From 6b3fc63826a10ceea241f1813181de07d692f5b5 Mon Sep 17 00:00:00 2001
From: ulrich
Date: Tue, 15 Jun 2021 15:03:13 +0000
Subject: [PATCH] getRealm wieder entfernt, hasRole hinzugefuegt

---
 src/de/uhilger/httpserver/oauth/BearerAuthenticator.java |   34 ++++++++++++++++++++++++++++------
 1 files changed, 28 insertions(+), 6 deletions(-)

diff --git a/src/de/uhilger/httpserver/oauth/BearerAuthenticator.java b/src/de/uhilger/httpserver/oauth/BearerAuthenticator.java
index c9c783a..53cf7d3 100644
--- a/src/de/uhilger/httpserver/oauth/BearerAuthenticator.java
+++ b/src/de/uhilger/httpserver/oauth/BearerAuthenticator.java
@@ -22,7 +22,7 @@
 import com.sun.net.httpserver.HttpExchange;
 import com.sun.net.httpserver.HttpPrincipal;
 import de.uhilger.httpserver.auth.realm.Realm;
-import de.uhilger.httpserver.base.handler.HttpResponder;
+import de.uhilger.httpserver.base.HttpResponder;
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.JwtException;
 import io.jsonwebtoken.Jwts;
@@ -36,12 +36,10 @@
 
 /**
  * Die Klasse Authenticator authentifziert gem&auml;&szlig; OAuth-Spezifikation 
- * 
- * 
  * "The OAuth 2.0 Authorization Framework: Bearer Token Usage"
  * https://datatracker.ietf.org/doc/html/rfc6750
  * 
- * 
+ * weitere Info-Links
  * https://www.oauth.com/oauth2-servers/making-authenticated-requests/refreshing-an-access-token/
  * https://swagger.io/docs/specification/authentication/bearer-authentication/
  * 
@@ -230,6 +228,22 @@
       if(parts != null && parts.length > 1) {
         token = parts[1].trim();
       }
+    } else {
+      // unschoen, aber fuer Image-Links in HTML-Inhalten
+      // mit Query versuchen
+      // z.B.
+      //   GET /resource?access_token=mF_9.B5f-4.1JqM HTTP/1.1
+      //   Host: server.example.com
+      String query = exchange.getRequestURI().getQuery();
+      if(query != null && query.toLowerCase().contains("access_token")) {
+        String[] parts = query.split("&");
+        for(String part : parts) {
+          String[] keyVal = part.split("=");
+          if(keyVal[0].equalsIgnoreCase("access_token")) {
+            token = keyVal[1].trim();
+          }
+        }
+      }
     }
     return token;
   }
@@ -239,6 +253,7 @@
    * im WWW-Authenticate Header bestimmen
    * 
    * @param exchange 
+   * @return  den Ausdruck fuer den WWW-Authenticate Header 
    */
   protected String getWWWAuthRealm(HttpExchange exchange) {
     return wwwAuthRealm;
@@ -308,8 +323,7 @@
    * WWW-Authenticate: Bearer realm="example"
    * 
    * @param exchange
-   * @return 
-   * @throws java.io.IOException 
+   * @return das Ergebnis
    */
   protected Result unauthorized(HttpExchange exchange) {
     StringBuilder sb = new StringBuilder();
@@ -335,6 +349,14 @@
     this.realm = realm;
   }
   
+  //public Realm getRealm() {
+  //  return realm;
+  //}
+  
+  public boolean hasRole(String userId, String roleId) {
+    return realm.hasRole(userId, roleId);
+  }
+  
   public void setWWWAuthRealm(String wwwAuthRealm) {
     this.wwwAuthRealm = wwwAuthRealm;
   }

--
Gitblit v1.9.3