001
014
015 package com.liferay.portal.security.auth;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.exception.SystemException;
019 import com.liferay.portal.kernel.servlet.HttpHeaders;
020 import com.liferay.portal.kernel.spring.osgi.OSGiBeanProperties;
021 import com.liferay.portal.kernel.util.MapUtil;
022 import com.liferay.portal.kernel.util.StringBundler;
023 import com.liferay.portal.servlet.filters.secure.NonceUtil;
024 import com.liferay.portal.util.Portal;
025 import com.liferay.portal.util.PortalInstances;
026 import com.liferay.portal.util.PortalUtil;
027
028 import java.util.Properties;
029
030 import javax.servlet.http.HttpServletRequest;
031 import javax.servlet.http.HttpServletResponse;
032
033
036 @OSGiBeanProperties(
037 portalPropertyPrefix = "auth.verifier.DigestAuthenticationAuthVerifier."
038 )
039 public class DigestAuthenticationAuthVerifier implements AuthVerifier {
040
041 @Override
042 public String getAuthType() {
043 return HttpServletRequest.DIGEST_AUTH;
044 }
045
046 @Override
047 public AuthVerifierResult verify(
048 AccessControlContext accessControlContext, Properties configuration)
049 throws AuthException {
050
051 try {
052 AuthVerifierResult authVerifierResult = new AuthVerifierResult();
053
054 HttpServletRequest request = accessControlContext.getRequest();
055
056 long userId = PortalUtil.getDigestAuthUserId(request);
057
058 if (userId == 0) {
059
060
061
062 boolean forcedDigestAuth = MapUtil.getBoolean(
063 accessControlContext.getSettings(), "digest_auth");
064
065 if (forcedDigestAuth) {
066 HttpServletResponse response =
067 accessControlContext.getResponse();
068
069
070
071 long companyId = PortalInstances.getCompanyId(request);
072
073 String remoteAddress = request.getRemoteAddr();
074
075 String nonce = NonceUtil.generate(companyId, remoteAddress);
076
077 StringBundler sb = new StringBundler(4);
078
079 sb.append(_DIGEST_REALM);
080 sb.append(", nonce=\"");
081 sb.append(nonce);
082 sb.append("\"");
083
084 response.setHeader(
085 HttpHeaders.WWW_AUTHENTICATE, sb.toString());
086
087 response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
088
089 authVerifierResult.setState(
090 AuthVerifierResult.State.INVALID_CREDENTIALS);
091 }
092
093 return authVerifierResult;
094 }
095
096 authVerifierResult.setState(AuthVerifierResult.State.SUCCESS);
097 authVerifierResult.setUserId(userId);
098
099 return authVerifierResult;
100 }
101 catch (PortalException pe) {
102 throw new AuthException(pe);
103 }
104 catch (SystemException se) {
105 throw new AuthException(se);
106 }
107 }
108
109 private static final String _DIGEST_REALM =
110 "Digest realm=\"" + Portal.PORTAL_REALM + "\"";
111
112 }