private void validateResponse(ClientUpgradeResponse response) {
// Check the Accept hash
String reqKey = request.getKey();
String expectedHash = AcceptHash.hashKey(reqKey);
response.validateWebSocketHash(expectedHash);
// Parse extensions
List<ExtensionConfig> extensions = new ArrayList<>();
List<String> extValues = response.getHeaders("Sec-WebSocket-Extensions");
if (extValues != null) {
for (String extVal : extValues) {
QuotedStringTokenizer tok = new QuotedStringTokenizer(extVal, ",");
while (tok.hasMoreTokens()) {
extensions.add(ExtensionConfig.parse(tok.nextToken()));
}
}
}
response.setExtensions(extensions);
}
/**
* @param context
* @param descriptor
* @param node
*/
public void visitContextParam(WebAppContext context, Descriptor descriptor, XmlParser.Node node)
throws Exception {
String name = node.getString("param-name", false, true);
String value = node.getString("param-value", false, true);
List<String> values = new ArrayList<>();
// extract values
switch (name) {
case ServletContext.ORDERED_LIBS:
case AnnotationConfiguration.CONTAINER_INITIALIZERS:
case MetaInfConfiguration.METAINF_TLDS:
case MetaInfConfiguration.METAINF_RESOURCES:
context.removeAttribute(name);
QuotedStringTokenizer tok = new QuotedStringTokenizer(value, ",");
while (tok.hasMoreElements()) values.add(tok.nextToken().trim());
break;
default:
values.add(value);
}
// handle values
switch (name) {
case ServletContext.ORDERED_LIBS:
{
List<Object> libs = new ArrayList<>();
Object o = context.getAttribute(ServletContext.ORDERED_LIBS);
if (o instanceof Collection<?>) libs.addAll((Collection<?>) o);
libs.addAll(values);
if (libs.size() > 0) context.setAttribute(ServletContext.ORDERED_LIBS, libs);
break;
}
case AnnotationConfiguration.CONTAINER_INITIALIZERS:
{
for (String i : values)
visitContainerInitializer(
context,
new ContainerInitializer(Thread.currentThread().getContextClassLoader(), i));
break;
}
case MetaInfConfiguration.METAINF_TLDS:
{
List<Object> tlds = new ArrayList<>();
String war = context.getBaseResource().getURI().toString();
Object o = context.getAttribute(MetaInfConfiguration.METAINF_TLDS);
if (o instanceof Collection<?>) tlds.addAll((Collection<?>) o);
for (String i : values) {
Resource r = Resource.newResource(i.replace("${WAR}/", war));
if (r.exists()) tlds.add(r.getURL());
else throw new IllegalArgumentException("TLD not found: " + r);
}
if (tlds.size() > 0) context.setAttribute(MetaInfConfiguration.METAINF_TLDS, tlds);
break;
}
case MetaInfConfiguration.METAINF_RESOURCES:
{
String war = context.getBaseResource().getURI().toString();
for (String i : values) {
Resource r = Resource.newResource(i.replace("${WAR}/", war));
if (r.exists()) visitMetaInfResource(context, r);
else throw new IllegalArgumentException("Resource not found: " + r);
}
break;
}
default:
}
}
@Override
public AuthStatus validateRequest(
MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage();
String credentials = request.getHeader(HttpHeader.AUTHORIZATION.asString());
try {
boolean stale = false;
// TODO extract from request
long timestamp = System.currentTimeMillis();
if (credentials != null) {
if (LOG.isDebugEnabled()) LOG.debug("Credentials: " + credentials);
QuotedStringTokenizer tokenizer =
new QuotedStringTokenizer(credentials, "=, ", true, false);
final Digest digest = new Digest(request.getMethod());
String last = null;
String name = null;
while (tokenizer.hasMoreTokens()) {
String tok = tokenizer.nextToken();
char c = (tok.length() == 1) ? tok.charAt(0) : '\0';
switch (c) {
case '=':
name = last;
last = tok;
break;
case ',':
