private String sendChallengeResponse(NextFilter nextFilter, IoSession session, HttpRequestMessage httpRequest,
DefaultLoginResult loginResult, HttpRealmInfo[] realms, int realmIndex, LoginContext[] loginContexts) {
HttpRealmInfo realm = realms[realmIndex];
Object[] challengeData = loginResult != null && loginResult.getType() == LoginResult.Type.CHALLENGE
? loginResult.getLoginChallengeData() : null;
HttpResponseMessage httpResponse = challengeFactory.createChallenge(httpRequest, realm, challengeData);
if (realmIndex > 0) {
String challengeIdentity;
do {
challengeIdentity = HttpUtils.newSessionId();
httpResponse.setHeader(HEADER_SEC_CHALLENGE_IDENTITY, challengeIdentity);
} while (expiringState != null && expiringState.putIfAbsent(challengeIdentity, loginContexts, 30, SECONDS) != null);
}
writeChallenge(httpResponse, nextFilter, session, realm.getChallengeScheme());
return httpResponse.getHeader(HEADER_WWW_AUTHENTICATE);
}