Merge pull request #152 from ztajy/master

增加访问认证功能

lts-admin/pom.xml

@@ -175,6 +175,10 @@
             <groupId>commons-dbutils</groupId>
             <artifactId>commons-dbutils</artifactId>
         </dependency>
+        <dependency>
+            <groupId>commons-codec</groupId>
+            <artifactId>commons-codec</artifactId>
+        </dependency>
         <dependency>
             <groupId>com.esotericsoftware</groupId>
             <artifactId>reflectasm</artifactId>

lts-admin/src/main/java/com/lts/web/filter/LoginAuthFilter.java

@@ -0,0 +1,74 @@
+package com.lts.web.filter;
+
+import org.apache.commons.codec.binary.Base64;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.servlet.*;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.util.Properties;
+
+/**
+ * Created by ztajy on 2015-11-11.
+ */
+public class LoginAuthFilter implements Filter {
+    private static final Logger log = LoggerFactory.getLogger(LoginAuthFilter.class);
+
+    private static final String AUTH_PREFIX = "Basic ";
+
+    private String username = "admin";
+
+    private String password = "admin";
+
+    @Override
+    public void init(final FilterConfig filterConfig) throws ServletException {
+        String configFilePath = Thread.currentThread().getContextClassLoader().getResource("").getPath() + System.getProperty("file.separator") + filterConfig.getInitParameter("auth-config");
+        Properties props = new Properties();
+        try {
+            props.load(new FileInputStream(configFilePath));
+        } catch (final IOException ex) {
+            log.warn("Cannot found auth config file, use default auth config.");
+        }
+        username = props.getProperty("console.username", username);
+        password = props.getProperty("console.password", password);
+    }
+
+    @Override
+    public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) throws IOException, ServletException {
+        HttpServletRequest httpRequest = (HttpServletRequest) request;
+        HttpServletResponse httpResponse = (HttpServletResponse) response;
+        String authorization = httpRequest.getHeader("authorization");
+        if (null != authorization && authorization.length() > AUTH_PREFIX.length()) {
+            authorization = authorization.substring(AUTH_PREFIX.length(), authorization.length());
+            if ((username + ":" + password).equals(new String(Base64.decodeBase64(authorization)))) {
+                authenticateSuccess(httpResponse);
+                chain.doFilter(httpRequest, httpResponse);
+            } else {
+                needAuthenticate(httpRequest, httpResponse);
+            }
+        } else {
+            needAuthenticate(httpRequest, httpResponse);
+        }
+    }
+
+    private void authenticateSuccess(final HttpServletResponse response) {
+        response.setStatus(200);
+        response.setHeader("Pragma", "No-cache");
+        response.setHeader("Cache-Control", "no-store");
+        response.setDateHeader("Expires", 0);
+    }
+
+    private void needAuthenticate(final HttpServletRequest request, final HttpServletResponse response) {
+        response.setStatus(401);
+        response.setHeader("Cache-Control", "no-store");
+        response.setDateHeader("Expires", 0);
+        response.setHeader("WWW-authenticate", AUTH_PREFIX + "Realm=\"lts admin need auth\"");
+    }
+
+    @Override
+    public void destroy() {
+    }
+}

lts-admin/src/main/resources/auth.cfg

@@ -0,0 +1,2 @@
+console.username=admin
+console.password=admin

lts-admin/src/main/webapp/WEB-INF/web.xml

@@ -16,6 +16,19 @@
         <param-value>classpath:spring-core.xml</param-value>
     </context-param>
 
+    <filter>
+        <filter-name>loginAuthFilter</filter-name>
+        <filter-class>com.lts.web.filter.LoginAuthFilter</filter-class>
+        <init-param>
+            <param-name>auth-config</param-name>
+            <param-value>auth.cfg</param-value>
+        </init-param>
+    </filter>
+    <filter-mapping>
+        <filter-name>loginAuthFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
+
     <servlet>
         <servlet-name>spring</servlet-name>
         <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>

pom.xml

@@ -48,6 +48,7 @@
         <mina.version>2.0.9</mina.version>
         <hessian.version>4.0.38</hessian.version>
         <mapdb.version>2.0-beta10</mapdb.version>
+        <commons-codec.version>1.10</commons-codec.version>
     </properties>
 
     <dependencyManagement>
@@ -117,6 +118,11 @@
                 <artifactId>commons-dbutils</artifactId>
                 <version>${dbutils.version}</version>
             </dependency>
+            <dependency>
+                <groupId>commons-codec</groupId>
+                <artifactId>commons-codec</artifactId>
+                <version>${commons-codec.version}</version>
+            </dependency>
             <dependency>
                 <groupId>com.alibaba</groupId>
                 <artifactId>druid</artifactId>