bool HTTPBasicAuth::handleRequest(HTTPRequestPtr& request, TCPConnectionPtr& tcp_conn) { if (!needAuthentication(request)) { return true; // this request does not require authentication } PionDateTime time_now(boost::posix_time::second_clock::universal_time()); if (time_now > m_cache_cleanup_time + boost::posix_time::seconds(CACHE_EXPIRATION)) { // expire cache boost::mutex::scoped_lock cache_lock(m_cache_mutex); PionUserCache::iterator i; PionUserCache::iterator next=m_user_cache.begin(); while (next!=m_user_cache.end()) { i=next; ++next; if (time_now > i->second.first + boost::posix_time::seconds(CACHE_EXPIRATION)) { // ok - this is an old record.. expire it now m_user_cache.erase(i); } } m_cache_cleanup_time = time_now; } // if we are here, we need to check if access authorized... std::string authorization = request->getHeader(HTTPTypes::HEADER_AUTHORIZATION); if (!authorization.empty()) { std::string credentials; if (parseAuthorization(authorization, credentials)) { // to do - use fast cache to match with active credentials boost::mutex::scoped_lock cache_lock(m_cache_mutex); PionUserCache::iterator user_cache_ptr=m_user_cache.find(credentials); if (user_cache_ptr!=m_user_cache.end()) { // we found the credentials in our cache... // we can approve authorization now! request->setUser(user_cache_ptr->second.second); user_cache_ptr->second.first = time_now; return true; } std::string username; std::string password; if (parseCredentials(credentials, username, password)) { // match username/password PionUserPtr user=m_user_manager->getUser(username, password); if (user) { // add user to the cache m_user_cache.insert(std::make_pair(credentials, std::make_pair(time_now, user))); // add user credentials to the request object request->setUser(user); return true; } } } } // user not found handleUnauthorized(request, tcp_conn); return false; }
bool HTTPCookieAuth::handleRequest(HTTPRequestPtr& request, TCPConnectionPtr& tcp_conn) { if (processLogin(request,tcp_conn)) { return false; // we processed login/logout request, no future processing for this request permitted } if (!needAuthentication(request)) { return true; // this request does not require authentication } // check if it is redirection page.. If yes, then do not test its credentials ( as used for login) if (!m_redirect.empty() && m_redirect==request->getResource()) { return true; // this request does not require authentication } // check cache for expiration PionDateTime time_now(boost::posix_time::second_clock::universal_time()); expireCache(time_now); // if we are here, we need to check if access authorized... const std::string auth_cookie(request->getCookie(AUTH_COOKIE_NAME)); if (! auth_cookie.empty()) { // check if this cookie is in user cache boost::mutex::scoped_lock cache_lock(m_cache_mutex); PionUserCache::iterator user_cache_itr=m_user_cache.find(auth_cookie); if (user_cache_itr != m_user_cache.end()) { // we find those credential in our cache... // we can approve authorization now! request->setUser(user_cache_itr->second.second); // and update cache timeout user_cache_itr->second.first = time_now; return true; } } // user not found handleUnauthorized(request,tcp_conn); return false; }