
             out[index + 3] = alphabet[(quad ? (val & 0x3F) : 64)];
 271  0
             val >>= 6;
 272   
 
 273  0
             out[index + 2] = alphabet[(trip ? (val & 0x3F) : 64)];
 274  0
             val >>= 6;
 275   
 
 276  0
             out[index + 1] = alphabet[val & 0x3F];
 277  0
             val >>= 6;
 278   
 
 279  0
             out[index + 0] = alphabet[val & 0x3F];
 280   
         }
 281   
 
 282  0
         return out;
 283   
     }
 284   
 }
 285