Merge pull request #1280 from aogburn/03102603

[UNDERTOW-2007] Digest mechanism needs sticky sessions

Author: fl4via

core/src/main/java/io/undertow/security/impl/DigestAuthenticationMechanism.java

@@ -42,6 +42,7 @@
 import io.undertow.util.HeaderMap;
 import io.undertow.util.Headers;
 import io.undertow.util.HexConverter;
+import io.undertow.util.Sessions;
 import io.undertow.util.StatusCodes;
 
 import java.nio.charset.StandardCharsets;
@@ -445,6 +446,13 @@ private byte[] createRFC2617RequestDigest(final byte[] ha1, final byte[] ha2, fi
 
     @Override
     public ChallengeResult sendChallenge(final HttpServerExchange exchange, final SecurityContext securityContext) {
+        // Ensure a session is created to have stickiness through loadbalancers
+        try {
+            Sessions.getOrCreateSession(exchange);
+        } catch (IllegalStateException e) {
+            UndertowLogger.SECURITY_LOGGER.debugf("Session error. Digest auth may fail from broken stickiness", e);
+        }
+
         DigestContext context = exchange.getAttachment(DigestContext.ATTACHMENT_KEY);
         boolean stale = context == null ? false : context.isStale();