it.geosolutions.geostore.services.rest.security.RestAuthenticationEntryPoint.java Source code

Java tutorial

Introduction

Here is the source code for it.geosolutions.geostore.services.rest.security.RestAuthenticationEntryPoint.java

Source

/* ====================================================================
 *
 * Copyright (C) 2007 - 2011 GeoSolutions S.A.S.
 * http://www.geo-solutions.it
 *
 * GPLv3 + Classpath exception
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.
 *
 * ====================================================================
 *
 * This software consists of voluntary contributions made by developers
 * of GeoSolutions.  For more information on GeoSolutions, please see
 * <http://www.geo-solutions.it/>.
 *
 */
package it.geosolutions.geostore.services.rest.security;

import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.log4j.Logger;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;

/**
 * This Class wrap the AuthenticationEntryPoint to reply with forbidden for the 
 * /users/user/details path.
 * It is used to emulate the login without showing a WWW-Authenticate window in the browser
 * @author Lorenzo Natali (lorenzo.natali at geo-solutions.it)
 *
 */
public class RestAuthenticationEntryPoint extends BasicAuthenticationEntryPoint {
    private static final String LOGIN_PATH = "users/user/details";
    private static final Logger LOGGER = Logger.getLogger(RestAuthenticationEntryPoint.class);

    @Override
    public void commence(HttpServletRequest request, HttpServletResponse response,
            AuthenticationException authException) throws IOException, ServletException {
        URI url = null;
        try {
            url = new URI(request.getRequestURI());
        } catch (URISyntaxException e) {
            // TODO Auto-generated catch block
            LOGGER.error("Invalid URI:" + request.getRequestURI());
            super.commence(request, response, authException);
            return;
        }
        if (url == null) {
            super.commence(request, response, authException);
            return;
        }
        if (url.getPath().contains(LOGIN_PATH)) {
            response.setHeader("WWW-Authenticate", "FormBased");
            response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
        } else {
            super.commence(request, response, authException);

        }

    }
}