From 8a842e8f8e7d26b94684e30de0b29980d36c7e17 Mon Sep 17 00:00:00 2001 From: ayyoob Date: Mon, 17 Apr 2017 17:37:46 +0530 Subject: [PATCH] restricted basic auth support --- .../src/main/webapp/WEB-INF/web.xml | 5 +++++ .../framework/authenticator/BasicAuthAuthenticator.java | 8 ++++++++ 2 files changed, 13 insertions(+) diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/webapp/WEB-INF/web.xml b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/webapp/WEB-INF/web.xml index 9850eb5da5..3a900cd914 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/webapp/WEB-INF/web.xml +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/webapp/WEB-INF/web.xml @@ -39,6 +39,11 @@ doAuthentication true + + + basicAuth + true + diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java index c4d2da95b6..0dfc9c5d70 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java @@ -49,6 +49,9 @@ public class BasicAuthAuthenticator implements WebappAuthenticator { @Override public boolean canHandle(Request request) { + if (!isSupportsAuthentication(request)) { + return false; + } MessageBytes authorization = request.getCoyoteRequest().getMimeHeaders().getValue(Constants.HTTPHeaders.HEADER_HTTP_AUTHORIZATION); if (authorization != null) { @@ -156,4 +159,9 @@ public class BasicAuthAuthenticator implements WebappAuthenticator { } } + private boolean isSupportsAuthentication(Request request) { + String param = request.getContext().findParameter("basicAuth"); + return (param == null || !Boolean.parseBoolean(param)); + } + }