Java Code Examples for io.undertow.server.HttpServerExchange#addResponseHeader()

The following examples show how to use io.undertow.server.HttpServerExchange#addResponseHeader() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: ResourceHandler.java    From quarkus-http with Apache License 2.0 6 votes vote down vote up
@Override
public void handleRequest(final HttpServerExchange exchange) throws Exception {
    if (exchange.getRequestMethod().equals(HttpMethodNames.GET) ||
            exchange.getRequestMethod().equals(HttpMethodNames.POST)) {
        serveResource(exchange, true);
    } else if (exchange.getRequestMethod().equals(HttpMethodNames.HEAD)) {
        serveResource(exchange, false);
    } else {
        if (KNOWN_METHODS.contains(exchange.getRequestMethod())) {
            exchange.setStatusCode(StatusCodes.METHOD_NOT_ALLOWED);
            exchange.addResponseHeader(HttpHeaderNames.ALLOW,
                    String.join(", ", HttpMethodNames.GET, HttpMethodNames.HEAD, HttpMethodNames.POST));
        } else {
            exchange.setStatusCode(StatusCodes.NOT_IMPLEMENTED);
        }
        exchange.endExchange();
    }
}
 
Example 2
Source File: GSSAPIAuthenticationMechanism.java    From quarkus-http with Apache License 2.0 5 votes vote down vote up
public ChallengeResult sendChallenge(final HttpServerExchange exchange, final SecurityContext securityContext) {
    NegotiationContext negContext = exchange.getAttachment(NegotiationContext.ATTACHMENT_KEY);

    String header = NEGOTIATION_PLAIN;

    if (negContext != null) {
        byte[] responseChallenge = negContext.useResponseToken();
        exchange.putAttachment(NegotiationContext.ATTACHMENT_KEY, null);
        if (responseChallenge != null) {
            header = NEGOTIATE_PREFIX + FlexBase64.encodeString(responseChallenge, false);
        }
    } else {
        Subject server = null;
        try {
            server = subjectFactory.getSubjectForHost(getHostName(exchange));
        } catch (GeneralSecurityException e) {
            // Deliberately ignore - no Subject so don't offer GSSAPI is our main concern here.
        }
        if (server == null) {
            return ChallengeResult.NOT_SENT;
        }
    }

    exchange.addResponseHeader(WWW_AUTHENTICATE, header);

    UndertowLogger.SECURITY_LOGGER.debugf("Sending GSSAPI challenge for %s", exchange);
    return new ChallengeResult(true, UNAUTHORIZED);
}
 
Example 3
Source File: BasicAuthenticationMechanism.java    From quarkus-http with Apache License 2.0 5 votes vote down vote up
@Override
public ChallengeResult sendChallenge(HttpServerExchange exchange, SecurityContext securityContext) {
    if(silent) {
        //if this is silent we only send a challenge if the request contained auth headers
        //otherwise we assume another method will send the challenge
        String authHeader = exchange.getRequestHeader(AUTHORIZATION);
        if(authHeader == null) {
            return ChallengeResult.NOT_SENT;
        }
    }
    exchange.addResponseHeader(WWW_AUTHENTICATE, challenge);
    UndertowLogger.SECURITY_LOGGER.debugf("Sending basic auth challenge %s for %s", challenge, exchange);
    return new ChallengeResult(true, UNAUTHORIZED);
}
 
Example 4
Source File: DigestAuthenticationMechanism.java    From quarkus-http with Apache License 2.0 5 votes vote down vote up
@Override
public ChallengeResult sendChallenge(final HttpServerExchange exchange, final SecurityContext securityContext) {
    DigestContext context = exchange.getAttachment(DigestContext.ATTACHMENT_KEY);
    boolean stale = context == null ? false : context.isStale();

    StringBuilder rb = new StringBuilder(DIGEST_PREFIX);
    rb.append(HttpHeaderNames.REALM.toString()).append("=\"").append(realmName).append("\",");
    rb.append(HttpHeaderNames.DOMAIN.toString()).append("=\"").append(domain).append("\",");
    // based on security constraints.
    rb.append(HttpHeaderNames.NONCE.toString()).append("=\"").append(nonceManager.nextNonce(null, exchange)).append("\",");
    // Not currently using OPAQUE as it offers no integrity, used for session data leaves it vulnerable to
    // session fixation type issues as well.
    rb.append(HttpHeaderNames.OPAQUE.toString()).append("=\"00000000000000000000000000000000\"");
    if (stale) {
        rb.append(",stale=true");
    }
    if (supportedAlgorithms.size() > 0) {
        // This header will need to be repeated once for each algorithm.
        rb.append(",").append(HttpHeaderNames.ALGORITHM.toString()).append("=%s");
    }
    if (qopString != null) {
        rb.append(",").append(HttpHeaderNames.QOP.toString()).append("=\"").append(qopString).append("\"");
    }

