Package org.jboss.seam.security.digest

Source Code of org.jboss.seam.security.digest.DigestAuthenticator

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
package org.jboss.seam.security.digest;

import org.jboss.seam.contexts.Context;
import org.jboss.seam.contexts.Contexts;
import org.jboss.seam.security.Identity;

/**
* This class provides methods for performing Digest (RFC 2617) authentication
* and is intended to be extended by a concrete Authenticator implementation.
* @author Shane Bryzak
*/
public abstract class DigestAuthenticator
{
   @SuppressWarnings("deprecation")
   protected boolean validatePassword(String password)
   {
      Context ctx = Contexts.getSessionContext();
     
      DigestRequest digestRequest = (DigestRequest) ctx.get(DigestRequest.DIGEST_REQUEST);
      if (digestRequest == null)
      {
         throw new IllegalStateException("No digest request found in session scope");
      }
     
      // Remove the digest request from the session now
      ctx.remove(DigestRequest.DIGEST_REQUEST);
     
      // Calculate the expected digest
      String serverDigestMd5 = DigestUtils.generateDigest(
               digestRequest.isPasswordAlreadyEncoded(),
               Identity.instance().getUsername(), digestRequest.getRealm(),
               password, digestRequest.getHttpMethod(),
               digestRequest.getUri(), digestRequest.getQop(),
               digestRequest.getNonce(), digestRequest.getNonceCount(),
               digestRequest.getClientNonce());

      return serverDigestMd5.equals(digestRequest.getClientDigest());
  
}
TOP

Related Classes of org.jboss.seam.security.digest.DigestAuthenticator

  • org.jboss.seam.contexts.Context
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.