1 | /*- | |
2 | * #%L | |
3 | * io.earcam.utilitarian.web.jaxrs | |
4 | * %% | |
5 | * Copyright (C) 2017 earcam | |
6 | * %% | |
7 | * SPDX-License-Identifier: (BSD-3-Clause OR EPL-1.0 OR Apache-2.0 OR MIT) | |
8 | * | |
9 | * You <b>must</b> choose to accept, in full - any individual or combination of | |
10 | * the following licenses: | |
11 | * <ul> | |
12 | * <li><a href="https://opensource.org/licenses/BSD-3-Clause">BSD-3-Clause</a></li> | |
13 | * <li><a href="https://www.eclipse.org/legal/epl-v10.html">EPL-1.0</a></li> | |
14 | * <li><a href="https://www.apache.org/licenses/LICENSE-2.0">Apache-2.0</a></li> | |
15 | * <li><a href="https://opensource.org/licenses/MIT">MIT</a></li> | |
16 | * </ul> | |
17 | * #L% | |
18 | */ | |
19 | package io.earcam.utilitarian.web.jaxrs; | |
20 | ||
21 | import static java.nio.charset.StandardCharsets.UTF_8; | |
22 | ||
23 | import java.io.IOException; | |
24 | ||
25 | import javax.ws.rs.client.ClientRequestContext; | |
26 | import javax.ws.rs.client.ClientRequestFilter; | |
27 | import javax.ws.rs.core.MultivaluedMap; | |
28 | import javax.xml.bind.DatatypeConverter; | |
29 | ||
30 | /** | |
31 | * <p> | |
32 | * A JAX-RS client filter providing support for the | |
33 | * <a href="https://en.wikipedia.org/wiki/Basic_access_authentication">Basic Authentication</a> | |
34 | * form of <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication">HTTP Authentication</a> | |
35 | * scheme. | |
36 | * </p> | |
37 | * | |
38 | * <p> | |
39 | * <b>Note</b>: unfortunately implementations (e.g. Jersey) don't acknowledge the risks | |
40 | * of interned String passwords by allowing the header value to be set as a {@code char} array. | |
41 | * This is likely due to API design, e.g. {@link javax.ws.rs.ext.RuntimeDelegate.HeaderDelegate} | |
42 | * </p> | |
43 | */ | |
44 | public class BasicAuthenticator implements ClientRequestFilter { | |
45 | ||
46 | static final String AUTHORIZATION = "Authorization"; | |
47 | private final String username; | |
48 | private final String password; | |
49 | ||
50 | ||
51 | public BasicAuthenticator(String username, String password) | |
52 | { | |
53 | this.username = username; | |
54 | this.password = password; | |
55 | } | |
56 | ||
57 | ||
58 | @Override | |
59 | public void filter(ClientRequestContext requestContext) throws IOException | |
60 | { | |
61 | MultivaluedMap<String, Object> headers = requestContext.getHeaders(); | |
62 |
1
1. filter : removed call to javax/ws/rs/core/MultivaluedMap::add → KILLED |
headers.add(AUTHORIZATION, basicAuthentication()); |
63 | } | |
64 | ||
65 | ||
66 | private String basicAuthentication() | |
67 | { | |
68 | String token = this.username + ":" + this.password; | |
69 |
1
1. basicAuthentication : mutated return of Object value for io/earcam/utilitarian/web/jaxrs/BasicAuthenticator::basicAuthentication to ( if (x != null) null else throw new RuntimeException ) → KILLED |
return "BASIC " + DatatypeConverter.printBase64Binary(token.getBytes(UTF_8)); |
70 | } | |
71 | } | |
Mutations | ||
62 |
1.1 |
|
69 |
1.1 |