String method = hreq.getMethod();
if( method.equals("GET") || !endpoint.hasAuthMethod() ) {
return true;
}
WebPrincipal webPrincipal = null;
String endpointName = endpoint.getEndpointName();
if( endpoint.hasBasicAuth() ) {
String rawAuthInfo = hreq.getHeader(AUTHORIZATION_HEADER);
if (rawAuthInfo==null) {
sendAuthenticationEvents(false, hreq.getRequestURI(), null);
return false;
}
String[] usernamePassword =
parseUsernameAndPassword(rawAuthInfo);
if( usernamePassword != null ) {
webPrincipal = new WebPrincipal
(usernamePassword[0], usernamePassword[1], SecurityContext.init());
} else {
logger.log(Level.WARNING, "BASIC AUTH username/password " +
"http header parsing error for " + endpointName);
}
} else {
X509Certificate certs[] = (X509Certificate[]) hreq.getAttribute(Globals.CERTIFICATES_ATTR);
if ((certs == null) || (certs.length < 1)) {
certs = (X509Certificate[])
hreq.getAttribute(Globals.SSL_CERTIFICATE_ATTR);
}
if( certs != null ) {
webPrincipal = new WebPrincipal(certs, SecurityContext.init());
} else {
logger.log(Level.WARNING, "CLIENT CERT authentication error for " + endpointName);
}
}