/* ------------------------------------------------------------ */ private int checkNonce(String nonce, Request request) { try { byte[] n = B64Code.decode(nonce.toCharArray()); if (n.length != 24) { return -1; } long ts = 0; long sk = _nonceSecret; byte[] n2 = new byte[16]; System.arraycopy(n, 0, n2, 0, 8); for (int i = 0; i < 8; i++) { n2[8 + i] = (byte) (sk & 0xff); sk = sk >> 8; ts = (ts << 8) + (0xff & (long) n[7 - i]); } long age = request.getTimeStamp() - ts; if (Log.isDebugEnabled()) { Log.debug("age=" + age); } byte[] hash = null; try { MessageDigest md = MessageDigest.getInstance("MD5"); md.reset(); md.update(n2, 0, 16); hash = md.digest(); } catch (Exception e) { Log.warn(e); } for (int i = 0; i < 16; i++) { if (n[i + 8] != hash[i]) { return -1; } } if (_maxNonceAge > 0 && (age < 0 || age > _maxNonceAge)) { return 0; // stale } return 1; } catch (Exception e) { Log.ignore(e); } return -1; }
@Override public void doFilter( final ServletRequest request, final ServletResponse response, final FilterChain chain) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest) request; HttpServletResponse resp = (HttpServletResponse) response; // Request basic auth. String authHeader64 = req.getHeader(Http.HEADER_AUTHORISATION); if (authHeader64 == null || authHeader64.length() < Http.HEADER_AUTHORISATION_PREFIX.length() + 3 || !authHeader64.startsWith(Http.HEADER_AUTHORISATION_PREFIX)) { LOG.info( "Auth failed: for={} header={} uri={}", new Object[] {req.getHeader("X-Forwarded-For"), authHeader64, req.getRequestURI()}); send401(resp); return; } // Verify password. authHeader64 = authHeader64.substring(Http.HEADER_AUTHORISATION_PREFIX.length()); String authHeader = B64Code.decode(authHeader64, (String) null); int x = authHeader.indexOf(':'); String user = authHeader.substring(0, x); String pass = authHeader.substring(x + 1); if (user == null || pass == null || user.isEmpty() || pass.isEmpty() || !this.passwdChecker.verifyPasswd(req, user, pass)) { LOG.info( "Auth failed: for={} uri={} user={} pass={} check={}.", req.getHeader("X-Forwarded-For"), req.getRequestURI(), user, pass, this.passwdChecker); send401(resp); return; } chain.doFilter(request, response); }
/** * @see org.eclipse.jetty.security.Authenticator#validateRequest(javax.servlet.ServletRequest, * javax.servlet.ServletResponse, boolean) */ public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory) throws ServerAuthException { HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) res; String credentials = request.getHeader(HttpHeaders.AUTHORIZATION); try { if (!mandatory) return new DeferredAuthentication(this); if (credentials != null) { int space = credentials.indexOf(' '); if (space > 0) { String method = credentials.substring(0, space); if ("basic".equalsIgnoreCase(method)) { credentials = credentials.substring(space + 1); credentials = B64Code.decode(credentials, StringUtil.__ISO_8859_1); int i = credentials.indexOf(':'); if (i > 0) { String username = credentials.substring(0, i); String password = credentials.substring(i + 1); UserIdentity user = login(username, password, request); if (user != null) { return new UserAuthentication(getAuthMethod(), user); } } } } } if (DeferredAuthentication.isDeferred(response)) return Authentication.UNAUTHENTICATED; response.setHeader( HttpHeaders.WWW_AUTHENTICATE, "basic realm=\"" + _loginService.getName() + '"'); response.sendError(HttpServletResponse.SC_UNAUTHORIZED); return Authentication.SEND_CONTINUE; } catch (IOException e) { throw new ServerAuthException(e); } }