/** * Mark Request that processed at primary node with attribute primaryIndicatorName * * @param request * @throws IOException */ protected void createPrimaryIndicator(Request request) throws IOException { String id = request.getRequestedSessionId(); if ((id != null) && (id.length() > 0)) { Manager manager = request.getContext().getManager(); Session session = manager.findSession(id); if (session instanceof ClusterSession) { ClusterSession cses = (ClusterSession) session; if (log.isDebugEnabled()) log.debug( sm.getString( "ReplicationValve.session.indicator", request.getContext().getName(), id, primaryIndicatorName, Boolean.valueOf(cses.isPrimarySession()))); request.setAttribute( primaryIndicatorName, cses.isPrimarySession() ? Boolean.TRUE : Boolean.FALSE); } else { if (log.isDebugEnabled()) { if (session != null) { log.debug( sm.getString("ReplicationValve.session.found", request.getContext().getName(), id)); } else { log.debug( sm.getString( "ReplicationValve.session.invalid", request.getContext().getName(), id)); } } } } }
@Override public boolean authenticate(Request request, HttpServletResponse response, LoginConfig config) throws IOException { Principal principal = request.getUserPrincipal(); if (principal != null) { log.info("User " + principal.getName() + " is already autenticated"); return true; } Realm realm = request.getContext().getRealm(); log.info("Authentication against " + realm.toString() + " realm: " + realm.getInfo()); principal = realm.authenticate("user1", "password1"); if (principal != null) { request.setUserPrincipal(principal); log.info("Authentication via custom valve authenticator"); response.addHeader("valve", testparam); log.info( "Valve " + TestAuthenticator.class.getName() + " was hit and adding header parameter 'authenticated' with value " + testparam); return true; } log.warn("Login via global valve authenticator wasn't successfull"); return false; }
/** * Handle an HTTP status code or Java exception by forwarding control to the location included in * the specified errorPage object. It is assumed that the caller has already recorded any request * attributes that are to be forwarded to this page. Return <code>true</code> if we successfully * utilized the specified error page location, or <code>false</code> if the default error report * should be rendered. * * @param request The request being processed * @param response The response being generated * @param errorPage The errorPage directive we are obeying */ private boolean custom(Request request, Response response, ErrorPage errorPage) { if (container.getLogger().isDebugEnabled()) container.getLogger().debug("Processing " + errorPage); try { // Forward control to the specified location ServletContext servletContext = request.getContext().getServletContext(); RequestDispatcher rd = servletContext.getRequestDispatcher(errorPage.getLocation()); if (response.isCommitted()) { // Response is committed - including the error page is the // best we can do rd.include(request.getRequest(), response.getResponse()); } else { // Reset the response (keeping the real error code and message) response.resetBuffer(true); response.setContentLength(-1); rd.forward(request.getRequest(), response.getResponse()); // If we forward, the response is suspended again response.setSuspended(false); } // Indicate that we have successfully processed this custom page return (true); } catch (Throwable t) { ExceptionUtils.handleThrowable(t); // Report our failure to process this custom page container.getLogger().error("Exception Processing " + errorPage, t); return (false); } }
public void invoke(Request request, Response response) throws IOException, ServletException { try { if (!alreadySetLogbackStatusManager) { alreadySetLogbackStatusManager = true; org.apache.catalina.Context tomcatContext = request.getContext(); if (tomcatContext != null) { ServletContext sc = tomcatContext.getServletContext(); if (sc != null) { sc.setAttribute(AccessConstants.LOGBACK_STATUS_MANAGER_KEY, getStatusManager()); } } } getNext().invoke(request, response); TomcatServerAdapter adapter = new TomcatServerAdapter(request, response); AccessEvent accessEvent = new AccessEvent(request, response, adapter); if (getFilterChainDecision(accessEvent) == FilterReply.DENY) { return; } // TODO better exception handling aai.appendLoopOnAppenders(accessEvent); } finally { request.removeAttribute(AccessConstants.LOGBACK_STATUS_MANAGER_KEY); } }
