/* ====================================================================
*
* Copyright (C) 2017 GeoSolutions S.A.S.
* http://www.geo-solutions.it
*
* GPLv3 + Classpath exception
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program.
*
* ====================================================================
*
* This software consists of voluntary contributions made by developers
* of GeoSolutions. For more information on GeoSolutions, please see
* <http://www.geo-solutions.it/>.
*
*/
package it.geosolutions.geostore.services.rest.security;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;
/**
* This Class wrap the AuthenticationEntryPoint to reply with forbidden for the
* /users/user/details path.
* It is used to emulate the login without showing a WWW-Authenticate window in the browser
* @author Lorenzo Natali (lorenzo.natali at geo-solutions.it)
*
*/
public class RestAuthenticationEntryPoint extends BasicAuthenticationEntryPoint {
private static final String LOGIN_PATH="users/user/details";
private static final String SESSION_LOGIN_PATH= "session/";
private static final Logger LOGGER = Logger.getLogger(RestAuthenticationEntryPoint.class);
@Override
public void commence(HttpServletRequest request,
HttpServletResponse response, AuthenticationException authException)
throws IOException, ServletException {
URI url=null;
try {
url = new URI(request.getRequestURI());
} catch (URISyntaxException e) {
// TODO Auto-generated catch block
LOGGER.error("Invalid URI:"+ request.getRequestURI());
super.commence(request, response, authException);
return;
}
if(url == null){
super.commence(request, response, authException);
return;
}
if( url.getPath().contains(LOGIN_PATH) || url.getPath().contains(SESSION_LOGIN_PATH)){
response.setHeader("WWW-Authenticate", "FormBased");
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
}
else{
super.commence(request, response, authException);
}
}
}