| <!DOCTYPE HTML> |
| <html lang="en"> |
| <head> |
| <title>Source code</title> |
| <link rel="stylesheet" type="text/css" href="../../../../../../../../stylesheet.css" title="Style"> |
| </head> |
| <body> |
| <main role="main"> |
| <div class="sourceContainer"> |
| <pre><span class="sourceLineNo">001</span><a id="line.1">package org.apache.archiva.redback.rest.services.interceptors;</a> |
| <span class="sourceLineNo">002</span><a id="line.2"></a> |
| <span class="sourceLineNo">003</span><a id="line.3">/*</a> |
| <span class="sourceLineNo">004</span><a id="line.4"> * Licensed to the Apache Software Foundation (ASF) under one</a> |
| <span class="sourceLineNo">005</span><a id="line.5"> * or more contributor license agreements. See the NOTICE file</a> |
| <span class="sourceLineNo">006</span><a id="line.6"> * distributed with this work for additional information</a> |
| <span class="sourceLineNo">007</span><a id="line.7"> * regarding copyright ownership. The ASF licenses this file</a> |
| <span class="sourceLineNo">008</span><a id="line.8"> * to you under the Apache License, Version 2.0 (the</a> |
| <span class="sourceLineNo">009</span><a id="line.9"> * "License"); you may not use this file except in compliance</a> |
| <span class="sourceLineNo">010</span><a id="line.10"> * with the License. You may obtain a copy of the License at</a> |
| <span class="sourceLineNo">011</span><a id="line.11"> *</a> |
| <span class="sourceLineNo">012</span><a id="line.12"> * http://www.apache.org/licenses/LICENSE-2.0</a> |
| <span class="sourceLineNo">013</span><a id="line.13"> * Unless required by applicable law or agreed to in writing,</a> |
| <span class="sourceLineNo">014</span><a id="line.14"> * software distributed under the License is distributed on an</a> |
| <span class="sourceLineNo">015</span><a id="line.15"> * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY</a> |
| <span class="sourceLineNo">016</span><a id="line.16"> * KIND, either express or implied. See the License for the</a> |
| <span class="sourceLineNo">017</span><a id="line.17"> * specific language governing permissions and limitations</a> |
| <span class="sourceLineNo">018</span><a id="line.18"> * under the License.</a> |
| <span class="sourceLineNo">019</span><a id="line.19"> */</a> |
| <span class="sourceLineNo">020</span><a id="line.20"></a> |
| <span class="sourceLineNo">021</span><a id="line.21">import org.apache.archiva.redback.authentication.AuthenticationException;</a> |
| <span class="sourceLineNo">022</span><a id="line.22">import org.apache.archiva.redback.authentication.AuthenticationFailureCause;</a> |
| <span class="sourceLineNo">023</span><a id="line.23">import org.apache.archiva.redback.authentication.AuthenticationResult;</a> |
| <span class="sourceLineNo">024</span><a id="line.24">import org.apache.archiva.redback.authentication.BearerTokenAuthenticationDataSource;</a> |
| <span class="sourceLineNo">025</span><a id="line.25">import org.apache.archiva.redback.authentication.jwt.BearerError;</a> |
| <span class="sourceLineNo">026</span><a id="line.26">import org.apache.archiva.redback.authentication.jwt.JwtAuthenticator;</a> |
| <span class="sourceLineNo">027</span><a id="line.27">import org.apache.archiva.redback.authorization.RedbackAuthorization;</a> |
| <span class="sourceLineNo">028</span><a id="line.28">import org.apache.archiva.redback.integration.filter.authentication.HttpAuthenticationException;</a> |
| <span class="sourceLineNo">029</span><a id="line.29">import org.apache.archiva.redback.policy.AccountLockedException;</a> |
| <span class="sourceLineNo">030</span><a id="line.30">import org.apache.archiva.redback.policy.MustChangePasswordException;</a> |
| <span class="sourceLineNo">031</span><a id="line.31">import org.apache.archiva.redback.rbac.RBACManager;</a> |
