SpnegoAuthenticatorEx.java example

Explorer
sql-layer-master
/**
 * Copyright (C) 2009-2013 FoundationDB, LLC
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

package com.foundationdb.http;

import org.eclipse.jetty.security.ServerAuthException;
import org.eclipse.jetty.security.authentication.DeferredAuthentication;
import org.eclipse.jetty.security.authentication.SpnegoAuthenticator;
import org.eclipse.jetty.server.Authentication;
import org.eclipse.jetty.server.Response;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.log.Logger;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * Don't treat configuration / protocol errors as <code>Authentication.UNAUTHENTICATED</code> when mandatory.
 */
public class SpnegoAuthenticatorEx extends SpnegoAuthenticator 
{
    private static final Logger LOG = Log.getLogger(SpnegoAuthenticatorEx.class);
    
    @Override
    public Authentication validateRequest(ServletRequest request, ServletResponse response, boolean mandatory) throws ServerAuthException {
        Authentication result = super.validateRequest(request, response, mandatory);
        if ((result == Authentication.UNAUTHENTICATED) &&
            mandatory &&
            !DeferredAuthentication.isDeferred((HttpServletResponse)response)) {
            LOG.debug("SpengoAuthenticatorEx: unauthenticated -> forbidden");
            try {
                ((HttpServletResponse)response).sendError(Response.SC_FORBIDDEN,
                                                          "negotiation failure");
            }
            catch (IOException ex) {
                throw new ServerAuthException(ex);
            }
            result = Authentication.SEND_FAILURE;
        }
        return result;
    }
}