Merge pull request #690 from wso2/devicetype-3.1.0

Restricted basic auth in valve

components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/webapp/WEB-INF/web.xml

@@ -39,6 +39,11 @@
         <param-name>doAuthentication</param-name>
         <param-value>true</param-value>
     </context-param>
+	<!--This is to support basic auth.-->
+	<context-param>
+		<param-name>basicAuth</param-name>
+		<param-value>true</param-value>
+	</context-param>
 
     <!--publish to apim-->
     <context-param>

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java

@@ -49,6 +49,9 @@ public class BasicAuthAuthenticator implements WebappAuthenticator {
 
     @Override
     public boolean canHandle(Request request) {
+        if (!isAuthenticationSupported(request)) {
+            return false;
+        }
         MessageBytes authorization =
                 request.getCoyoteRequest().getMimeHeaders().getValue(Constants.HTTPHeaders.HEADER_HTTP_AUTHORIZATION);
         if (authorization != null) {
@@ -156,4 +159,9 @@ public class BasicAuthAuthenticator implements WebappAuthenticator {
         }
     }
 
+    private boolean isAuthenticationSupported(Request request) {
+        String param = request.getContext().findParameter("basicAuth");
+        return (param == null || !Boolean.parseBoolean(param));
+    }
+
 }