    String theChallenge = rb.toString();
    if (supportedAlgorithms.isEmpty()) {
        exchange.addResponseHeader(WWW_AUTHENTICATE, theChallenge);
    } else {
        for (DigestAlgorithm current : supportedAlgorithms) {
            exchange.addResponseHeader(WWW_AUTHENTICATE, String.format(theChallenge, current.getToken()));
        }
    }

    return new ChallengeResult(true, UNAUTHORIZED);
}
 
Example 5
Source File: DigestAuthenticationMechanism.java    From quarkus-http with Apache License 2.0 5 votes vote down vote up
public void sendAuthenticationInfoHeader(final HttpServerExchange exchange) {
    DigestContext context = exchange.getAttachment(DigestContext.ATTACHMENT_KEY);
    DigestQop qop = context.getQop();
    String currentNonce = context.getNonce();
    String nextNonce = nonceManager.nextNonce(currentNonce, exchange);
    if (qop != null || !nextNonce.equals(currentNonce)) {
        StringBuilder sb = new StringBuilder();
        sb.append(NEXT_NONCE).append("=\"").append(nextNonce).append("\"");
        if (qop != null) {
            Map<DigestAuthorizationToken, String> parsedHeader = context.getParsedHeader();
            sb.append(",").append(HttpHeaderNames.QOP.toString()).append("=\"").append(qop.getToken()).append("\"");
            byte[] ha1 = context.getHa1();
            byte[] ha2;

            if (qop == DigestQop.AUTH) {
                ha2 = createHA2Auth(context);
            } else {
                ha2 = createHA2AuthInt();
            }
            String rspauth = new String(createRFC2617RequestDigest(ha1, ha2, context), StandardCharsets.UTF_8);
            sb.append(",").append(HttpHeaderNames.RESPONSE_AUTH.toString()).append("=\"").append(rspauth).append("\"");
            sb.append(",").append(HttpHeaderNames.CNONCE.toString()).append("=\"").append(parsedHeader.get(DigestAuthorizationToken.CNONCE)).append("\"");
            sb.append(",").append(HttpHeaderNames.NONCE_COUNT.toString()).append("=").append(parsedHeader.get(DigestAuthorizationToken.NONCE_COUNT));
        }

        exchange.addResponseHeader(AUTHENTICATION_INFO, sb.toString());
    }

    exchange.removeAttachment(DigestContext.ATTACHMENT_KEY);
}
 
Example 6
Source File: DisableCacheHandler.java    From quarkus-http with Apache License 2.0 5 votes vote down vote up
@Override
public void handleRequest(HttpServerExchange exchange) throws Exception {
    exchange.addResponseHeader(HttpHeaderNames.CACHE_CONTROL, "no-cache, no-store, must-revalidate");
    exchange.addResponseHeader(HttpHeaderNames.PRAGMA, "no-cache");
    exchange.addResponseHeader(HttpHeaderNames.EXPIRES, "0");
    next.handleRequest(exchange);
}
 
Example 7
Source File: AuthenticationTestBase.java    From quarkus-http with Apache License 2.0 5 votes vote down vote up
@Override
public void handleRequest(HttpServerExchange exchange) throws Exception {
    exchange.addResponseHeader(PROCESSED_BY, "ResponseHandler");
    String user = getAuthenticatedUser(exchange);
    if (user != null) {
        exchange.addResponseHeader(AUTHENTICATED_USER, user);
    }
    if(exchange.getQueryParameters().get("logout") != null) {
        exchange.getSecurityContext().logout();
    }

    exchange.endExchange();
}
 
Example 8
Source File: PathTestCase.java    From quarkus-http with Apache License 2.0 5 votes vote down vote up
@Override
public void handleRequest(HttpServerExchange exchange) throws Exception {
    exchange.addResponseHeader(MATCHED, matched);
    exchange.addResponseHeader(PATH, exchange.getRelativePath());
    for(Map.Entry<String, Deque<String>> param : exchange.getQueryParameters().entrySet()) {
        exchange.setResponseHeader(param.getKey(), param.getValue().getFirst());
    }
    exchange.endExchange();
}