private void validateResponse(ClientUpgradeResponse response) {
    // Check the Accept hash
    String reqKey = request.getKey();
    String expectedHash = AcceptHash.hashKey(reqKey);
    response.validateWebSocketHash(expectedHash);

    // Parse extensions
    List<ExtensionConfig> extensions = new ArrayList<>();
    List<String> extValues = response.getHeaders("Sec-WebSocket-Extensions");
    if (extValues != null) {
      for (String extVal : extValues) {
        QuotedStringTokenizer tok = new QuotedStringTokenizer(extVal, ",");
        while (tok.hasMoreTokens()) {
          extensions.add(ExtensionConfig.parse(tok.nextToken()));
        }
      }
    }
    response.setExtensions(extensions);
  }
  /**
   * @param context
   * @param descriptor
   * @param node
   */
  public void visitContextParam(WebAppContext context, Descriptor descriptor, XmlParser.Node node)
      throws Exception {
    String name = node.getString("param-name", false, true);
    String value = node.getString("param-value", false, true);
    List<String> values = new ArrayList<>();

    // extract values
    switch (name) {
      case ServletContext.ORDERED_LIBS:
      case AnnotationConfiguration.CONTAINER_INITIALIZERS:
      case MetaInfConfiguration.METAINF_TLDS:
      case MetaInfConfiguration.METAINF_RESOURCES:
        context.removeAttribute(name);

        QuotedStringTokenizer tok = new QuotedStringTokenizer(value, ",");
        while (tok.hasMoreElements()) values.add(tok.nextToken().trim());

        break;

      default:
        values.add(value);
    }

    // handle values
    switch (name) {
      case ServletContext.ORDERED_LIBS:
        {
          List<Object> libs = new ArrayList<>();
          Object o = context.getAttribute(ServletContext.ORDERED_LIBS);
          if (o instanceof Collection<?>) libs.addAll((Collection<?>) o);
          libs.addAll(values);
          if (libs.size() > 0) context.setAttribute(ServletContext.ORDERED_LIBS, libs);

          break;
        }

      case AnnotationConfiguration.CONTAINER_INITIALIZERS:
        {
          for (String i : values)
            visitContainerInitializer(
                context,
                new ContainerInitializer(Thread.currentThread().getContextClassLoader(), i));
          break;
        }

      case MetaInfConfiguration.METAINF_TLDS:
        {
          List<Object> tlds = new ArrayList<>();
          String war = context.getBaseResource().getURI().toString();
          Object o = context.getAttribute(MetaInfConfiguration.METAINF_TLDS);
          if (o instanceof Collection<?>) tlds.addAll((Collection<?>) o);
          for (String i : values) {
            Resource r = Resource.newResource(i.replace("${WAR}/", war));
            if (r.exists()) tlds.add(r.getURL());
            else throw new IllegalArgumentException("TLD not found: " + r);
          }

          if (tlds.size() > 0) context.setAttribute(MetaInfConfiguration.METAINF_TLDS, tlds);
          break;
        }

      case MetaInfConfiguration.METAINF_RESOURCES:
        {
          String war = context.getBaseResource().getURI().toString();
          for (String i : values) {
            Resource r = Resource.newResource(i.replace("${WAR}/", war));
            if (r.exists()) visitMetaInfResource(context, r);
            else throw new IllegalArgumentException("Resource not found: " + r);
          }
          break;
        }

      default:
    }
  }
예제 #3
0
  @Override
  public AuthStatus validateRequest(
      MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
    HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
    HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage();
    String credentials = request.getHeader(HttpHeader.AUTHORIZATION.asString());

    try {
      boolean stale = false;
      // TODO extract from request
      long timestamp = System.currentTimeMillis();
      if (credentials != null) {
        if (LOG.isDebugEnabled()) LOG.debug("Credentials: " + credentials);
        QuotedStringTokenizer tokenizer =
            new QuotedStringTokenizer(credentials, "=, ", true, false);
        final Digest digest = new Digest(request.getMethod());
        String last = null;
        String name = null;

        while (tokenizer.hasMoreTokens()) {
          String tok = tokenizer.nextToken();
          char c = (tok.length() == 1) ? tok.charAt(0) : '\0';

          switch (c) {
            case '=':
              name = last;
              last = tok;
              break;
            case ',':
              name = null;
            case ' ':
              break;

