353627 Basic Auth checks that Basic method has been send

example-jetty-embedded/src/main/java/org/eclipse/jetty/embedded/SecuredHelloHandler.java

@@ -23,7 +23,6 @@ import org.eclipse.jetty.security.ConstraintSecurityHandler;
 import org.eclipse.jetty.security.HashLoginService;
 import org.eclipse.jetty.security.LoginService;
 import org.eclipse.jetty.security.authentication.BasicAuthenticator;
-import org.eclipse.jetty.security.authentication.DigestAuthenticator;
 import org.eclipse.jetty.server.Server;
 
 public class SecuredHelloHandler
@@ -52,7 +51,7 @@ public class SecuredHelloHandler
         knownRoles.add("admin");
         
         security.setConstraintMappings(Collections.singletonList(mapping), knownRoles);
-        security.setAuthenticator(new DigestAuthenticator());
+        security.setAuthenticator(new BasicAuthenticator());
         security.setLoginService(loginService);
         security.setStrict(false);
         

jetty-security/src/main/java/org/eclipse/jetty/security/authentication/BasicAuthenticator.java

@@ -65,20 +65,28 @@ public class BasicAuthenticator extends LoginAuthenticator
                 return _deferred;
                 
             if (credentials != null)
-            {                  
-                credentials = credentials.substring(credentials.indexOf(' ')+1);
-                credentials = B64Code.decode(credentials,StringUtil.__ISO_8859_1);
-                int i = credentials.indexOf(':');
-                if (i>0)
+            {                 
+                int space=credentials.indexOf(' ');
+                if (space>0)
                 {
-                    String username = credentials.substring(0,i);
-                    String password = credentials.substring(i+1);
-
-                    UserIdentity user = _loginService.login(username,password);
-                    if (user!=null)
+                    String method=credentials.substring(0,space);
+                    if ("basic".equalsIgnoreCase(method))
                     {
-                        renewSessionOnAuthentication(request,response);
-                        return new UserAuthentication(getAuthMethod(),user);
+                        credentials = credentials.substring(space+1);
+                        credentials = B64Code.decode(credentials,StringUtil.__ISO_8859_1);
+                        int i = credentials.indexOf(':');
+                        if (i>0)
+                        {
+                            String username = credentials.substring(0,i);
+                            String password = credentials.substring(i+1);
+
+                            UserIdentity user = _loginService.login(username,password);
+                            if (user!=null)
+                            {
+                                renewSessionOnAuthentication(request,response);
+                                return new UserAuthentication(getAuthMethod(),user);
+                            }
+                        }
                     }
                 }
             }

jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DigestAuthenticator.java

@@ -275,7 +275,7 @@ public class DigestAuthenticator extends LoginAuthenticator
     private static class Digest extends Credential
     {
         private static final long serialVersionUID = -2484639019549527724L;
-        String method = "";
+        final String method;
         String username = "";
         String realm = "";
         String nonce = "";

jetty-security/src/test/java/org/eclipse/jetty/security/ConstraintTest.java

@@ -201,13 +201,13 @@ public class ConstraintTest
         assertTrue(response.indexOf("WWW-Authenticate: basic realm=\"TestRealm\"") > 0);
 
         response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n" +
-                "Authorization: " + B64Code.encode("user:wrong") + "\r\n" +
+                "Authorization: Basic " + B64Code.encode("user:wrong") + "\r\n" +
                 "\r\n");
         assertTrue(response.startsWith("HTTP/1.1 401 Unauthorized"));
         assertTrue(response.indexOf("WWW-Authenticate: basic realm=\"TestRealm\"") > 0);
 
         response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n" +
-                "Authorization: " + B64Code.encode("user:password") + "\r\n" +
+                "Authorization: Basic " + B64Code.encode("user:password") + "\r\n" +
                 "\r\n");
         assertTrue(response.startsWith("HTTP/1.1 200 OK"));
 
@@ -218,20 +218,20 @@ public class ConstraintTest
         assertTrue(response.indexOf("WWW-Authenticate: basic realm=\"TestRealm\"") > 0);
 
         response = _connector.getResponses("GET /ctx/admin/info HTTP/1.0\r\n" +
-                "Authorization: " + B64Code.encode("admin:wrong") + "\r\n" +
+                "Authorization: Basic " + B64Code.encode("admin:wrong") + "\r\n" +
                 "\r\n");
         assertTrue(response.startsWith("HTTP/1.1 401 Unauthorized"));
         assertTrue(response.indexOf("WWW-Authenticate: basic realm=\"TestRealm\"") > 0);
 
         response = _connector.getResponses("GET /ctx/admin/info HTTP/1.0\r\n" +
-                "Authorization: " + B64Code.encode("user:password") + "\r\n" +
+                "Authorization: Basic " + B64Code.encode("user:password") + "\r\n" +
                 "\r\n");
 
         assertTrue(response.startsWith("HTTP/1.1 403 "));
         assertTrue(response.indexOf("!role") > 0);
 
         response = _connector.getResponses("GET /ctx/admin/info HTTP/1.0\r\n" +
-                "Authorization: " + B64Code.encode("admin:password") + "\r\n" +
+                "Authorization: Basic " + B64Code.encode("admin:password") + "\r\n" +
                 "\r\n");
         assertTrue(response.startsWith("HTTP/1.1 200 OK"));
 