/** * Log the interesting request parameters, invoke the next Valve in the sequence, and log the * interesting response parameters. * * @param request The servlet request to be processed * @param response The servlet response to be created * @exception IOException if an input/output error occurs * @exception ServletException if a servlet error occurs */ @Override public void invoke(Request request, Response response) throws IOException, ServletException { long totalstart = 0; // this happens before the request if (doStatistics()) { totalstart = System.currentTimeMillis(); } if (primaryIndicator) { createPrimaryIndicator(request); } Context context = request.getContext(); boolean isCrossContext = context != null && context instanceof StandardContext && ((StandardContext) context).getCrossContext(); try { if (isCrossContext) { if (log.isDebugEnabled()) log.debug(sm.getString("ReplicationValve.crossContext.add")); // FIXME add Pool of Arraylists crossContextSessions.set(new ArrayList<DeltaSession>()); } getNext().invoke(request, response); if (context != null) { Manager manager = context.getManager(); if (manager != null && manager instanceof ClusterManager) { ClusterManager clusterManager = (ClusterManager) manager; CatalinaCluster containerCluster = (CatalinaCluster) getContainer().getCluster(); if (containerCluster == null) { if (log.isWarnEnabled()) log.warn(sm.getString("ReplicationValve.nocluster")); return; } // valve cluster can access manager - other cluster handle replication // at host level - hopefully! if (containerCluster.getManager(clusterManager.getName()) == null) return; if (containerCluster.hasMembers()) { sendReplicationMessage( request, totalstart, isCrossContext, clusterManager, containerCluster); } else { resetReplicationRequest(request, isCrossContext); } } } } finally { // Array must be remove: Current master request send endAccess at recycle. // Don't register this request session again! if (isCrossContext) { if (log.isDebugEnabled()) log.debug(sm.getString("ReplicationValve.crossContext.remove")); // crossContextSessions.remove() only exist at Java 5 // register ArrayList at a pool crossContextSessions.set(null); } } }
/** * Handle the HTTP status code (and corresponding message) generated while processing the * specified Request to produce the specified Response. Any exceptions that occur during * generation of the error report are logged and swallowed. * * @param request The request being processed * @param response The response being generated */ private void status(Request request, Response response) { int statusCode = response.getStatus(); // Handle a custom error page for this status code Context context = request.getContext(); if (context == null) return; /* Only look for error pages when isError() is set. * isError() is set when response.sendError() is invoked. This * allows custom error pages without relying on default from * web.xml. */ if (!response.isError()) return; ErrorPage errorPage = context.findErrorPage(statusCode); if (errorPage == null) { // Look for a default error page errorPage = context.findErrorPage(0); } if (errorPage != null && response.setErrorReported()) { response.setAppCommitted(false); request.setAttribute(RequestDispatcher.ERROR_STATUS_CODE, Integer.valueOf(statusCode)); String message = response.getMessage(); if (message == null) message = ""; request.setAttribute(RequestDispatcher.ERROR_MESSAGE, message); request.setAttribute(Globals.DISPATCHER_REQUEST_PATH_ATTR, errorPage.getLocation()); request.setAttribute(Globals.DISPATCHER_TYPE_ATTR, DispatcherType.ERROR); Wrapper wrapper = request.getWrapper(); if (wrapper != null) request.setAttribute(RequestDispatcher.ERROR_SERVLET_NAME, wrapper.getName()); request.setAttribute(RequestDispatcher.ERROR_REQUEST_URI, request.getRequestURI()); if (custom(request, response, errorPage)) { try { response.finishResponse(); } catch (ClientAbortException e) { // Ignore } catch (IOException e) { container.getLogger().warn("Exception Processing " + errorPage, e); } } } }