| <span class="sourceLineNo">032</span><a id="line.32">import org.apache.archiva.redback.rest.services.RedbackAuthenticationThreadLocal;</a> |
| <span class="sourceLineNo">033</span><a id="line.33">import org.apache.archiva.redback.rest.services.RedbackRequestInformation;</a> |
| <span class="sourceLineNo">034</span><a id="line.34">import org.apache.archiva.redback.system.SecuritySession;</a> |
| <span class="sourceLineNo">035</span><a id="line.35">import org.apache.archiva.redback.system.SecuritySystem;</a> |
| <span class="sourceLineNo">036</span><a id="line.36">import org.apache.archiva.redback.users.User;</a> |
| <span class="sourceLineNo">037</span><a id="line.37">import org.apache.archiva.redback.users.UserManager;</a> |
| <span class="sourceLineNo">038</span><a id="line.38">import org.apache.archiva.redback.users.UserManagerException;</a> |
| <span class="sourceLineNo">039</span><a id="line.39">import org.apache.archiva.redback.users.UserNotFoundException;</a> |
| <span class="sourceLineNo">040</span><a id="line.40">import org.apache.commons.lang3.StringUtils;</a> |
| <span class="sourceLineNo">041</span><a id="line.41">import org.slf4j.Logger;</a> |
| <span class="sourceLineNo">042</span><a id="line.42">import org.slf4j.LoggerFactory;</a> |
| <span class="sourceLineNo">043</span><a id="line.43">import org.springframework.stereotype.Service;</a> |
| <span class="sourceLineNo">044</span><a id="line.44"></a> |
| <span class="sourceLineNo">045</span><a id="line.45">import javax.annotation.Priority;</a> |
| <span class="sourceLineNo">046</span><a id="line.46">import javax.inject.Inject;</a> |
| <span class="sourceLineNo">047</span><a id="line.47">import javax.inject.Named;</a> |
| <span class="sourceLineNo">048</span><a id="line.48">import javax.servlet.http.HttpServletRequest;</a> |
| <span class="sourceLineNo">049</span><a id="line.49">import javax.servlet.http.HttpServletResponse;</a> |
| <span class="sourceLineNo">050</span><a id="line.50">import javax.ws.rs.container.ContainerRequestContext;</a> |
| <span class="sourceLineNo">051</span><a id="line.51">import javax.ws.rs.container.ContainerRequestFilter;</a> |
| <span class="sourceLineNo">052</span><a id="line.52">import javax.ws.rs.container.ResourceInfo;</a> |
| <span class="sourceLineNo">053</span><a id="line.53">import javax.ws.rs.core.Context;</a> |
| <span class="sourceLineNo">054</span><a id="line.54">import javax.ws.rs.core.Response;</a> |
| <span class="sourceLineNo">055</span><a id="line.55">import javax.ws.rs.core.SecurityContext;</a> |
| <span class="sourceLineNo">056</span><a id="line.56">import javax.ws.rs.core.UriInfo;</a> |
| <span class="sourceLineNo">057</span><a id="line.57">import javax.ws.rs.ext.Provider;</a> |
| <span class="sourceLineNo">058</span><a id="line.58">import java.io.IOException;</a> |
| <span class="sourceLineNo">059</span><a id="line.59">import java.util.List;</a> |
| <span class="sourceLineNo">060</span><a id="line.60">import java.util.function.Function;</a> |
| <span class="sourceLineNo">061</span><a id="line.61">import java.util.regex.Pattern;</a> |
| <span class="sourceLineNo">062</span><a id="line.62">import java.util.stream.Collectors;</a> |
| <span class="sourceLineNo">063</span><a id="line.63">import java.util.stream.Stream;</a> |
| <span class="sourceLineNo">064</span><a id="line.64"></a> |
| <span class="sourceLineNo">065</span><a id="line.65">/**</a> |
| <span class="sourceLineNo">066</span><a id="line.66"> * Interceptor that checks for the Bearer Header value and tries to verify the token.</a> |
| <span class="sourceLineNo">067</span><a id="line.67"> *</a> |
| <span class="sourceLineNo">068</span><a id="line.68"> * @author Martin Stockhammer <martin_s@apache.org></a> |
| <span class="sourceLineNo">069</span><a id="line.69"> * @since 3.0</a> |
| <span class="sourceLineNo">070</span><a id="line.70"> */</a> |
