[jboss-cvs] jboss-seam/src/main/org/jboss/seam/web ...
Shane Bryzak
sbryzak at redhat.com
Wed May 23 04:24:49 EDT 2007
User: sbryzak2
Date: 07/05/23 04:24:49
Modified: src/main/org/jboss/seam/web HttpAuthFilter.java
Log:
more digest stuff
Revision Changes Path
1.3 +71 -32 jboss-seam/src/main/org/jboss/seam/web/HttpAuthFilter.java
(In the diff below, changes in quantity of whitespace are not shown.)
Index: HttpAuthFilter.java
===================================================================
RCS file: /cvsroot/jboss/jboss-seam/src/main/org/jboss/seam/web/HttpAuthFilter.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -b -r1.2 -r1.3
--- HttpAuthFilter.java 23 May 2007 03:44:25 -0000 1.2
+++ HttpAuthFilter.java 23 May 2007 08:24:49 -0000 1.3
@@ -49,33 +49,36 @@
{
private static final String DEFAULT_REALM = "seamApp";
+ private static final String AUTH_TYPE_BASIC = "basic";
+ private static final String AUTH_TYPE_DIGEST = "digest";
+
@Logger Log log;
public enum AuthType {basic, digest}
- private String realmName = DEFAULT_REALM;
+ private String realm = DEFAULT_REALM;
private String key;
private int nonceValiditySeconds = 300;
- private AuthType authType = AuthType.basic;
+ private String authType = AUTH_TYPE_BASIC;
- public void setRealmName(String realmName)
+ public void setRealm(String realm)
{
- this.realmName = realmName;
+ this.realm = realm;
}
- public String getRealmName()
+ public String getRealm()
{
- return realmName;
+ return realm;
}
- public void setAuthType(AuthType authType)
+ public void setAuthType(String authType)
{
this.authType = authType;
}
- public AuthType getAuthType()
+ public String getAuthType()
{
return authType;
}
@@ -111,15 +114,12 @@
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
- switch (authType)
- {
- case basic:
+ if (AUTH_TYPE_BASIC.equals(authType))
processBasicAuth(httpRequest, httpResponse, chain);
- break;
- case digest:
+ else if (AUTH_TYPE_DIGEST.equals(authType))
processDigestAuth(httpRequest, httpResponse, chain);
- break;
- }
+ else
+ throw new ServletException("Invalid authentication type");
}
private void processBasicAuth(HttpServletRequest request,
@@ -129,6 +129,8 @@
Context ctx = new WebSessionContext(new ServletSessionImpl(request.getSession()));
Identity identity = (Identity) ctx.get(Identity.class);
+ boolean requireAuth = false;
+
String header = request.getHeader("Authorization");
if (header != null && header.startsWith("Basic "))
{
@@ -153,16 +155,27 @@
}
}
+ if (!identity.isLoggedIn() && !identity.isCredentialsSet())
+ {
+ requireAuth = true;
+ }
+
try
{
+ if (!requireAuth)
+ {
chain.doFilter(request, response);
return;
}
- catch (NotLoggedInException ex) {}
+ }
+ catch (NotLoggedInException ex)
+ {
+ requireAuth = true;
+ }
- if (!identity.isLoggedIn())
+ if (requireAuth && !identity.isLoggedIn())
{
- response.addHeader("WWW-Authenticate", "Basic realm=\"" + realmName + "\"");
+ response.addHeader("WWW-Authenticate", "Basic realm=\"" + realm + "\"");
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Not authorized");
}
}
@@ -174,7 +187,7 @@
Context ctx = new WebSessionContext(new ServletSessionImpl(request.getSession()));
Identity identity = (Identity) ctx.get(Identity.class);
- boolean failed = false;
+ boolean requireAuth = false;
boolean nonceExpired = false;
String header = request.getHeader("Authorization");
@@ -186,14 +199,14 @@
Map<String,String> headerMap = new HashMap<String,String>();
for (String entry : headerEntries)
{
- String[] vals = entry.split("=");
+ String[] vals = split(entry, "=");
headerMap.put(vals[0].trim(), vals[1].replace("\"", "").trim());
}
identity.setUsername(headerMap.get("username"));
DigestRequest digestRequest = new DigestRequest();
- digestRequest.setSystemRealm(realmName);
+ digestRequest.setSystemRealm(realm);
digestRequest.setRealm(headerMap.get("realm"));
digestRequest.setKey(key);
digestRequest.setNonce(headerMap.get("nonce"));
@@ -212,23 +225,31 @@
{
log.error(String.format("Digest validation failed, header [%s]: %s",
section212response, ex.getMessage()));
- failed = true;
+ requireAuth = true;
if (ex.isNonceExpired()) nonceExpired = true;
}
}
- if (!failed)
+ if (!identity.isLoggedIn() && !identity.isCredentialsSet())
{
+ requireAuth = true;
+ }
+
try
{
+ if (!requireAuth)
+ {
chain.doFilter(request, response);
return;
}
- catch (NotLoggedInException ex) {}
+ }
+ catch (NotLoggedInException ex)
+ {
+ requireAuth = true;
}
- if (failed || !identity.isLoggedIn())
+ if (requireAuth || !identity.isLoggedIn())
{
long expiryTime = System.currentTimeMillis() + (nonceValiditySeconds * 1000);
@@ -239,7 +260,7 @@
// qop is quality of protection, as defined by RFC 2617.
// we do not use opaque due to IE violation of RFC 2617 in not
// representing opaque on subsequent requests in same session.
- String authenticateHeader = "Digest realm=\"" + realmName + "\", " + "qop=\"auth\", nonce=\""
+ String authenticateHeader = "Digest realm=\"" + realm + "\", " + "qop=\"auth\", nonce=\""
+ nonceValueBase64 + "\"";
if (nonceExpired) authenticateHeader = authenticateHeader + ", stale=\"true\"";
@@ -248,4 +269,22 @@
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
}
}
+
+ private String[] split(String toSplit, String delimiter)
+ {
+ if (delimiter.length() != 1) {
+ throw new IllegalArgumentException("Delimiter can only be one character in length");
+ }
+
+ int offset = toSplit.indexOf(delimiter);
+
+ if (offset < 0) {
+ return null;
+ }
+
+ String beforeDelimiter = toSplit.substring(0, offset);
+ String afterDelimiter = toSplit.substring(offset + 1);
+
+ return new String[] {beforeDelimiter, afterDelimiter};
+ }
}
More information about the jboss-cvs-commits
mailing list