@BeforeMethod public void setUp() throws Exception { _service = mock(MemcachedSessionService.class); _request = mock(Request.class); _response = mock(Response.class); final Context _contextContainer = mock(Context.class); final Host _hostContainer = mock(Host.class); final SessionManager _manager = mock(SessionManager.class); when(_service.getManager()).thenReturn(_manager); when(_manager.getContainer()).thenReturn(_contextContainer); when(_contextContainer.getParent()).thenReturn(_hostContainer); when(_contextContainer.getPath()).thenReturn("/"); _sessionTrackerValve = createSessionTrackerValve(); _nextValve = mock(Valve.class); _sessionTrackerValve.setNext(_nextValve); _sessionTrackerValve.setContainer(_hostContainer); _memcachedNodesManager = mock(MemcachedNodesManager.class); _sessionIdFormat = mock(SessionIdFormat.class); when(_request.getRequestURI()).thenReturn("/someRequest"); when(_request.getMethod()).thenReturn("GET"); when(_request.getQueryString()).thenReturn(null); when(_request.getContext()).thenReturn(_contextContainer); when(_request.getNote(eq(RequestTrackingHostValve.REQUEST_PROCESSED))).thenReturn(Boolean.TRUE); when(_request.getNote(eq(RequestTrackingHostValve.SESSION_ID_CHANGED))) .thenReturn(Boolean.FALSE); when(_sessionIdFormat.extractMemcachedId(anyString())).thenReturn(PRIMARY_NODE_IDENTIFIER); when(_service.getMemcachedNodesManager()).thenReturn(_memcachedNodesManager); when(_memcachedNodesManager.isNodeAvailable(PRIMARY_NODE_IDENTIFIER)) .thenReturn(IS_PRIMARY_MEMCACHED_NODE_OPERATIONAL); when(_memcachedNodesManager.getSessionIdFormat()).thenReturn(_sessionIdFormat); }
/** * Process Comet event. * * @param request Request to be processed * @param response Response to be produced * @param event the event * @exception IOException if an input/output error occurred * @exception ServletException if a servlet error occurred */ @Override public final void event(Request request, Response response, CometEvent event) throws IOException, ServletException { // Select the Context to be used for this Request Context context = request.getContext(); // Bind the context CL to the current thread if (context.getLoader() != null) { // Not started - it should check for availability first // This should eventually move to Engine, it's generic. Thread.currentThread().setContextClassLoader(context.getLoader().getClassLoader()); } // Ask this Context to process this request context.getPipeline().getFirst().event(request, response, event); // Error page processing response.setSuspended(false); Throwable t = (Throwable) request.getAttribute(RequestDispatcher.ERROR_EXCEPTION); if (t != null) { throwable(request, response, t); } else { status(request, response); } // Access a session (if present) to update last accessed time, based on a // strict interpretation of the specification if (ACCESS_SESSION) { request.getSession(false); } // Restore the context classloader Thread.currentThread().setContextClassLoader(StandardHostValve.class.getClassLoader()); }
@Override public ApiResponse signOutAll() { ApiResponse response = ApiResponse.createDefaultApiResponse(); HttpServletRequest request = HttpUtil.getRequest(); HttpSession httpSession = HttpUtil.getSession(); if (request instanceof RequestFacade) { Field requestField = null; try { requestField = request.getClass().getDeclaredField("request"); } catch (NoSuchFieldException e) { e.printStackTrace(); } if (requestField != null) { requestField.setAccessible(true); Request req = null; try { req = (Request) requestField.get(request); } catch (IllegalAccessException e) { e.printStackTrace(); } if (req != null) { Context context = req.getContext(); Manager manager = context.getManager(); Session[] sessions = manager.findSessions(); if (sessions != null) { for (Session session : sessions) { if (!httpSession.getId().equals(session.getId())) { session.expire(); } } } } } } return response; }
@Override public void addElement( StringBuilder buf, Date date, Request request, Response response, long time) { buf.append(wrap(request.getContext().getServletContext().getAttribute(attribute))); }
/** * Handle the specified Throwable encountered while processing the specified Request to produce * the specified Response. Any exceptions that occur during generation of the exception report are * logged and swallowed. * * @param request The request being processed * @param response The response being generated * @param throwable The exception that occurred (which possibly wraps a root cause exception */ protected void throwable(Request request, Response response, Throwable throwable) { Context context = request.getContext(); if (context == null) return; Throwable realError = throwable; if (realError instanceof ServletException) { realError = ((ServletException) realError).getRootCause(); if (realError == null) { realError = throwable; } } // If this is an aborted request from a client just log it and return if (realError instanceof ClientAbortException) { if (log.isDebugEnabled()) { log.debug(sm.getString("standardHost.clientAbort", realError.getCause().getMessage())); } return; } ErrorPage errorPage = findErrorPage(context, throwable); if ((errorPage == null) && (realError != throwable)) { errorPage = findErrorPage(context, realError); } if (errorPage != null) { if (response.setErrorReported()) { response.setAppCommitted(false); request.setAttribute(Globals.DISPATCHER_REQUEST_PATH_ATTR, errorPage.getLocation()); request.setAttribute(Globals.DISPATCHER_TYPE_ATTR, DispatcherType.ERROR); request.setAttribute( RequestDispatcher.ERROR_STATUS_CODE, new Integer(HttpServletResponse.SC_INTERNAL_SERVER_ERROR)); request.setAttribute(RequestDispatcher.ERROR_MESSAGE, throwable.getMessage()); request.setAttribute(RequestDispatcher.ERROR_EXCEPTION, realError); Wrapper wrapper = request.getWrapper(); if (wrapper != null) request.setAttribute(RequestDispatcher.ERROR_SERVLET_NAME, wrapper.getName()); request.setAttribute(RequestDispatcher.ERROR_REQUEST_URI, request.getRequestURI()); request.setAttribute(RequestDispatcher.ERROR_EXCEPTION_TYPE, realError.getClass()); if (custom(request, response, errorPage)) { try { response.finishResponse(); } catch (IOException e) { container.getLogger().warn("Exception Processing " + errorPage, e); } } } } else { // A custom error-page has not been defined for the exception // that was thrown during request processing. Check if an // error-page for error code 500 was specified and if so, // send that page back as the response. response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); // The response is an error response.setError(); status(request, response); } }
/** * Select the appropriate child Context to process this request, based on the specified request * URI. If no matching Context can be found, return an appropriate HTTP error. * * @param request Request to be processed * @param response Response to be produced * @exception IOException if an input/output error occurred * @exception ServletException if a servlet error occurred */ @Override public final void invoke(Request request, Response response) throws IOException, ServletException { /* * xujb: * 和Engine一样,调用下层的context,让它来做一些处理 * 自身也处理了一些的逻辑 * * */ // Select the Context to be used for this Request Context context = request.getContext(); if (context == null) { response.sendError( HttpServletResponse.SC_INTERNAL_SERVER_ERROR, sm.getString("standardHost.noContext")); return; } // Bind the context CL to the current thread if (context.getLoader() != null) { // Not started - it should check for availability first // This should eventually move to Engine, it's generic. if (Globals.IS_SECURITY_ENABLED) { PrivilegedAction<Void> pa = new PrivilegedSetTccl(context.getLoader().getClassLoader()); AccessController.doPrivileged(pa); } else { Thread.currentThread().setContextClassLoader(context.getLoader().getClassLoader()); } } if (request.isAsyncSupported()) { request.setAsyncSupported(context.getPipeline().isAsyncSupported()); } boolean asyncAtStart = request.isAsync(); boolean asyncDispatching = request.isAsyncDispatching(); if (asyncAtStart || context.fireRequestInitEvent(request)) { // Ask this Context to process this request. Requests that are in // async mode and are not being dispatched to this resource must be // in error and have been routed here to check for application // defined error pages. try { if (!asyncAtStart || asyncDispatching) { context.getPipeline().getFirst().invoke(request, response); } else { // Make sure this request/response is here because an error // report is required. if (!response.isErrorReportRequired()) { throw new IllegalStateException(sm.getString("standardHost.asyncStateError")); } } } catch (Throwable t) { ExceptionUtils.handleThrowable(t); // If a new error occurred while trying to report a previous // error simply log the new error and allow the original error // to be reported. if (response.isErrorReportRequired()) { container.getLogger().error("Exception Processing " + request.getRequestURI(), t); } else { request.setAttribute(RequestDispatcher.ERROR_EXCEPTION, t); throwable(request, response, t); } } // Now that the request/response pair is back under container // control lift the suspension so that the error handling can // complete and/or the container can flush any remaining data response.setSuspended(false); Throwable t = (Throwable) request.getAttribute(RequestDispatcher.ERROR_EXCEPTION); // Protect against NPEs if the context was destroyed during a // long running request. if (!context.getState().isAvailable()) { return; } // Look