| <span class="sourceLineNo">071</span><a id="line.71">@Service( "bearerAuthInterceptor#rest" )</a> |
| <span class="sourceLineNo">072</span><a id="line.72">@Provider</a> |
| <span class="sourceLineNo">073</span><a id="line.73">@Priority( Priorities.AUTHENTICATION )</a> |
| <span class="sourceLineNo">074</span><a id="line.74">public class BearerAuthInterceptor extends AbstractInterceptor</a> |
| <span class="sourceLineNo">075</span><a id="line.75"> implements ContainerRequestFilter</a> |
| <span class="sourceLineNo">076</span><a id="line.76">{</a> |
| <span class="sourceLineNo">077</span><a id="line.77"></a> |
| <span class="sourceLineNo">078</span><a id="line.78"> private static final Logger log = LoggerFactory.getLogger( BearerAuthInterceptor.class );</a> |
| <span class="sourceLineNo">079</span><a id="line.79"></a> |
| <span class="sourceLineNo">080</span><a id="line.80"> @Inject</a> |
| <span class="sourceLineNo">081</span><a id="line.81"> @Named( value = "userManager#default" )</a> |
| <span class="sourceLineNo">082</span><a id="line.82"> private UserManager userManager;</a> |
| <span class="sourceLineNo">083</span><a id="line.83"></a> |
| <span class="sourceLineNo">084</span><a id="line.84"> @Inject</a> |
| <span class="sourceLineNo">085</span><a id="line.85"> @Named( value = "rbacManager#default" )</a> |
| <span class="sourceLineNo">086</span><a id="line.86"> RBACManager rbacManager;</a> |
| <span class="sourceLineNo">087</span><a id="line.87"></a> |
| <span class="sourceLineNo">088</span><a id="line.88"> @Inject</a> |
| <span class="sourceLineNo">089</span><a id="line.89"> @Named( value = "securitySystem" )</a> |
| <span class="sourceLineNo">090</span><a id="line.90"> SecuritySystem securitySystem;</a> |
| <span class="sourceLineNo">091</span><a id="line.91"></a> |
| <span class="sourceLineNo">092</span><a id="line.92"> @Inject</a> |
| <span class="sourceLineNo">093</span><a id="line.93"> JwtAuthenticator jwtAuthenticator;</a> |
| <span class="sourceLineNo">094</span><a id="line.94"></a> |
| <span class="sourceLineNo">095</span><a id="line.95"> @Context</a> |
| <span class="sourceLineNo">096</span><a id="line.96"> private ResourceInfo resourceInfo;</a> |
| <span class="sourceLineNo">097</span><a id="line.97"></a> |
| <span class="sourceLineNo">098</span><a id="line.98"> protected void setUserManager( UserManager userManager )</a> |
| <span class="sourceLineNo">099</span><a id="line.99"> {</a> |
| <span class="sourceLineNo">100</span><a id="line.100"> this.userManager = userManager;</a> |
| <span class="sourceLineNo">101</span><a id="line.101"> }</a> |
| <span class="sourceLineNo">102</span><a id="line.102"></a> |
| <span class="sourceLineNo">103</span><a id="line.103"> protected void setJwtAuthenticator( JwtAuthenticator jwtAuthenticator )</a> |
| <span class="sourceLineNo">104</span><a id="line.104"> {</a> |
| <span class="sourceLineNo">105</span><a id="line.105"> this.jwtAuthenticator = jwtAuthenticator;</a> |
| <span class="sourceLineNo">106</span><a id="line.106"> }</a> |
| <span class="sourceLineNo">107</span><a id="line.107"></a> |
| <span class="sourceLineNo">108</span><a id="line.108"> protected void setResourceInfo( ResourceInfo resourceInfo )</a> |
| <span class="sourceLineNo">109</span><a id="line.109"> {</a> |
| <span class="sourceLineNo">110</span><a id="line.110"> this.resourceInfo = resourceInfo;</a> |
| <span class="sourceLineNo">111</span><a id="line.111"> }</a> |
| <span class="sourceLineNo">112</span><a id="line.112"></a> |
| <span class="sourceLineNo">113</span><a id="line.113"> @Override</a> |
| <span class="sourceLineNo">114</span><a id="line.114"> public void filter( ContainerRequestContext requestContext ) throws IOException</a> |
| <span class="sourceLineNo">115</span><a id="line.115"> {</a> |
