]> source.dussan.org Git - archiva.git/blob
02ccad01caf293fa4980519fa729fe0fad447141
[archiva.git] /
1 package org.codehaus.redback.integration.filter.authentication.digest;
2
3 /*
4  * Licensed to the Apache Software Foundation (ASF) under one
5  * or more contributor license agreements.  See the NOTICE file
6  * distributed with this work for additional information
7  * regarding copyright ownership.  The ASF licenses this file
8  * to you under the Apache License, Version 2.0 (the
9  * "License"); you may not use this file except in compliance
10  * with the License.  You may obtain a copy of the License at
11  *
12  * http://www.apache.org/licenses/LICENSE-2.0
13  *
14  * Unless required by applicable law or agreed to in writing,
15  * software distributed under the License is distributed on an
16  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17  * KIND, either express or implied.  See the License for the
18  * specific language governing permissions and limitations
19  * under the License.
20  */
21
22 import org.apache.archiva.redback.authentication.AuthenticationException;
23 import org.codehaus.redback.integration.filter.authentication.AbstractHttpAuthenticationFilter;
24 import org.codehaus.redback.integration.filter.authentication.HttpAuthenticator;
25 import org.codehaus.redback.integration.filter.authentication.basic.HttpBasicAuthentication;
26
27 import javax.servlet.FilterChain;
28 import javax.servlet.FilterConfig;
29 import javax.servlet.ServletException;
30 import javax.servlet.ServletRequest;
31 import javax.servlet.ServletResponse;
32 import javax.servlet.http.HttpServletRequest;
33 import javax.servlet.http.HttpServletResponse;
34 import java.io.IOException;
35
36 /**
37  * HttpDigestAuthenticationFilter.
38  * <p/>
39  * Uses RFC 2617 and RFC 2069 to perform Digest authentication against the incoming client.
40  * <p/>
41  * <ul>
42  * <li><a href="http://www.faqs.org/rfcs/rfc2617.html">RFC 2617</a> - HTTP Authentication: Basic and Digest Access Authentication</li>
43  * <li><a href="http://www.faqs.org/rfcs/rfc2069.html">RFC 2069</a> - An Extension to HTTP : Digest Access Authentication</li>
44  * </ul>
45  *
46  * @author <a href="mailto:joakim@erdfelt.com">Joakim Erdfelt</a>
47  * @version $Id$
48  */
49 public class HttpDigestAuthenticationFilter
50     extends AbstractHttpAuthenticationFilter
51 {
52     private HttpDigestAuthentication httpAuthentication;
53
54     @Override
55     public void init( FilterConfig filterConfig )
56         throws ServletException
57     {
58         super.init( filterConfig );
59
60         httpAuthentication =
61             getApplicationContext().getBean( "httpAuthenticator#digest", HttpDigestAuthentication.class );
62
63     }
64
65     public void doFilter( ServletRequest request, ServletResponse response, FilterChain chain )
66         throws IOException, ServletException
67     {
68         if ( !( request instanceof HttpServletRequest ) )
69         {
70             throw new ServletException( "Can only process HttpServletRequest" );
71         }
72
73         if ( !( response instanceof HttpServletResponse ) )
74         {
75             throw new ServletException( "Can only process HttpServletResponse" );
76         }
77
78         HttpServletRequest httpRequest = (HttpServletRequest) request;
79         HttpServletResponse httpResponse = (HttpServletResponse) response;
80
81         try
82         {
83             httpAuthentication.setRealm( getRealmName() );
84             httpAuthentication.authenticate( httpRequest, httpResponse );
85         }
86         catch ( AuthenticationException e )
87         {
88             HttpAuthenticator httpauthn = new HttpBasicAuthentication();
89             httpauthn.challenge( httpRequest, httpResponse, getRealmName(), e );
90             return;
91         }
92
93         chain.doFilter( request, response );
94     }
95
96 }