            default:
              last = tok;
              if (name != null) {
                if ("username".equalsIgnoreCase(name)) digest.username = tok;
                else if ("realm".equalsIgnoreCase(name)) digest.realm = tok;
                else if ("nonce".equalsIgnoreCase(name)) digest.nonce = tok;
                else if ("nc".equalsIgnoreCase(name)) digest.nc = tok;
                else if ("cnonce".equalsIgnoreCase(name)) digest.cnonce = tok;
                else if ("qop".equalsIgnoreCase(name)) digest.qop = tok;
                else if ("uri".equalsIgnoreCase(name)) digest.uri = tok;
                else if ("response".equalsIgnoreCase(name)) digest.response = tok;
                break;
              }
          }
        }

        int n = checkNonce(digest.nonce, timestamp);

        if (n > 0) {
          if (login(
              clientSubject, digest.username, digest, Constraint.__DIGEST_AUTH, messageInfo)) {
            return AuthStatus.SUCCESS;
          }
        } else if (n == 0) stale = true;
      }

      if (!isMandatory(messageInfo)) {
        return AuthStatus.SUCCESS;
      }
      String domain = request.getContextPath();
      if (domain == null) domain = "/";
      response.setHeader(
          HttpHeader.WWW_AUTHENTICATE.asString(),
          "Digest realm=\""
              + realmName
              + "\", domain=\""
              + domain
              + "\", nonce=\""
              + newNonce(timestamp)
              + "\", algorithm=MD5, qop=\"auth\""
              + (useStale ? (" stale=" + stale) : ""));
      response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
      return AuthStatus.SEND_CONTINUE;
    } catch (IOException e) {
      throw new AuthException(e.getMessage());
    } catch (UnsupportedCallbackException e) {
      throw new AuthException(e.getMessage());
    }
  }
  public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory)
      throws ServerAuthException {
    if (!mandatory) {
      return _deferred;
    }

    HttpServletRequest request = (HttpServletRequest) req;
    HttpServletResponse response = (HttpServletResponse) res;
    String credentials = request.getHeader(HttpHeaders.AUTHORIZATION);

    try {
      boolean stale = false;
      if (credentials != null) {
        if (Log.isDebugEnabled()) {
          Log.debug("Credentials: " + credentials);
        }
        QuotedStringTokenizer tokenizer =
            new QuotedStringTokenizer(credentials, "=, ", true, false);
        final Digest digest = new Digest(request.getMethod());
        String last = null;
        String name = null;

        while (tokenizer.hasMoreTokens()) {
          String tok = tokenizer.nextToken();
          char c = (tok.length() == 1) ? tok.charAt(0) : '\0';

          switch (c) {
            case '=':
              name = last;
              last = tok;
              break;
            case ',':
              name = null;
            case ' ':
              break;

            default:
              last = tok;
              if (name != null) {
                if ("username".equalsIgnoreCase(name)) {
                  digest.username = tok;
                } else if ("realm".equalsIgnoreCase(name)) {
                  digest.realm = tok;
                } else if ("nonce".equalsIgnoreCase(name)) {
                  digest.nonce = tok;
                } else if ("nc".equalsIgnoreCase(name)) {
                  digest.nc = tok;
                } else if ("cnonce".equalsIgnoreCase(name)) {
                  digest.cnonce = tok;
                } else if ("qop".equalsIgnoreCase(name)) {
                  digest.qop = tok;
                } else if ("uri".equalsIgnoreCase(name)) {
                  digest.uri = tok;
                } else if ("response".equalsIgnoreCase(name)) {
                  digest.response = tok;
                }
                break;
              }
          }
        }

        int n = checkNonce(digest.nonce, (Request) request);

        if (n > 0) {
          UserIdentity user = _loginService.login(digest.username, digest);
          if (user != null) {
            return new UserAuthentication(getAuthMethod(), user);
          }
        } else if (n == 0) {
          stale = true;
        }
      }

      if (!_deferred.isDeferred(response)) {
        String domain = request.getContextPath();
        if (domain == null) {
          domain = "/";
        }
        response.setHeader(
            HttpHeaders.WWW_AUTHENTICATE,
            "Digest realm=\""
                + _loginService.getName()
                + "\", domain=\""
                + domain
                + "\", nonce=\""
                + newNonce((Request) request)
                + "\", algorithm=MD5, qop=\"auth\""
                + (_useStale ? (" stale=" + stale) : ""));
        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);

        return Authentication.SEND_CONTINUE;
      }

      return Authentication.UNAUTHENTICATED;
    } catch (Exception e) {
      throw new ServerAuthException(e);
    }
  }