| <span class="sourceLineNo">116</span><a id="line.116"> log.debug( "Intercepting request for bearer token" );</a> |
| <span class="sourceLineNo">117</span><a id="line.117"> log.debug( "Request {}", requestContext.getUriInfo( ).getPath( ) );</a> |
| <span class="sourceLineNo">118</span><a id="line.118"> final String requestPath = requestContext.getUriInfo( ).getPath( );</a> |
| <span class="sourceLineNo">119</span><a id="line.119"> if (ignoreAuth( requestPath )) {</a> |
| <span class="sourceLineNo">120</span><a id="line.120"> return;</a> |
| <span class="sourceLineNo">121</span><a id="line.121"> }</a> |
| <span class="sourceLineNo">122</span><a id="line.122"></a> |
| <span class="sourceLineNo">123</span><a id="line.123"> // If no redback resource info, we deny the request</a> |
| <span class="sourceLineNo">124</span><a id="line.124"> RedbackAuthorization redbackAuthorization = getRedbackAuthorization( resourceInfo );</a> |
| <span class="sourceLineNo">125</span><a id="line.125"> if ( redbackAuthorization == null )</a> |
| <span class="sourceLineNo">126</span><a id="line.126"> {</a> |
| <span class="sourceLineNo">127</span><a id="line.127"></a> |
| <span class="sourceLineNo">128</span><a id="line.128"> log.warn( "Request path {} doesn't contain any information regarding permissions. Denying access.",</a> |
| <span class="sourceLineNo">129</span><a id="line.129"> requestContext.getUriInfo( ).getRequestUri( ) );</a> |
| <span class="sourceLineNo">130</span><a id="line.130"> // here we failed to authenticate so 403 as there is no detail on karma for this</a> |
| <span class="sourceLineNo">131</span><a id="line.131"> // it must be marked as it's exposed</a> |
| <span class="sourceLineNo">132</span><a id="line.132"> requestContext.abortWith( Response.status( Response.Status.FORBIDDEN ).build( ) );</a> |
| <span class="sourceLineNo">133</span><a id="line.133"> return;</a> |
| <span class="sourceLineNo">134</span><a id="line.134"> }</a> |
| <span class="sourceLineNo">135</span><a id="line.135"> String bearerHeader = StringUtils.defaultIfEmpty( requestContext.getHeaderString( "Authorization" ), "" ).trim( );</a> |
| <span class="sourceLineNo">136</span><a id="line.136"> if ( !"".equals( bearerHeader ) )</a> |
| <span class="sourceLineNo">137</span><a id="line.137"> {</a> |
| <span class="sourceLineNo">138</span><a id="line.138"> log.debug( "Found Bearer token in header" );</a> |
| <span class="sourceLineNo">139</span><a id="line.139"> String bearerToken = bearerHeader.replaceFirst( "\\s*Bearer\\s+(\\S+)\\s*", "$1" );</a> |
| <span class="sourceLineNo">140</span><a id="line.140"> final HttpServletRequest request = getHttpServletRequest( );</a> |
| <span class="sourceLineNo">141</span><a id="line.141"> BearerTokenAuthenticationDataSource source = new BearerTokenAuthenticationDataSource( "", bearerToken );</a> |
| <span class="sourceLineNo">142</span><a id="line.142"></a> |
| <span class="sourceLineNo">143</span><a id="line.143"> if ( redbackAuthorization.noRestriction( ) )</a> |
| <span class="sourceLineNo">144</span><a id="line.144"> {</a> |
| <span class="sourceLineNo">145</span><a id="line.145"> log.debug( "No restriction for method {}#{}", resourceInfo.getResourceClass( ), resourceInfo.getResourceMethod( ) );</a> |
| <span class="sourceLineNo">146</span><a id="line.146"> // maybe session exists so put it in threadLocal</a> |
| <span class="sourceLineNo">147</span><a id="line.147"> // some services need the current user if logged</a> |
| <span class="sourceLineNo">148</span><a id="line.148"> // maybe there is some authz in the request so try it but not fail so catch Exception !</a> |
| <span class="sourceLineNo">149</span><a id="line.149"> try</a> |
| <span class="sourceLineNo">150</span><a id="line.150"> {</a> |
| <span class="sourceLineNo">151</span><a id="line.151"> SecuritySession securitySession = securitySystem.authenticate( source );</a> |
