Examples of org.browsermob.proxy.jetty.util.Password

• org.browsermob.proxy.jetty.util.Password
  Password utility class. This utility class gets a password or pass phrase either by:

   + Password is set as a system property. + The password is prompted for and read from standard input + A program is run to get the password. 

  Passwords that begin with OBF: are de obfuscated. Passwords can be obfuscated by run org.mortbay.util.Password as a main class. Obfuscated password are required if a system needs to recover the full password (eg. so that it may be passed to another system). They are not secure, but prevent casual observation.

  Passwords that begin with CRYPT: are oneway encrypted with UnixCrypt. The real password cannot be retrieved, but comparisons can be made to other passwords. A Crypt can be generated by running org.mortbay.util.UnixCrypt as a main class, passing password and then the username. Checksum passwords are a secure(ish) way to store passwords that only need to be checked rather than recovered. Note that it is not strong security - specially if simple passwords are used. @version $Id: Password.java,v 1.13 2005/08/13 00:01:28 gregwilkins Exp $ @author Greg Wilkins (gregw)

                if (realm instanceof SSORealm)
                {
                    ((SSORealm)realm).setSingleSignOn(httpRequest,
                                                                    httpResponse,
                                                                    form_cred._userPrincipal,
                                                                    new Password(form_cred._jPassword));
                }

                // Redirect to original request
                if (response!=null)
                {
                    response.setContentLength(0);
                    response.sendRedirect(response.encodeRedirectURL(nuri));
                }
            }
            else if (response!=null)
            {
                if(log.isDebugEnabled())log.debug("Form authentication FAILED for "+form_cred._jUserName);
                if (_formErrorPage!=null)
                {
                    response.setContentLength(0);
                    response.sendRedirect(response.encodeRedirectURL
                                          (URI.addPaths(request.getContextPath(),
                                                        _formErrorPage)));
                }
                else
                {
                    response.sendError(HttpResponse.__403_Forbidden);
                }
            }

            // Security check is always false, only true after final redirection.
            return null;
        }

        // Check if the session is already authenticated.
        FormCredential form_cred = (FormCredential) session.getAttribute(__J_AUTHENTICATED);

        if (form_cred != null)
        {
            // We have a form credential. Has it been distributed?
            if (form_cred._userPrincipal==null)
            {
                // This form_cred appears to have been distributed.  Need to reauth
                form_cred.authenticate(realm, httpRequest);

                // Sign-on to SSO mechanism
                if (form_cred._userPrincipal!=null && realm instanceof SSORealm)
                {
                    ((SSORealm)realm).setSingleSignOn(httpRequest,
                                                                    httpResponse,
                                                                    form_cred._userPrincipal,
                                                                    new Password(form_cred._jPassword));
                }
            }
            else if (!realm.reauthenticate(form_cred._userPrincipal))
                // Else check that it is still authenticated.
                form_cred._userPrincipal=null;