name = null;
case ' ':
break;
default:
last = tok;
if (name != null) {
if ("username".equalsIgnoreCase(name)) digest.username = tok;
else if ("realm".equalsIgnoreCase(name)) digest.realm = tok;
else if ("nonce".equalsIgnoreCase(name)) digest.nonce = tok;
else if ("nc".equalsIgnoreCase(name)) digest.nc = tok;
else if ("cnonce".equalsIgnoreCase(name)) digest.cnonce = tok;
else if ("qop".equalsIgnoreCase(name)) digest.qop = tok;
else if ("uri".equalsIgnoreCase(name)) digest.uri = tok;
else if ("response".equalsIgnoreCase(name)) digest.response = tok;
break;
}
}
}
int n = checkNonce(digest.nonce, timestamp);
if (n > 0) {
if (login(
clientSubject, digest.username, digest, Constraint.__DIGEST_AUTH, messageInfo)) {
return AuthStatus.SUCCESS;
}
} else if (n == 0) stale = true;
}
if (!isMandatory(messageInfo)) {
return AuthStatus.SUCCESS;
}
String domain = request.getContextPath();
if (domain == null) domain = "/";
response.setHeader(
HttpHeader.WWW_AUTHENTICATE.asString(),
"Digest realm=\""
+ realmName
+ "\", domain=\""
+ domain
+ "\", nonce=\""
+ newNonce(timestamp)
+ "\", algorithm=MD5, qop=\"auth\""
+ (useStale ? (" stale=" + stale) : ""));
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return AuthStatus.SEND_CONTINUE;
} catch (IOException e) {
throw new AuthException(e.getMessage());
} catch (UnsupportedCallbackException e) {
throw new AuthException(e.getMessage());
}
}
public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory)
throws ServerAuthException {
if (!mandatory) {
return _deferred;
}
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
String credentials = request.getHeader(HttpHeaders.AUTHORIZATION);
try {
boolean stale = false;
if (credentials != null) {
if (Log.isDebugEnabled()) {
Log.debug("Credentials: " + credentials);
}
QuotedStringTokenizer tokenizer =
new QuotedStringTokenizer(credentials, "=, ", true, false);
final Digest digest = new Digest(request.getMethod());
String last = null;
String name = null;
while (tokenizer.hasMoreTokens()) {
String tok = tokenizer.nextToken();
char c = (tok.length() == 1) ? tok.charAt(0) : '\0';
switch (c) {
case '=':
name = last;
last = tok;
break;
case ',':
name = null;
case ' ':
break;
default:
last = tok;
if (name != null) {
if ("username".equalsIgnoreCase(name)) {
digest.username = tok;
} else if ("realm".equalsIgnoreCase(name)) {
digest.realm = tok;
} else if ("nonce".equalsIgnoreCase(name)) {
digest.nonce = tok;
} else if ("nc".equalsIgnoreCase(name)) {
digest.nc = tok;
} else if ("cnonce".equalsIgnoreCase(name)) {
digest.cnonce = tok;
} else if ("qop".equalsIgnoreCase(name)) {
digest.qop = tok;
} else if ("uri".equalsIgnoreCase(name)) {
digest.uri = tok;
} else if ("response".equalsIgnoreCase(name)) {
digest.response = tok;
}
break;
}
}
}
int n = checkNonce(digest.nonce, (Request) request);
if (n > 0) {
UserIdentity user = _loginService.login(digest.username, digest);
if (user != null) {
return new UserAuthentication(getAuthMethod(), user);
}
} else if (n == 0) {
stale = true;
}
}
if (!_deferred.isDeferred(response)) {
String domain = request.getContextPath();
if (domain == null) {
domain = "/";
}
response.setHeader(
HttpHeaders.WWW_AUTHENTICATE,
"Digest realm=\""
+ _loginService.getName()
+ "\", domain=\""
+ domain
+ "\", nonce=\""
+ newNonce((Request) request)
+ "\", algorithm=MD5, qop=\"auth\""
+ (_useStale ? (" stale=" + stale) : ""));
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
return Authentication.SEND_CONTINUE;
}
return Authentication.UNAUTHENTICATED;
} catch (Exception e) {
throw new ServerAuthException(e);
}
}
