public boolean isRecognizedAuthenticationRequest(HttpServletRequest req) {

    String authHeader = req.getHeader("Authorization");
    if (authHeader == null || !authHeader.startsWith("Digest ")) {
      return false;
    }

    String headerFields = authHeader.substring("Digest: ".length() - 1);
    String username = HttpUtil.extractHeaderField(headerFields, "username");
    if (username == null) {
      if (this.logger.isDebugEnabled()) {
        this.logger.debug("Unable to extract field 'username' from header: " + authHeader);
      }
      return false;
    }

    Principal principal = null;

    try {
      principal = principalFactory.getPrincipal(username, Principal.Type.USER);
    } catch (InvalidPrincipalException e) {
      return false;
    }

    if (this.excludedPrincipals != null
        && this.excludedPrincipals.contains(principal.getQualifiedName())) {
      return false;
    }

    if (this.recognizedDomains == null || this.recognizedDomains.contains(principal.getDomain()))
      return true;

    return false;
  }
Пример #2
0
        @Override
        public int compare(Principal o1, Principal o2) {

          String name1 = o1.getName();
          String name2 = o2.getName();

          // Sort on name
          int result = 0;
          if (name1 != null && name2 != null) {
            result = name1.compareTo(name2);
          }

          return result;
        }
  public boolean postAuthentication(HttpServletRequest req, HttpServletResponse resp) {

    String authHeader = req.getHeader("Authorization");
    if (authHeader == null) {
      return false;
    }

    String headerFields = authHeader.substring("Digest: ".length() - 1);

    String nonce = HttpUtil.extractHeaderField(headerFields, "nonce");
    String opaque = HttpUtil.extractHeaderField(headerFields, "opaque");
    if (nonce == null || opaque == null) {
      return false;
    }

    Principal principal = SecurityContext.getSecurityContext().getPrincipal();
    if (principal == null) {
      return false;
    }

    if (this.maintainState) {

      StateEntry entry = (StateEntry) this.stateMap.remove(nonce + ":" + opaque);
      if (entry == null) {
        return false;
      }
      Date timestamp = new Date();
      String nextNonce = this.generateNonce();
      entry.setUsername(principal.getQualifiedName());
      entry.setNonce(nextNonce);
      entry.setTimestamp(timestamp);
      entry.setNonceCount(entry.getNonceCount() + 1);
      entry.setStale(false);

      this.stateMap.put(nextNonce + ":" + opaque, entry);
      resp.addHeader("Authentication-Info", "nextnonce=" + nextNonce);
    }

    return false;
  }
  private AuthResult doAuthenticate(
      HttpServletRequest request,
      String uri,
      String response,
      String nc,
      String nonce,
      String cnonce,
      String qop,
      String username,
      String opaque) {

    StateEntry stateEntry = null;

    if (this.maintainState) {
      stateEntry = this.stateMap.get(nonce + ":" + opaque);

      if (stateEntry != null) {

        if (!stateEntry.getNonce().equals(nonce)) {
          stateEntry.setStale(true);
          throw new AuthenticationException(
              "Authentication header field 'nonce': "
                  + nonce
                  + " does not match expected value: "
                  + stateEntry.getNonce());
        }

        try {
          long nonceCount = Long.parseLong(nc, 16);
          if (nonceCount != stateEntry.getNonceCount()) {
            throw new AuthenticationException(
                "Authentication header field 'nc', value "
                    + nc
                    + " did not match expected value "
                    + stateEntry.getNonceCount());
          }
        } catch (NumberFormatException e) {
          throw new InvalidAuthenticationRequestException(
              "Authentication header field 'nc' was not a hex number: " + nc);
        }
      }
    }

    Principal principal = principalFactory.getPrincipal(username, Principal.Type.USER);
    if (principal == null) {
      throw new AuthenticationException(
          "Unable to authenticate principal using HTTP/Digest for request"
              + request
              + ": no principal found");
    }

    if (!this.principalStore.validatePrincipal(principal)) {
      throw new AuthenticationException("Unknown principal in HTTP/Digest request: " + principal);
    }

    String componentA1 = this.principalStore.getMD5HashString(principal);

    if (componentA1 == null) {
      throw new AuthenticationException("Password hash for principal " + principal + " not found");
    }

    String componentA2 = MD5.md5sum(request.getMethod() + ":" + uri);

    StringBuffer b = new StringBuffer();
    b.append(componentA1);

    b.append(":").append(nonce);
    if (nc != null) b.append(":").append(nc);
    if (cnonce != null) b.append(":").append(cnonce);
    if (qop != null) b.append(":").append(qop);
    b.append(":").append(componentA2);

    String serverDigest = MD5.md5sum(b.toString());

    if (this.logger.isDebugEnabled()) {
      this.logger.debug("client digest: '" + response + "', server digest: '" + serverDigest + "'");
    }

    if (!serverDigest.equals(response)) {
      throw new AuthenticationException(
          "Authentication failure for principal " + principal + " (incorrect password)");
    }

    if (this.maintainState && stateEntry == null) {

      stateEntry = new StateEntry(null, new Date(), nonce, 1, opaque);
      stateEntry.setStale(true);
      this.stateMap.put(nonce + ":" + opaque, stateEntry);
      throw new AuthenticationException("Nothing known about request  " + request);

    } else if (this.maintainState && stateEntry != null && stateEntry.isStale()) {
      throw new AuthenticationException(
          "Stale nonce header field in authentication request: " + request);
    }

    if (this.logger.isDebugEnabled()) {
      this.logger.debug("Successfully authenticated principal " + principal);
    }
    return new AuthResult(principal.getQualifiedName());
  }