for (and render if found) an application level error page if (response.isErrorReportRequired()) { if (t != null) { throwable(request, response, t); } else { status(request, response); } } if (!request.isAsync() && (!asyncAtStart || !response.isErrorReportRequired())) { context.fireRequestDestroyEvent(request); } } // Access a session (if present) to update last accessed time, based on a // strict interpretation of the specification if (ACCESS_SESSION) { request.getSession(false); } // Restore the context classloader if (Globals.IS_SECURITY_ENABLED) { PrivilegedAction<Void> pa = new PrivilegedSetTccl(StandardHostValve.class.getClassLoader()); AccessController.doPrivileged(pa); } else { Thread.currentThread().setContextClassLoader(StandardHostValve.class.getClassLoader()); } }
/** * Enforce any user data constraint required by the security constraint guarding this request URI. * Return <code>true</code> if this constraint was not violated and processing should continue, or * <code>false</code> if we have created a response already. * * @param request Request we are processing * @param response Response we are creating * @param constraints Security constraint being checked * @exception IOException if an input/output error occurs */ @Override public boolean hasUserDataPermission( Request request, Response response, SecurityConstraint[] constraints) throws IOException { // Is there a relevant user data constraint? if (constraints == null || constraints.length == 0) { if (log.isDebugEnabled()) log.debug(" No applicable security constraint defined"); return (true); } for (int i = 0; i < constraints.length; i++) { SecurityConstraint constraint = constraints[i]; String userConstraint = constraint.getUserConstraint(); if (userConstraint == null) { if (log.isDebugEnabled()) log.debug(" No applicable user data constraint defined"); return (true); } if (userConstraint.equals(Constants.NONE_TRANSPORT)) { if (log.isDebugEnabled()) log.debug(" User data constraint has no restrictions"); return (true); } } // Validate the request against the user data constraint if (request.getRequest().isSecure()) { if (log.isDebugEnabled()) log.debug(" User data constraint already satisfied"); return (true); } // Initialize variables we need to determine the appropriate action int redirectPort = request.getConnector().getRedirectPort(); // Is redirecting disabled? if (redirectPort <= 0) { if (log.isDebugEnabled()) log.debug(" SSL redirect is disabled"); response.sendError(HttpServletResponse.SC_FORBIDDEN, request.getRequestURI()); return (false); } // Redirect to the corresponding SSL port StringBuilder file = new StringBuilder(); String protocol = "https"; String host = request.getServerName(); // Protocol file.append(protocol).append("://").append(host); // Host with port if (redirectPort != 443) { file.append(":").append(redirectPort); } // URI file.append(request.getRequestURI()); String requestedSessionId = request.getRequestedSessionId(); if ((requestedSessionId != null) && request.isRequestedSessionIdFromURL()) { file.append(";"); file.append(SessionConfig.getSessionUriParamName(request.getContext())); file.append("="); file.append(requestedSessionId); } String queryString = request.getQueryString(); if (queryString != null) { file.append('?'); file.append(queryString); } if (log.isDebugEnabled()) log.debug(" Redirecting to " + file.toString()); response.sendRedirect(file.toString()); return (false); }
/** * Perform access control based on the specified authorization constraint. Return <code>true * </code> if this constraint is satisfied and processing should continue, or <code>false</code> * otherwise. * * @param request Request we are processing * @param response Response we are creating * @param constraints Security constraint we are enforcing * @param context The Context to which client of this class is attached. * @exception IOException if an input/output error occurs */ @Override public boolean hasResourcePermission( Request request, Response response, SecurityConstraint[] constraints, Context context) throws IOException { if (constraints == null || constraints.length == 0) return (true); // Specifically allow access to the form login and form error pages // and the "j_security_check" action LoginConfig config = context.getLoginConfig(); if ((config != null) && (Constants.FORM_METHOD.equals(config.getAuthMethod()))) { String requestURI = request.getRequestPathMB().toString(); String loginPage = config.getLoginPage(); if (loginPage.equals(requestURI)) { if (log.isDebugEnabled()) log.debug(" Allow access to login page " + loginPage); return (true); } String errorPage = config.getErrorPage(); if (errorPage.equals(requestURI)) { if (log.isDebugEnabled()) log.debug(" Allow access to error page " + errorPage); return (true); } if (requestURI.endsWith(Constants.FORM_ACTION)) { if (log.isDebugEnabled()) log.debug(" Allow access to username/password submission"); return (true); } } // Which user principal have we already authenticated? Principal principal = request.getPrincipal(); boolean status = false; boolean denyfromall = false; for (int i = 0; i < constraints.length; i++) { SecurityConstraint constraint = constraints[i]; String roles[]; if (constraint.getAllRoles()) { // * means all roles defined in web.xml roles = request.getContext().findSecurityRoles(); } else { roles = constraint.findAuthRoles(); } if (roles == null) roles = new String[0]; if (log.isDebugEnabled()) log.debug(" Checking roles " + principal); if (roles.length == 0 && !constraint.getAllRoles()) { if (constraint.getAuthConstraint()) { if (log.isDebugEnabled()) log.debug("No roles"); status = false; // No listed roles means no access at all denyfromall = true; break; } if (log.isDebugEnabled()) log.debug("Passing all access"); status = true; } else if (principal == null) { if (log.isDebugEnabled()) log.debug(" No user authenticated, cannot grant access"); } else { for (int j = 0; j < roles.length; j++) { if (hasRole(null, principal, roles[j])) { status = true; if (log.isDebugEnabled()) log.debug("Role found: " + roles[j]); } else if (log.isDebugEnabled()) log.debug("No role found: " + roles[j]); } } } if (!denyfromall && allRolesMode != AllRolesMode.STRICT_MODE && !status && principal != null) { if (log.isDebugEnabled()) { log.debug("Checking for all roles mode: " + allRolesMode); } // Check for an all roles(role-name="*") for (int i = 0; i < constraints.length; i++) { SecurityConstraint constraint = constraints[i]; String roles[]; // If the all roles mode exists, sets if (constraint.getAllRoles()) { if (allRolesMode == AllRolesMode.AUTH_ONLY_MODE) { if (log.isDebugEnabled()) { log.debug("Granting access for role-name=*, auth-only"); } status = true; break; } // For AllRolesMode.STRICT_AUTH_ONLY_MODE there must be zero roles roles = request.getContext().findSecurityRoles(); if (roles.length == 0 && allRolesMode == AllRolesMode.STRICT_AUTH_ONLY_MODE) { if (log.isDebugEnabled()) { log.debug("Granting access for role-name=*, strict auth-only"); } status = true; break; } } } } // Return a "Forbidden" message denying access to this resource if (!status) { response.sendError(HttpServletResponse.SC_FORBIDDEN, sm.getString("realmBase.forbidden")); } return status; }
private void doInvoke(Request request, Response response, boolean chaining) throws IOException, ServletException { if ((valves.length > 0) || (basic != null)) { // Set the status so that if there are no valves (other than the // basic one), the basic valve's request processing logic will // be invoked int status = GlassFishValve.INVOKE_NEXT; // Iterate over all the valves in the pipeline and invoke // each valve's processing logic and then move onto to the // next valve in the pipeline only if the previous valve indicated // that the pipeline should proceed. int i; for (i = 0; i < valves.length; i++) { Request req = request; Response resp = response; if (chaining) { req = getRequest(request); resp = getResponse(request, response); } status = valves[i].invoke(req, resp); if (status != GlassFishValve.INVOKE_NEXT) break; } // Save a reference to the valve[], to ensure that postInvoke() // is invoked on the original valve[], in case a valve gets added // or removed during the invocation of the basic valve (e.g., // in case access logging is enabled or disabled by some kind of // admin servlet), in which case the indices used for postInvoke // invocations below would be off GlassFishValve[] savedValves = valves; // Invoke the basic valve's request processing and post-request // logic only if the pipeline was not aborted (i.e. no valve // returned END_PIPELINE). // In addition, the basic valve needs to be invoked by the // pipeline only if no Tomcat-style valves have been added. // Otherwise, it will be invoked by the last Tomcat-style valve // directly. if (status == GlassFishValve.INVOKE_NEXT) { if (firstTcValve != null) { firstTcValve.invoke( (org.apache.catalina.connector.Request) request, (org.apache.catalina.connector.Response) response); } else