| | |
|---|
| | | /**
|
|---|
| | | * Allows authentication header to be altered based on the action requested
|
|---|
| | | * Default is WWW-Authenticate
|
|---|
| | | * @param httpRequest
|
|---|
| | | * @param action
|
|---|
| | | * @return authentication type header
|
|---|
| | | */
|
|---|
| | | protected String getAuthenticationHeader(String action) {
|
|---|
| | | protected String getAuthenticationHeader(HttpServletRequest httpRequest, String action) {
|
|---|
| | | return "WWW-Authenticate";
|
|---|
| | | }
|
|---|
| | |
|
|---|
| | |
|---|
| | | logger.info(MessageFormat.format("ARF: CREATE CHALLENGE {0}", fullUrl));
|
|---|
| | | }
|
|---|
| | |
|
|---|
| | | httpResponse.setHeader(getAuthenticationHeader(urlRequestType), CHALLENGE);
|
|---|
| | | httpResponse.setHeader(getAuthenticationHeader(httpRequest, urlRequestType), CHALLENGE);
|
|---|
| | | httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
|
|---|
| | | return;
|
|---|
| | | } else {
|
|---|
| | |
|---|
| | | if (runtimeManager.isDebugMode()) {
|
|---|
| | | logger.info(MessageFormat.format("ARF: CHALLENGE {0}", fullUrl));
|
|---|
| | | }
|
|---|
| | | httpResponse.setHeader(getAuthenticationHeader(urlRequestType), CHALLENGE);
|
|---|
| | | httpResponse.setHeader(getAuthenticationHeader(httpRequest, urlRequestType), CHALLENGE);
|
|---|
| | | httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
|
|---|
| | | return;
|
|---|
| | | } else {
|
|---|
| | |
|---|
| | | // authenticated request permitted.
|
|---|
| | | // pass processing to the restricted servlet.
|
|---|
| | | newSession(authenticatedRequest, httpResponse);
|
|---|
| | | logger.info(MessageFormat.format("ARF: {0} ({1}) authenticated", fullUrl,
|
|---|
| | | HttpServletResponse.SC_CONTINUE));
|
|---|
| | | logger.info(MessageFormat.format("ARF: authenticated {0} to {1} ({2})", user.username,
|
|---|
| | | fullUrl, HttpServletResponse.SC_CONTINUE));
|
|---|
| | | chain.doFilter(authenticatedRequest, httpResponse);
|
|---|
| | | return;
|
|---|
| | | }
|
|---|
