private void validateResponse(ClientUpgradeResponse response) {
    // Check the Accept hash
    String reqKey = request.getKey();
    String expectedHash = AcceptHash.hashKey(reqKey);
    response.validateWebSocketHash(expectedHash);

    // Parse extensions
    List<ExtensionConfig> extensions = new ArrayList<>();
    List<String> extValues = response.getHeaders("Sec-WebSocket-Extensions");
    if (extValues != null) {
      for (String extVal : extValues) {
        QuotedStringTokenizer tok = new QuotedStringTokenizer(extVal, ",");
        while (tok.hasMoreTokens()) {
          extensions.add(ExtensionConfig.parse(tok.nextToken()));
        }
      }
    }
    response.setExtensions(extensions);
  }
Esempio n. 2
0
  @Override
  public AuthStatus validateRequest(
      MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
    HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
    HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage();
    String credentials = request.getHeader(HttpHeader.AUTHORIZATION.asString());

    try {
      boolean stale = false;
      // TODO extract from request
      long timestamp = System.currentTimeMillis();
      if (credentials != null) {
        if (LOG.isDebugEnabled()) LOG.debug("Credentials: " + credentials);
        QuotedStringTokenizer tokenizer =
            new QuotedStringTokenizer(credentials, "=, ", true, false);
        final Digest digest = new Digest(request.getMethod());
        String last = null;
        String name = null;

        while (tokenizer.hasMoreTokens()) {
          String tok = tokenizer.nextToken();
          char c = (tok.length() == 1) ? tok.charAt(0) : '\0';

          switch (c) {
            case '=':
              name = last;
              last = tok;
              break;
            case ',':
              name = null;
            case ' ':
              break;

            default:
              last = tok;
              if (name != null) {
                if ("username".equalsIgnoreCase(name)) digest.username = tok;
                else if ("realm".equalsIgnoreCase(name)) digest.realm = tok;
                else if ("nonce".equalsIgnoreCase(name)) digest.nonce = tok;
                else if ("nc".equalsIgnoreCase(name)) digest.nc = tok;
                else if ("cnonce".equalsIgnoreCase(name)) digest.cnonce = tok;
                else if ("qop".equalsIgnoreCase(name)) digest.qop = tok;
                else if ("uri".equalsIgnoreCase(name)) digest.uri = tok;
                else if ("response".equalsIgnoreCase(name)) digest.response = tok;
                break;
              }
          }
        }

        int n = checkNonce(digest.nonce, timestamp);

        if (n > 0) {
          if (login(
              clientSubject, digest.username, digest, Constraint.__DIGEST_AUTH, messageInfo)) {
            return AuthStatus.SUCCESS;
          }
        } else if (n == 0) stale = true;
      }

      if (!isMandatory(messageInfo)) {
        return AuthStatus.SUCCESS;
      }
      String domain = request.getContextPath();
      if (domain == null) domain = "/";
      response.setHeader(
          HttpHeader.WWW_AUTHENTICATE.asString(),
          "Digest realm=\""
              + realmName
              + "\", domain=\""
              + domain
              + "\", nonce=\""
              + newNonce(timestamp)
              + "\", algorithm=MD5, qop=\"auth\""
              + (useStale ? (" stale=" + stale) : ""));
      response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
      return AuthStatus.SEND_CONTINUE;
    } catch (IOException e) {
      throw new AuthException(e.getMessage());
    } catch (UnsupportedCallbackException e) {
      throw new AuthException(e.getMessage());
    }
  }
  public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory)
      throws ServerAuthException {
    if (!mandatory) {
      return _deferred;
    }

    HttpServletRequest request = (HttpServletRequest) req;
    HttpServletResponse response = (HttpServletResponse) res;
    String credentials = request.getHeader(HttpHeaders.AUTHORIZATION);

    try {
      boolean stale = false;
      if (credentials != null) {
        if (Log.isDebugEnabled()) {
          Log.debug("Credentials: " + credentials);
        }
        QuotedStringTokenizer tokenizer =
            new QuotedStringTokenizer(credentials, "=, ", true, false);
        final Digest digest = new Digest(request.getMethod());
        String last = null;
        String name = null;

        while (tokenizer.hasMoreTokens()) {
          String tok = tokenizer.nextToken();
          char c = (tok.length() == 1) ? tok.charAt(0) : '\0';

          switch (c) {
            case '=':
              name = last;
              last = tok;
              break;
            case ',':
              name = null;
            case ' ':
              break;

            default:
              last = tok;
              if (name != null) {
                if ("username".equalsIgnoreCase(name)) {
                  digest.username = tok;
                } else if ("realm".equalsIgnoreCase(name)) {
                  digest.realm = tok;
                } else if ("nonce".equalsIgnoreCase(name)) {
                  digest.nonce = tok;
                } else if ("nc".equalsIgnoreCase(name)) {
                  digest.nc = tok;
                } else if ("cnonce".equalsIgnoreCase(name)) {
                  digest.cnonce = tok;
                } else if ("qop".equalsIgnoreCase(name)) {
                  digest.qop = tok;
                } else if ("uri".equalsIgnoreCase(name)) {
                  digest.uri = tok;
                } else if ("response".equalsIgnoreCase(name)) {
                  digest.response = tok;
                }
                break;
              }
          }
        }

        int n = checkNonce(digest.nonce, (Request) request);

        if (n > 0) {
          UserIdentity user = _loginService.login(digest.username, digest);
          if (user != null) {
            return new UserAuthentication(getAuthMethod(), user);
          }
        } else if (n == 0) {
          stale = true;
        }
      }

      if (!_deferred.isDeferred(response)) {
        String domain = request.getContextPath();
        if (domain == null) {
          domain = "/";
        }
        response.setHeader(
            HttpHeaders.WWW_AUTHENTICATE,
            "Digest realm=\""
                + _loginService.getName()
                + "\", domain=\""
                + domain
                + "\", nonce=\""
                + newNonce((Request) request)
                + "\", algorithm=MD5, qop=\"auth\""
                + (_useStale ? (" stale=" + stale) : ""));
        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);

        return Authentication.SEND_CONTINUE;
      }

      return Authentication.UNAUTHENTICATED;
    } catch (Exception e) {
      throw new ServerAuthException(e);
    }
  }