if (basic != null) { Request req = request; Response resp = response; if (chaining) { req = getRequest(request); resp = getResponse(request, response); } basic.invoke(req, resp); basic.postInvoke(req, resp); } } // Invoke the post-request processing logic only on those valves // that returned a status of INVOKE_NEXT for (int j = i - 1; j >= 0; j--) { Request req = request; Response resp = response; if (chaining) { req = getRequest(request); resp = getResponse(request, response); } savedValves[j].postInvoke(req, resp); } savedValves = null; } else { throw new ServletException(rb.getString(NO_VALVES_IN_PIPELINE_EXCEPTION)); } // Calls the protocol handler's init method if the request is marked to be upgraded if (request instanceof org.apache.catalina.connector.Request) { org.apache.catalina.connector.Request req = (org.apache.catalina.connector.Request) request; if (req.isUpgrade()) { HttpUpgradeHandler handler = req.getHttpUpgradeHandler(); if (handler != null) { WebConnectionImpl wc = new WebConnectionImpl( req.getInputStream(), ((org.apache.catalina.connector.Response) req.getResponse()).getOutputStream()); wc.setRequest(req); req.setWebConnection(wc); if (response instanceof org.apache.catalina.connector.Response) { wc.setResponse((org.apache.catalina.connector.Response) response); } Context context = req.getContext(); try { context.fireContainerEvent(ContainerEvent.BEFORE_UPGRADE_HANDLER_INITIALIZED, handler); handler.init(wc); } finally { context.fireContainerEvent(ContainerEvent.AFTER_UPGRADE_HANDLER_INITIALIZED, handler); } } else { log.log(Level.SEVERE, PROTOCOL_HANDLER_REQUIRED_EXCEPTION); } req.setUpgrade(false); } } }
public boolean validate(Request request) { if ((userName == null) || (realmName == null) || (nonce == null) || (uri == null) || (response == null)) { return false; } // Validate the URI - should match the request line sent by client if (validateUri) { String uriQuery; String query = request.getQueryString(); if (query == null) { uriQuery = request.getRequestURI(); } else { uriQuery = request.getRequestURI() + "?" + query; } if (!uri.equals(uriQuery)) { // Some clients (older Android) use an absolute URI for // DIGEST but a relative URI in the request line. // request. 2.3.5 < fixed Android version <= 4.0.3 String host = request.getHeader("host"); String scheme = request.getScheme(); if (host != null && !uriQuery.startsWith(scheme)) { StringBuilder absolute = new StringBuilder(); absolute.append(scheme); absolute.append("://"); absolute.append(host); absolute.append(uriQuery); if (!uri.equals(absolute.toString())) { return false; } } else { return false; } } } // Validate the Realm name String lcRealm = getRealmName(request.getContext()); if (!lcRealm.equals(realmName)) { return false; } // Validate the opaque string if (!opaque.equals(opaqueReceived)) { return false; } // Validate nonce int i = nonce.indexOf(":"); if (i < 0 || (i + 1) == nonce.length()) { return false; } long nonceTime; try { nonceTime = Long.parseLong(nonce.substring(0, i)); } catch (NumberFormatException nfe) { return false; } String md5clientIpTimeKey = nonce.substring(i + 1); long currentTime = System.currentTimeMillis(); if ((currentTime - nonceTime) > nonceValidity) { nonceStale = true; synchronized (nonces) { nonces.remove(nonce); } } String serverIpTimeKey = request.getRemoteAddr() + ":" + nonceTime + ":" + key; byte[] buffer = ConcurrentMessageDigest.digestMD5(serverIpTimeKey.getBytes(StandardCharsets.ISO_8859_1)); String md5ServerIpTimeKey = MD5Encoder.encode(buffer); if (!md5ServerIpTimeKey.equals(md5clientIpTimeKey)) { return false; } // Validate qop if (qop != null && !QOP.equals(qop)) { return false; } // Validate cnonce and nc // Check if presence of nc and Cnonce is consistent with presence of qop if (qop == null) { if (cnonce != null || nc != null) { return false; } } else { if (cnonce == null || nc == null) { return false; } // RFC 2617 says nc must be 8 digits long. Older Android clients // use 6. 2.3.5 < fixed Android version <= 4.0.3 if (nc.length() < 6 || nc.length() > 8) { return false; } long count; try { count = Long.parseLong(nc, 16); } catch (NumberFormatException nfe) { return false; } NonceInfo info; synchronized (nonces) { info = nonces.get(nonce); } if (info == null) { // Nonce is valid but not in cache. It must have dropped out // of the cache - force a re-authentication nonceStale = true; } else { if (!info.nonceCountValid(count)) { return false; } } } return true; }