「FilterでBasic認証を実装」の版間の差分
ナビゲーションに移動
検索に移動
| 2行目: | 2行目: | ||
[[Java]] | [[Category:コード片]] | [[Java]] | [[Category:コード片]] | ||
| − | import java.io. | + | import java.io.BufferedReader; |
import java.io.ByteArrayInputStream; | import java.io.ByteArrayInputStream; | ||
import java.io.IOException; | import java.io.IOException; | ||
| − | import java.io. | + | import java.io.InputStreamReader; |
import java.util.Enumeration; | import java.util.Enumeration; | ||
| 13行目: | 13行目: | ||
import javax.servlet.FilterConfig; | import javax.servlet.FilterConfig; | ||
import javax.servlet.ServletException; | import javax.servlet.ServletException; | ||
| − | import javax.servlet. | + | import javax.servlet.ServletRequest; |
| − | import javax.servlet. | + | import javax.servlet.ServletResponse; |
| − | import javax.servlet.http. | + | import javax.servlet.http.HttpServletRequest; |
| − | import javax.servlet.http. | + | import javax.servlet.http.HttpServletResponse; |
public class BasicAuthenticationFilter implements Filter { | public class BasicAuthenticationFilter implements Filter { | ||
| 24行目: | 24行目: | ||
private final String realmName = "hoge"; | private final String realmName = "hoge"; | ||
| − | /* @see javax.servlet.Filter#doFilter(javax.servlet. | + | /* @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain) */ |
| − | public void doFilter( | + | public void doFilter(ServletRequest request, |
| − | + | ServletResponse response, | |
FilterChain filterChain) throws IOException, ServletException { | FilterChain filterChain) throws IOException, ServletException { | ||
ByteArrayInputStream bin = null; | ByteArrayInputStream bin = null; | ||
| − | + | BufferedReader br = null; | |
try { | try { | ||
| − | + | HttpServletRequest httpReq = (HttpServletRequest)request; | |
String basicAuthData = httpReq.get[[Header]]("authorization"); | String basicAuthData = httpReq.get[[Header]]("authorization"); | ||
// Basic認証から情報を取得 | // Basic認証から情報を取得 | ||
| − | String basicAuthBody = basicAuthData.substring(6); // ex 'Basic | + | String basicAuthBody = basicAuthData.substring(6); // ex 'Basic dG9tY2F0OnRvbWNhdA== ' |
bin = new ByteArrayInputStream(basicAuthBody.getBytes()); | bin = new ByteArrayInputStream(basicAuthBody.getBytes()); | ||
| − | br = new | + | br = new BufferedReader( |
| − | new | + | new InputStreamReader(MimeUtility.decode(bin,"base64"))); |
StringBuilder buf = new StringBuilder(); | StringBuilder buf = new StringBuilder(); | ||
| 55行目: | 55行目: | ||
if (!isAuthorized) { | if (!isAuthorized) { | ||
//ブラウザに UnAuthorizedエラー(401)を返す | //ブラウザに UnAuthorizedエラー(401)を返す | ||
| − | + | HttpServletResponse httpRes = (HttpServletResponse)response; | |
httpRes.set[[Header]]("WWW-Authenticate","Basic realm=" + this.realmName); | httpRes.set[[Header]]("WWW-Authenticate","Basic realm=" + this.realmName); | ||
| − | + | httpRes.setContentType("text/html"); | |
| − | + | httpRes.sendError(HttpServletResponse.SC_UNAUTHORIZED); // 401 | |
} else { | } else { | ||
filterChain.doFilter(request, response); | filterChain.doFilter(request, response); | ||
2022年5月19日 (木) 15:04時点における最新版
FilterでBasic認証を実装
Java |
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.util.Enumeration;
import javax.mail.internet.MimeUtility;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class BasicAuthenticationFilter implements Filter {
/**
* レルム名
*/
private final String realmName = "hoge";
/* @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain) */
public void doFilter(ServletRequest request,
ServletResponse response,
FilterChain filterChain) throws IOException, ServletException {
ByteArrayInputStream bin = null;
BufferedReader br = null;
try {
HttpServletRequest httpReq = (HttpServletRequest)request;
String basicAuthData = httpReq.getHeader("authorization");
// Basic認証から情報を取得
String basicAuthBody = basicAuthData.substring(6); // ex 'Basic dG9tY2F0OnRvbWNhdA== '
bin = new ByteArrayInputStream(basicAuthBody.getBytes());
br = new BufferedReader(
new InputStreamReader(MimeUtility.decode(bin,"base64")));
StringBuilder buf = new StringBuilder();
String line = null;
while ((line = br.readLine())!=null) {
buf.append(line);
}
String[] loginInfo = buf.toString().split(":");
String username = CollectionUtil.safeArrayElement(loginInfo,0,"");
String password = CollectionUtil.safeArrayElement(loginInfo,1,"");
boolean isAuthorized = /* username password を利用して認証を実施 */
if (!isAuthorized) {
//ブラウザに UnAuthorizedエラー(401)を返す
HttpServletResponse httpRes = (HttpServletResponse)response;
httpRes.setHeader("WWW-Authenticate","Basic realm=" + this.realmName);
httpRes.setContentType("text/html");
httpRes.sendError(HttpServletResponse.SC_UNAUTHORIZED); // 401
} else {
filterChain.doFilter(request, response);
}
} catch (Exception e) {
throw new ServletException(e);
} finally {
try {
if (bin!=null) bin.close();
if (br !=null) br.close();
} catch(Exception e) {}
}
}
}
© 2006 矢木浩人
