From 846d0b67d11ba9444a8a32ee173bb431683fa572 Mon Sep 17 00:00:00 2001 From: Vitaly Takmazov Date: Thu, 12 May 2016 10:01:43 +0300 Subject: fix base64 usage --- src/main/java/com/juick/api/Utils.java | 31 ++++++++++--------------------- 1 file changed, 10 insertions(+), 21 deletions(-) (limited to 'src') diff --git a/src/main/java/com/juick/api/Utils.java b/src/main/java/com/juick/api/Utils.java index 7a498a10..ca0518e1 100644 --- a/src/main/java/com/juick/api/Utils.java +++ b/src/main/java/com/juick/api/Utils.java @@ -18,27 +18,22 @@ package com.juick.api; import com.juick.server.UserQueries; +import org.springframework.jdbc.core.JdbcTemplate; +import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.Part; import java.io.FileOutputStream; -import java.io.IOException; import java.io.InputStream; import java.net.URL; import java.net.URLConnection; -import java.sql.Connection; import java.sql.ResultSet; import java.sql.SQLException; import java.sql.Statement; import java.util.ArrayList; +import java.util.Base64; import java.util.UUID; -import java.util.logging.Level; -import java.util.logging.Logger; -import javax.servlet.http.Cookie; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.Part; - -import org.springframework.jdbc.core.JdbcTemplate; -import sun.misc.BASE64Decoder; /** * @@ -46,8 +41,6 @@ import sun.misc.BASE64Decoder; */ public class Utils { - private static final Logger LOGGER = Logger.getLogger(Utils.class.getName()); - public static String getCookie(HttpServletRequest request, String name) { Cookie cookies[] = request.getCookies(); if (cookies != null) { @@ -85,14 +78,10 @@ public class Utils { public static int getHttpAuthUID(JdbcTemplate sql, HttpServletRequest request) { String auth = request.getHeader("Authorization"); if (auth != null && auth.length() > 8 && auth.startsWith("Basic ")) { - try { - BASE64Decoder dec = new BASE64Decoder(); - String loginpassw[] = new String(dec.decodeBuffer(auth.substring(6))).split(":", 2); - if (loginpassw.length == 2 && loginpassw[0].length() > 1 && loginpassw[0].length() < 16 && loginpassw[0].matches("[a-zA-Z0-9\\-]+") && !loginpassw[1].isEmpty()) { - return UserQueries.checkPassword(sql, loginpassw[0], loginpassw[1]); - } - } catch (IOException e) { - LOGGER.log(Level.WARNING, "Auth", e); + Base64.Decoder dec = Base64.getDecoder(); + String loginpassw[] = new String(dec.decode(auth.substring(6))).split(":", 2); + if (loginpassw.length == 2 && loginpassw[0].length() > 1 && loginpassw[0].length() < 16 && loginpassw[0].matches("[a-zA-Z0-9\\-]+") && !loginpassw[1].isEmpty()) { + return UserQueries.checkPassword(sql, loginpassw[0], loginpassw[1]); } } return 0; -- cgit v1.2.3