From e9ac2c8c978d66771b5314eae5d47d623543f272 Mon Sep 17 00:00:00 2001
From: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Date: Tue, 1 Oct 2019 17:49:30 -0500
Subject: [PATCH] Fixing #4144 - handle wrapped requests better

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
---
 .../jetty/rewrite/handler/ForwardedSchemeHeaderRule.java    | 3 ++-
 .../jetty/security/authentication/DigestAuthenticator.java  | 6 ++++--
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/jetty-rewrite/src/main/java/org/eclipse/jetty/rewrite/handler/ForwardedSchemeHeaderRule.java b/jetty-rewrite/src/main/java/org/eclipse/jetty/rewrite/handler/ForwardedSchemeHeaderRule.java
index 2d26ed8f21b..b80e658b0c4 100644
--- a/jetty-rewrite/src/main/java/org/eclipse/jetty/rewrite/handler/ForwardedSchemeHeaderRule.java
+++ b/jetty-rewrite/src/main/java/org/eclipse/jetty/rewrite/handler/ForwardedSchemeHeaderRule.java
@@ -46,7 +46,8 @@ public class ForwardedSchemeHeaderRule extends HeaderRule
     @Override
     protected String apply(String target, String value, HttpServletRequest request, HttpServletResponse response)
     {
-        ((Request)request).setScheme(_scheme);
+        Request baseRequest = Request.getBaseRequest(request);
+        baseRequest.setScheme(_scheme);
         return target;
     }
 }
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DigestAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DigestAuthenticator.java
index ce8e1bc281b..16d7ca6eab0 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DigestAuthenticator.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DigestAuthenticator.java
@@ -121,6 +121,8 @@ public class DigestAuthenticator extends LoginAuthenticator
 
         try
         {
+            Request baseRequest = Request.getBaseRequest(request);
+
             boolean stale = false;
             if (credentials != null)
             {
@@ -173,7 +175,7 @@ public class DigestAuthenticator extends LoginAuthenticator
                     }
                 }
 
-                int n = checkNonce(digest, (Request)request);
+                int n = checkNonce(digest, baseRequest);
 
                 if (n > 0)
                 {
@@ -195,7 +197,7 @@ public class DigestAuthenticator extends LoginAuthenticator
                     domain = "/";
                 response.setHeader(HttpHeader.WWW_AUTHENTICATE.asString(), "Digest realm=\"" + _loginService.getName() +
                     "\", domain=\"" + domain +
-                    "\", nonce=\"" + newNonce((Request)request) +
+                    "\", nonce=\"" + newNonce(baseRequest) +
                     "\", algorithm=MD5" +
                     ", qop=\"auth\"" +
                     ", stale=" + stale);