private void processDigestAuth(HttpServletRequest request,
HttpServletResponse response, FilterChain chain)
throws IOException, ServletException
{
Identity identity = Identity.instance();
if (identity == null)
{
throw new ServletException("Identity not found - please ensure that the Identity component is created on startup.");
}
Credentials credentials = identity.getCredentials();
boolean requireAuth = false;
boolean nonceExpired = false;
String header = request.getHeader("Authorization");
if (header != null && header.startsWith("Digest "))
{
String section212response = header.substring(7);
String[] headerEntries = section212response.split(",");
Map<String,String> headerMap = new HashMap<String,String>();
for (String entry : headerEntries)
{
String[] vals = split(entry, "=");
headerMap.put(vals[0].trim(), vals[1].replace("\"", "").trim());
}
DigestRequest digestRequest = new DigestRequest();
digestRequest.setHttpMethod(request.getMethod());
digestRequest.setSystemRealm(realm);
digestRequest.setRealm(headerMap.get("realm"));
digestRequest.setKey(key);
digestRequest.setNonce(headerMap.get("nonce"));
digestRequest.setUri(headerMap.get("uri"));
digestRequest.setClientDigest(headerMap.get("response"));
digestRequest.setQop(headerMap.get("qop"));
digestRequest.setNonceCount(headerMap.get("nc"));
digestRequest.setClientNonce(headerMap.get("cnonce"));
try
{
digestRequest.validate();
request.getSession().setAttribute(DigestRequest.DIGEST_REQUEST, digestRequest);
authenticate( request, headerMap.get("username") );
}
catch (DigestValidationException ex)
{
log.warn(String.format("Digest validation failed, header [%s]: %s",
section212response, ex.getMessage()));
requireAuth = true;
if (ex.isNonceExpired()) nonceExpired = true;
}
catch (Exception ex)
{
log.warn("Error authenticating: " + ex.getMessage());
requireAuth = true;
}
}
if (!identity.isLoggedIn() && !credentials.isSet())
{
requireAuth = true;
}
try
{
if (!requireAuth)
{
chain.doFilter(request, response);
return;
}
}
catch (NotLoggedInException ex)
{
requireAuth = true;
}
if ((requireAuth && !identity.isLoggedIn()))
{
long expiryTime = System.currentTimeMillis() + (nonceValiditySeconds * 1000);
String signatureValue = DigestUtils.md5Hex(expiryTime + ":" + key);
String nonceValue = expiryTime + ":" + signatureValue;