| <span class="sourceLineNo">152</span><a id="line.152"> AuthenticationResult authenticationResult = securitySession.getAuthenticationResult( );</a> |
| <span class="sourceLineNo">153</span><a id="line.153"></a> |
| <span class="sourceLineNo">154</span><a id="line.154"> if ( ( authenticationResult == null ) || ( !authenticationResult.isAuthenticated( ) ) )</a> |
| <span class="sourceLineNo">155</span><a id="line.155"> {</a> |
| <span class="sourceLineNo">156</span><a id="line.156"> return;</a> |
| <span class="sourceLineNo">157</span><a id="line.157"> }</a> |
| <span class="sourceLineNo">158</span><a id="line.158"></a> |
| <span class="sourceLineNo">159</span><a id="line.159"> User user = authenticationResult.getUser( ) == null ? userManager.findUser(</a> |
| <span class="sourceLineNo">160</span><a id="line.160"> authenticationResult.getPrincipal( ) ) : authenticationResult.getUser( );</a> |
| <span class="sourceLineNo">161</span><a id="line.161"> RedbackRequestInformation redbackRequestInformation =</a> |
| <span class="sourceLineNo">162</span><a id="line.162"> new RedbackRequestInformation( securitySession, user, request.getRemoteAddr( ) );</a> |
| <span class="sourceLineNo">163</span><a id="line.163"></a> |
| <span class="sourceLineNo">164</span><a id="line.164"> RedbackAuthenticationThreadLocal.set( redbackRequestInformation );</a> |
| <span class="sourceLineNo">165</span><a id="line.165"> requestContext.setProperty( AUTHENTICATION_RESULT, authenticationResult );</a> |
| <span class="sourceLineNo">166</span><a id="line.166"> requestContext.setProperty( SECURITY_SESSION, securitySession );</a> |
| <span class="sourceLineNo">167</span><a id="line.167"> RedbackSecurityContext securityContext = new RedbackSecurityContext(requestContext.getUriInfo(), user, securitySession );</a> |
| <span class="sourceLineNo">168</span><a id="line.168"></a> |
| <span class="sourceLineNo">169</span><a id="line.169"> if (rbacManager!=null)</a> |
| <span class="sourceLineNo">170</span><a id="line.170"> {</a> |
| <span class="sourceLineNo">171</span><a id="line.171"> List<String> roleNames = rbacManager.getAssignedRoles( user.getUsername( ) ).stream( )</a> |
| <span class="sourceLineNo">172</span><a id="line.172"> .flatMap( role -> Stream.concat( Stream.of( role.getName( ) ), role.getChildRoleNames( ).stream( ) ) )</a> |
| <span class="sourceLineNo">173</span><a id="line.173"> .collect( Collectors.toList( ) );</a> |
| <span class="sourceLineNo">174</span><a id="line.174"> securityContext.setRoles( roleNames );</a> |
| <span class="sourceLineNo">175</span><a id="line.175"> }</a> |
| <span class="sourceLineNo">176</span><a id="line.176"> requestContext.setSecurityContext( securityContext );</a> |
| <span class="sourceLineNo">177</span><a id="line.177"> }</a> |
| <span class="sourceLineNo">178</span><a id="line.178"> catch ( Exception e )</a> |
| <span class="sourceLineNo">179</span><a id="line.179"> {</a> |
| <span class="sourceLineNo">180</span><a id="line.180"> log.debug( "Authentication failed {}", e.getMessage( ), e );</a> |
| <span class="sourceLineNo">181</span><a id="line.181"> // ignore here</a> |
| <span class="sourceLineNo">182</span><a id="line.182"> }</a> |
| <span class="sourceLineNo">183</span><a id="line.183"> return;</a> |
| <span class="sourceLineNo">184</span><a id="line.184"> }</a> |
| <span class="sourceLineNo">185</span><a id="line.185"> HttpServletResponse response = getHttpServletResponse( );</a> |
| <span class="sourceLineNo">186</span><a id="line.186"> try</a> |
| <span class="sourceLineNo">187</span><a id="line.187"> {</a> |
| <span class="sourceLineNo">188</span><a id="line.188"> SecuritySession securitySession = securitySystem.authenticate( source );</a> |
