This project has retired. For details please refer to its Attic page.
HttpDigestAuthenticationFilter xref
View Javadoc

1   package org.apache.archiva.redback.integration.filter.authentication.digest;
2   
3   /*
4    * Licensed to the Apache Software Foundation (ASF) under one
5    * or more contributor license agreements.  See the NOTICE file
6    * distributed with this work for additional information
7    * regarding copyright ownership.  The ASF licenses this file
8    * to you under the Apache License, Version 2.0 (the
9    * "License"); you may not use this file except in compliance
10   * with the License.  You may obtain a copy of the License at
11   *
12   * http://www.apache.org/licenses/LICENSE-2.0
13   *
14   * Unless required by applicable law or agreed to in writing,
15   * software distributed under the License is distributed on an
16   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17   * KIND, either express or implied.  See the License for the
18   * specific language governing permissions and limitations
19   * under the License.
20   */
21  
22  import org.apache.archiva.redback.authentication.AuthenticationException;
23  import org.apache.archiva.redback.integration.filter.authentication.AbstractHttpAuthenticationFilter;
24  import org.apache.archiva.redback.integration.filter.authentication.HttpAuthenticator;
25  import org.apache.archiva.redback.integration.filter.authentication.basic.HttpBasicAuthentication;
26  
27  import javax.servlet.FilterChain;
28  import javax.servlet.FilterConfig;
29  import javax.servlet.ServletException;
30  import javax.servlet.ServletRequest;
31  import javax.servlet.ServletResponse;
32  import javax.servlet.http.HttpServletRequest;
33  import javax.servlet.http.HttpServletResponse;
34  import java.io.IOException;
35  
36  /**
37   * HttpDigestAuthenticationFilter.
38   * <p/>
39   * Uses RFC 2617 and RFC 2069 to perform Digest authentication against the incoming client.
40   * <p/>
41   * <ul>
42   * <li><a href="http://www.faqs.org/rfcs/rfc2617.html">RFC 2617</a> - HTTP Authentication: Basic and Digest Access Authentication</li>
43   * <li><a href="http://www.faqs.org/rfcs/rfc2069.html">RFC 2069</a> - An Extension to HTTP : Digest Access Authentication</li>
44   * </ul>
45   *
46   * @author <a href="mailto:joakim@erdfelt.com">Joakim Erdfelt</a>
47   *
48   */
49  public class HttpDigestAuthenticationFilter
50      extends AbstractHttpAuthenticationFilter
51  {
52      private HttpDigestAuthentication httpAuthentication;
53  
54      @Override
55      public void init( FilterConfig filterConfig )
56          throws ServletException
57      {
58          super.init( filterConfig );
59  
60          httpAuthentication =
61              getApplicationContext().getBean( "httpAuthenticator#digest", HttpDigestAuthentication.class );
62  
63      }
64  
65      public void doFilter( ServletRequest request, ServletResponse response, FilterChain chain )
66          throws IOException, ServletException
67      {
68          if ( !( request instanceof HttpServletRequest ) )
69          {
70              throw new ServletException( "Can only process HttpServletRequest" );
71          }
72  
73          if ( !( response instanceof HttpServletResponse ) )
74          {
75              throw new ServletException( "Can only process HttpServletResponse" );
76          }
77  
78          HttpServletRequest httpRequest = (HttpServletRequest) request;
79          HttpServletResponse httpResponse = (HttpServletResponse) response;
80  
81          try
82          {
83              httpAuthentication.setRealm( getRealmName() );
84              httpAuthentication.authenticate( httpRequest, httpResponse );
85          }
86          catch ( AuthenticationException e )
87          {
88              HttpAuthenticator httpauthn = new HttpBasicAuthentication();
89              httpauthn.challenge( httpRequest, httpResponse, getRealmName(), e );
90              return;
91          }
92  
93          chain.doFilter( request, response );
94      }
95  
96  }