From 8a842e8f8e7d26b94684e30de0b29980d36c7e17 Mon Sep 17 00:00:00 2001
From: ayyoob <ayyoobhamza@gmail.com>
Date: Mon, 17 Apr 2017 17:37:46 +0530
Subject: [PATCH] restricted basic auth support

---
 .../src/main/webapp/WEB-INF/web.xml                       | 5 +++++
 .../framework/authenticator/BasicAuthAuthenticator.java   | 8 ++++++++
 2 files changed, 13 insertions(+)

diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/webapp/WEB-INF/web.xml b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/webapp/WEB-INF/web.xml
index 9850eb5da5..3a900cd914 100644
--- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/webapp/WEB-INF/web.xml
+++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/webapp/WEB-INF/web.xml
@@ -39,6 +39,11 @@
         <param-name>doAuthentication</param-name>
         <param-value>true</param-value>
     </context-param>
+	<!--This is to support basic auth.-->
+	<context-param>
+		<param-name>basicAuth</param-name>
+		<param-value>true</param-value>
+	</context-param>
 
     <!--publish to apim-->
     <context-param>
diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java
index c4d2da95b6..0dfc9c5d70 100644
--- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java
@@ -49,6 +49,9 @@ public class BasicAuthAuthenticator implements WebappAuthenticator {
 
     @Override
     public boolean canHandle(Request request) {
+        if (!isSupportsAuthentication(request)) {
+            return false;
+        }
         MessageBytes authorization =
                 request.getCoyoteRequest().getMimeHeaders().getValue(Constants.HTTPHeaders.HEADER_HTTP_AUTHORIZATION);
         if (authorization != null) {
@@ -156,4 +159,9 @@ public class BasicAuthAuthenticator implements WebappAuthenticator {
         }
     }
 
+    private boolean isSupportsAuthentication(Request request) {
+        String param = request.getContext().findParameter("basicAuth");
+        return (param == null || !Boolean.parseBoolean(param));
+    }
+
 }