View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one or more
3    * contributor license agreements. See the NOTICE file distributed with
4    * this work for additional information regarding copyright ownership.
5    * The ASF licenses this file to You under the Apache license, Version 2.0
6    * (the "License"); you may not use this file except in compliance with
7    * the License. You may obtain a copy of the License at
8    *
9    *      http://www.apache.org/licenses/LICENSE-2.0
10   *
11   * Unless required by applicable law or agreed to in writing, software
12   * distributed under the License is distributed on an "AS IS" BASIS,
13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   * See the license for the specific language governing permissions and
15   * limitations under the license.
16   */
17  package org.apache.logging.log4j.core.util;
18  
19  import java.net.URLConnection;
20  import java.util.function.Supplier;
21  
22  import org.apache.logging.log4j.Logger;
23  import org.apache.logging.log4j.status.StatusLogger;
24  import org.apache.logging.log4j.util.Base64Util;
25  import org.apache.logging.log4j.util.LoaderUtil;
26  import org.apache.logging.log4j.util.PropertiesUtil;
27  
28  /**
29   * Provides the Basic Authorization header to a request.
30   */
31  public class BasicAuthorizationProvider implements AuthorizationProvider {
32      private static final String[] PREFIXES = {"log4j2.config.", "logging.auth."};
33      private static final String AUTH_USER_NAME = "username";
34      private static final String AUTH_PASSWORD = "password";
35      private static final String AUTH_PASSWORD_DECRYPTOR = "passwordDecryptor";
36      public static final String CONFIG_USER_NAME = "log4j2.configurationUserName";
37      public static final String CONFIG_PASSWORD = "log4j2.configurationPassword";
38      public static final String PASSWORD_DECRYPTOR = "log4j2.passwordDecryptor";
39  
40      private static Logger LOGGER = StatusLogger.getLogger();
41  
42      private String authString = null;
43  
44      public BasicAuthorizationProvider(PropertiesUtil props) {
45          String userName = props.getStringProperty(PREFIXES,AUTH_USER_NAME,
46                  () -> props.getStringProperty(CONFIG_USER_NAME));
47          String password = props.getStringProperty(PREFIXES, AUTH_PASSWORD,
48                  () -> props.getStringProperty(CONFIG_PASSWORD));
49          String decryptor = props.getStringProperty(PREFIXES, AUTH_PASSWORD_DECRYPTOR,
50                  () -> props.getStringProperty(PASSWORD_DECRYPTOR));
51          if (decryptor != null) {
52              try {
53                  Object obj = LoaderUtil.newInstanceOf(decryptor);
54                  if (obj instanceof PasswordDecryptor) {
55                      password = ((PasswordDecryptor) obj).decryptPassword(password);
56                  }
57              } catch (Exception ex) {
58                  LOGGER.warn("Unable to decrypt password.", ex);
59              }
60          }
61          if (userName != null && password != null) {
62              authString = "Basic " + Base64Util.encode(userName + ":" + password);
63          }
64      }
65  
66      @Override
67      public void addAuthorization(URLConnection urlConnection) {
68          if (authString != null) {
69              urlConnection.setRequestProperty("Authorization", authString);
70          }
71      }
72  }