Apache Shiro :: Web – CPD Results

CPD Results

The following document contains the results of PMD's CPD 6.13.0.

Duplications

File	Line
org/apache/shiro/web/filter/authc/BasicHttpAuthenticationFilter.java	75
org/apache/shiro/web/filter/authc/HttpAuthenticationFilter.java	320
} /** * Creates an AuthenticationToken for use during login attempt with the provided credentials in the http header. * <p/> * This implementation: * <ol><li>acquires the username and password based on the request's * {@link #getAuthzHeader(javax.servlet.ServletRequest) authorization header} via the * {@link #getPrincipalsAndCredentials(String, javax.servlet.ServletRequest) getPrincipalsAndCredentials} method</li> * <li>The return value of that method is converted to an <code>AuthenticationToken</code> via the * {@link #createToken(String, String, javax.servlet.ServletRequest, javax.servlet.ServletResponse) createToken} method</li> * <li>The created <code>AuthenticationToken</code> is returned.</li> * </ol> * * @param request incoming ServletRequest * @param response outgoing ServletResponse * @return the AuthenticationToken used to execute the login attempt / protected AuthenticationToken createToken(ServletRequest request, ServletResponse response) { String authorizationHeader = getAuthzHeader(request); if (authorizationHeader == null \|\| authorizationHeader.length() == 0) { // Create an empty authentication token since there is no // Authorization header. return createToken("", "", request, response); } log.debug("Attempting to execute login with auth header"); String[] prinCred = getPrincipalsAndCredentials(authorizationHeader, request); if (prinCred == null \|\| prinCred.length < 2) { // Create an authentication token with an empty password, // since one hasn't been provided in the request. String username = prinCred == null \|\| prinCred.length == 0 ? "" : prinCred[0]; return createToken(username, "", request, response); } String username = prinCred[0]; String password = prinCred[1]; return createToken(username, password, request, response); } /* * Returns the username and password pair based on the specified <code>encoded</code> String obtained from * the request's authorization header. * <p/> * Per RFC 2617, the default implementation first Base64 decodes the string and then splits the resulting decoded * string into two based on the ":" character. That is: * <p/> * <code>String decoded = Base64.decodeToString(encoded);<br/> * return decoded.split(":");</code> * * @param scheme the {@link #getAuthcScheme() authcScheme} found in the request * {@link #getAuthzHeader(javax.servlet.ServletRequest) authzHeader}. It is ignored by this implementation, * but available to overriding implementations should they find it useful. * @param encoded the Base64-encoded username:password value found after the scheme in the header * @return the username (index 0)/password (index 1) pair obtained from the encoded header data. */ protected String[] getPrincipalsAndCredentials(String scheme, String encoded) {

File

Line

org/apache/shiro/web/filter/authc/BasicHttpAuthenticationFilter.java

org/apache/shiro/web/filter/authc/HttpAuthenticationFilter.java

    }

    /**
     * Creates an AuthenticationToken for use during login attempt with the provided credentials in the http header.
     * <p/>
     * This implementation:
     * <ol><li>acquires the username and password based on the request's
     * {@link #getAuthzHeader(javax.servlet.ServletRequest) authorization header} via the
     * {@link #getPrincipalsAndCredentials(String, javax.servlet.ServletRequest) getPrincipalsAndCredentials} method</li>
     * <li>The return value of that method is converted to an <code>AuthenticationToken</code> via the
     * {@link #createToken(String, String, javax.servlet.ServletRequest, javax.servlet.ServletResponse) createToken} method</li>
     * <li>The created <code>AuthenticationToken</code> is returned.</li>
     * </ol>
     *
     * @param request  incoming ServletRequest
     * @param response outgoing ServletResponse
     * @return the AuthenticationToken used to execute the login attempt
     */
    protected AuthenticationToken createToken(ServletRequest request, ServletResponse response) {
        String authorizationHeader = getAuthzHeader(request);
        if (authorizationHeader == null || authorizationHeader.length() == 0) {
            // Create an empty authentication token since there is no
            // Authorization header.
            return createToken("", "", request, response);
        }

        log.debug("Attempting to execute login with auth header");

        String[] prinCred = getPrincipalsAndCredentials(authorizationHeader, request);
        if (prinCred == null || prinCred.length < 2) {
            // Create an authentication token with an empty password,
            // since one hasn't been provided in the request.
            String username = prinCred == null || prinCred.length == 0 ? "" : prinCred[0];
            return createToken(username, "", request, response);
        }

        String username = prinCred[0];
        String password = prinCred[1];

        return createToken(username, password, request, response);
    }

    /**
     * Returns the username and password pair based on the specified <code>encoded</code> String obtained from
     * the request's authorization header.
     * <p/>
     * Per RFC 2617, the default implementation first Base64 decodes the string and then splits the resulting decoded
     * string into two based on the ":" character.  That is:
     * <p/>
     * <code>String decoded = Base64.decodeToString(encoded);<br/>
     * return decoded.split(":");</code>
     *
     * @param scheme  the {@link #getAuthcScheme() authcScheme} found in the request
     *                {@link #getAuthzHeader(javax.servlet.ServletRequest) authzHeader}.  It is ignored by this implementation,
     *                but available to overriding implementations should they find it useful.
     * @param encoded the Base64-encoded username:password value found after the scheme in the header
     * @return the username (index 0)/password (index 1) pair obtained from the encoded header data.
     */
    protected String[] getPrincipalsAndCredentials(String scheme, String encoded) {