RestAuthenticationEntryPoint.java

/* ====================================================================
 *
 * Copyright (C) 2017 GeoSolutions S.A.S.
 * http://www.geo-solutions.it
 *
 * GPLv3 + Classpath exception
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.
 *
 * ====================================================================
 *
 * This software consists of voluntary contributions made by developers
 * of GeoSolutions.  For more information on GeoSolutions, please see
 * <http://www.geo-solutions.it/>.
 *
 */
package it.geosolutions.geostore.services.rest.security;

import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.log4j.Logger;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;
/**
 * This Class wrap the AuthenticationEntryPoint to reply with forbidden for the 
 * /users/user/details path.
 * It is used to emulate the login without showing a WWW-Authenticate window in the browser
 * @author Lorenzo Natali (lorenzo.natali at geo-solutions.it)
 *
 */
public class RestAuthenticationEntryPoint extends  BasicAuthenticationEntryPoint {
	private static final String LOGIN_PATH="users/user/details";
	private static final String SESSION_LOGIN_PATH= "session/";
	 private static final Logger LOGGER = Logger.getLogger(RestAuthenticationEntryPoint.class);
	@Override
	public void commence(HttpServletRequest request,
			HttpServletResponse response, AuthenticationException authException)
			throws IOException, ServletException {
			URI url=null;
			try {
				url = new URI(request.getRequestURI());
			} catch (URISyntaxException e) {
				// TODO Auto-generated catch block
				LOGGER.error("Invalid URI:"+ request.getRequestURI());
				super.commence(request, response, authException);
				return;
			}
			if(url == null){
				super.commence(request, response, authException);
				return;
			}
		if( url.getPath().contains(LOGIN_PATH) || url.getPath().contains(SESSION_LOGIN_PATH)){
			response.setHeader("WWW-Authenticate", "FormBased");
			response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
		}
		else{
			super.commence(request, response, authException);
			
		}
		
	}
}