@@ -490,18 +490,18 @@ public class ConstraintTest
         assertTrue(response.indexOf("WWW-Authenticate: basic realm=\"TestRealm\"") > 0);
 
         response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n" +
-                "Authorization: " + B64Code.encode("user:wrong") + "\r\n" +
+                "Authorization: Basic " + B64Code.encode("user:wrong") + "\r\n" +
                 "\r\n");
         assertTrue(response.startsWith("HTTP/1.1 401 Unauthorized"));
         assertTrue(response.indexOf("WWW-Authenticate: basic realm=\"TestRealm\"") > 0);
 
         response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n" +
-                "Authorization: " + B64Code.encode("user:password") + "\r\n" +
+                "Authorization: Basic " + B64Code.encode("user:password") + "\r\n" +
                 "\r\n");
         assertTrue(response.startsWith("HTTP/1.1 403"));
 
         response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n" +
-                "Authorization: " + B64Code.encode("user2:password") + "\r\n" +
+                "Authorization: Basic " + B64Code.encode("user2:password") + "\r\n" +
                 "\r\n");
         assertTrue(response.startsWith("HTTP/1.1 200 OK"));
 
@@ -512,20 +512,20 @@ public class ConstraintTest
         assertTrue(response.indexOf("WWW-Authenticate: basic realm=\"TestRealm\"") > 0);
 
         response = _connector.getResponses("GET /ctx/admin/info HTTP/1.0\r\n" +
-                "Authorization: " + B64Code.encode("admin:wrong") + "\r\n" +
+                "Authorization: Basic " + B64Code.encode("admin:wrong") + "\r\n" +
                 "\r\n");
         assertTrue(response.startsWith("HTTP/1.1 401 Unauthorized"));
         assertTrue(response.indexOf("WWW-Authenticate: basic realm=\"TestRealm\"") > 0);
 
         response = _connector.getResponses("GET /ctx/admin/info HTTP/1.0\r\n" +
-                "Authorization: " + B64Code.encode("user:password") + "\r\n" +
+                "Authorization: Basic " + B64Code.encode("user:password") + "\r\n" +
                 "\r\n");
 
         assertTrue(response.startsWith("HTTP/1.1 403 "));
         assertTrue(response.indexOf("!role") > 0);
 
         response = _connector.getResponses("GET /ctx/admin/info HTTP/1.0\r\n" +
-                "Authorization: " + B64Code.encode("admin:password") + "\r\n" +
+                "Authorization: Basic " + B64Code.encode("admin:password") + "\r\n" +
                 "\r\n");
         assertTrue(response.startsWith("HTTP/1.1 200 OK"));
 
@@ -776,7 +776,7 @@ public class ConstraintTest
         assertTrue(response.startsWith("HTTP/1.1 200 OK"));
 
         response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n" +
-                "Authorization: " + B64Code.encode("user2:password") + "\r\n" +
+                "Authorization: Basic " + B64Code.encode("user2:password") + "\r\n" +
                 "\r\n");
         assertTrue(response.startsWith("HTTP/1.1 500 "));
 
@@ -789,7 +789,7 @@ public class ConstraintTest
         _server.start();
 
         response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n" +
-                "Authorization: " + B64Code.encode("user2:password") + "\r\n" +
+                "Authorization: Basic " + B64Code.encode("user2:password") + "\r\n" +
                 "\r\n");
         assertTrue(response.startsWith("HTTP/1.1 200 OK"));
     }
@@ -809,13 +809,13 @@ public class ConstraintTest
         assertTrue(response.indexOf("user=null") > 0);
 
         response = _connector.getResponses("GET /ctx/noauth/info HTTP/1.0\r\n"+
-                "Authorization: " + B64Code.encode("admin:wrong") + "\r\n" +
+                "Authorization: Basic " + B64Code.encode("admin:wrong") + "\r\n" +
             "\r\n");
         assertTrue(response.startsWith("HTTP/1.1 200 OK"));
         assertTrue(response.indexOf("user=null") > 0);
 
         response = _connector.getResponses("GET /ctx/noauth/info HTTP/1.0\r\n"+
-                "Authorization: " + B64Code.encode("admin:password") + "\r\n" +
+                "Authorization: Basic " + B64Code.encode("admin:password") + "\r\n" +
             "\r\n");
         assertTrue(response.startsWith("HTTP/1.1 200 OK"));
         assertTrue(response.indexOf("user=admin") > 0);