| <span class="sourceLineNo">189</span><a id="line.189"> AuthenticationResult authenticationResult = securitySession.getAuthenticationResult( );</a> |
| <span class="sourceLineNo">190</span><a id="line.190"></a> |
| <span class="sourceLineNo">191</span><a id="line.191"> if ( ( authenticationResult == null ) || ( !authenticationResult.isAuthenticated( ) ) )</a> |
| <span class="sourceLineNo">192</span><a id="line.192"> {</a> |
| <span class="sourceLineNo">193</span><a id="line.193"> String error;</a> |
| <span class="sourceLineNo">194</span><a id="line.194"> String message;</a> |
| <span class="sourceLineNo">195</span><a id="line.195"> if ( authenticationResult.getAuthenticationFailureCauses( ).size( ) > 0 )</a> |
| <span class="sourceLineNo">196</span><a id="line.196"> {</a> |
| <span class="sourceLineNo">197</span><a id="line.197"> AuthenticationFailureCause cause = authenticationResult.getAuthenticationFailureCauses( ).get( 0 );</a> |
| <span class="sourceLineNo">198</span><a id="line.198"> error = BearerError.get( cause.getCause( ) ).getError( );</a> |
| <span class="sourceLineNo">199</span><a id="line.199"> message = cause.getMessage( );</a> |
| <span class="sourceLineNo">200</span><a id="line.200"> }</a> |
| <span class="sourceLineNo">201</span><a id="line.201"> else</a> |
| <span class="sourceLineNo">202</span><a id="line.202"> {</a> |
| <span class="sourceLineNo">203</span><a id="line.203"> error = "invalid_token";</a> |
| <span class="sourceLineNo">204</span><a id="line.204"> message = "Unknown error";</a> |
| <span class="sourceLineNo">205</span><a id="line.205"> }</a> |
| <span class="sourceLineNo">206</span><a id="line.206"> response.setHeader( "WWW-Authenticate", "Bearer realm=\"" + request.getRemoteHost( ) + "\",error=\""</a> |
| <span class="sourceLineNo">207</span><a id="line.207"> + error + "\",error_description=\"" + message + "\"" );</a> |
| <span class="sourceLineNo">208</span><a id="line.208"> requestContext.abortWith( Response.status( Response.Status.UNAUTHORIZED ).build( ) );</a> |
| <span class="sourceLineNo">209</span><a id="line.209"> return;</a> |
| <span class="sourceLineNo">210</span><a id="line.210"> }</a> |
| <span class="sourceLineNo">211</span><a id="line.211"></a> |
| <span class="sourceLineNo">212</span><a id="line.212"> User user = authenticationResult.getUser( ) == null</a> |
| <span class="sourceLineNo">213</span><a id="line.213"> ? userManager.findUser( authenticationResult.getPrincipal( ) )</a> |
| <span class="sourceLineNo">214</span><a id="line.214"> : authenticationResult.getUser( );</a> |
| <span class="sourceLineNo">215</span><a id="line.215"></a> |
| <span class="sourceLineNo">216</span><a id="line.216"> RedbackRequestInformation redbackRequestInformation =</a> |
| <span class="sourceLineNo">217</span><a id="line.217"> new RedbackRequestInformation( user, request.getRemoteAddr( ) );</a> |
| <span class="sourceLineNo">218</span><a id="line.218"> redbackRequestInformation.setSecuritySession( securitySession );</a> |
| <span class="sourceLineNo">219</span><a id="line.219"> RedbackAuthenticationThreadLocal.set( redbackRequestInformation );</a> |
| <span class="sourceLineNo">220</span><a id="line.220"> // message.put( AuthenticationResult.class, authenticationResult );</a> |
| <span class="sourceLineNo">221</span><a id="line.221"> requestContext.setProperty( AUTHENTICATION_RESULT, authenticationResult );</a> |
| <span class="sourceLineNo">222</span><a id="line.222"> requestContext.setProperty( SECURITY_SESSION, securitySession );</a> |
| <span class="sourceLineNo">223</span><a id="line.223"> RedbackSecurityContext securityContext = new RedbackSecurityContext(requestContext.getUriInfo(), user, securitySession );</a> |
| <span class="sourceLineNo">224</span><a id="line.224"> requestContext.setSecurityContext( securityContext );</a> |
| <span class="sourceLineNo">225</span><a id="line.225"> return;</a> |
| <span class="sourceLineNo">226</span><a id="line.226"> }</a> |
| <span class="sourceLineNo">227</span><a id="line.227"> catch ( AuthenticationException e )</a> |
| <span class="sourceLineNo">228</span><a id="line.228"> {</a> |
| <span class="sourceLineNo">229</span><a id="line.229"> response.setHeader( "WWW-Authenticate", "Bearer realm=\"" + request.getRemoteHost( )</a> |
| <span class="sourceLineNo">230</span><a id="line.230"> + "\",error=\"invalid_token\",error_description=\"" + e.getMessage( ) + "\"" );</a> |
| <span class="sourceLineNo">231</span><a id="line.231"> requestContext.abortWith( Response.status( Response.Status.UNAUTHORIZED ).build( ) );</a> |
| <span class="sourceLineNo">232</span><a id="line.232"> }</a> |
| <span class="sourceLineNo">233</span><a id="line.233"> catch ( UserNotFoundException e )</a> |
| <span class="sourceLineNo">234</span><a id="line.234"> {</a> |
| <span class="sourceLineNo">235</span><a id="line.235"> response.setHeader( "WWW-Authenticate", "Bearer realm=\"" + request.getRemoteHost( )</a> |
| <span class="sourceLineNo">236</span><a id="line.236"> + "\",error=\"invalid_token\",error_description=\"user not found\"" );</a> |
| <span class="sourceLineNo">237</span><a id="line.237"> requestContext.abortWith( Response.status( Response.Status.UNAUTHORIZED ).build( ) );</a> |
| <span class="sourceLineNo">238</span><a id="line.238"> }</a> |
| <span class="sourceLineNo">239</span><a id="line.239"> catch ( UserManagerException e )</a> |
| <span class="sourceLineNo">240</span><a id="line.240"> {</a> |
| <span class="sourceLineNo">241</span><a id="line.241"> log.error( "Error from user manager " + e.getMessage( ) );</a> |
| <span class="sourceLineNo">242</span><a id="line.242"> requestContext.abortWith( Response.status( Response.Status.INTERNAL_SERVER_ERROR ).build( ) );</a> |
| <span class="sourceLineNo">243</span><a id="line.243"> }</a> |
| <span class="sourceLineNo">244</span><a id="line.244"> catch ( AccountLockedException e )</a> |
| <span class="sourceLineNo">245</span><a id="line.245"> {</a> |
| <span class="sourceLineNo">246</span><a id="line.246"> response.setHeader( "WWW-Authenticate", "Bearer realm=\"" + request.getRemoteHost( )</a> |
| <span class="sourceLineNo">247</span><a id="line.247"> + "\",error=\"invalid_token\",error_description=\"account locked\"" );</a> |
| <span class="sourceLineNo">248</span><a id="line.248"> requestContext.abortWith( Response.status( Response.Status.UNAUTHORIZED ).build( ) );</a> |
| <span class="sourceLineNo">249</span><a id="line.249"> }</a> |
| <span class="sourceLineNo">250</span><a id="line.250"> catch ( MustChangePasswordException e )</a> |
| <span class="sourceLineNo">251</span><a id="line.251"> {</a> |
| <span class="sourceLineNo">252</span><a id="line.252"> response.setHeader( "WWW-Authenticate", "Bearer realm=\"" + request.getRemoteHost( )</a> |
| <span class="sourceLineNo">253</span><a id="line.253"> + "\",error=\"invalid_token\",error_description=\"password change required\"" );</a> |
| <span class="sourceLineNo">254</span><a id="line.254"> requestContext.abortWith( Response.status( Response.Status.UNAUTHORIZED ).build( ) );</a> |
| <span class="sourceLineNo">255</span><a id="line.255"> }</a> |
| <span class="sourceLineNo">256</span><a id="line.256"></a> |
| <span class="sourceLineNo">257</span><a id="line.257"></a> |
| <span class="sourceLineNo">258</span><a id="line.258"> } else {</a> |
| <span class="sourceLineNo">259</span><a id="line.259"> log.debug( "No Bearer token found" );</a> |
| <span class="sourceLineNo">260</span><a id="line.260"> }</a> |
| <span class="sourceLineNo">261</span><a id="line.261"> }</a> |
| <span class="sourceLineNo">262</span><a id="line.262">}</a> |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| </pre> |
| </div> |
| </main> |
| </body> |
| </html> |