Google Git
Sign in
apache / archiva-web-content / 1b7e811f9aa411dd1b001fe82a147012e4cce823 / . / redback / core / 3.0.0-SNAPSHOT / apidocs / src-html / org / apache / archiva / redback / rest / services / interceptors / BearerAuthInterceptor.html
blob: 5bd62f05c8b306906444dc6dddef3760bd3af6bb [file] [log] [blame]
<!DOCTYPE HTML>
<html lang="en">
<head>
<title>Source code</title>
<link rel="stylesheet" type="text/css" href="../../../../../../../../stylesheet.css" title="Style">
</head>
<body>
<main role="main">
<div class="sourceContainer">
<pre><span class="sourceLineNo">001</span><a id="line.1">package org.apache.archiva.redback.rest.services.interceptors;</a>
<span class="sourceLineNo">002</span><a id="line.2"></a>
<span class="sourceLineNo">003</span><a id="line.3">/*</a>
<span class="sourceLineNo">004</span><a id="line.4"> * Licensed to the Apache Software Foundation (ASF) under one</a>
<span class="sourceLineNo">005</span><a id="line.5"> * or more contributor license agreements. See the NOTICE file</a>
<span class="sourceLineNo">006</span><a id="line.6"> * distributed with this work for additional information</a>
<span class="sourceLineNo">007</span><a id="line.7"> * regarding copyright ownership. The ASF licenses this file</a>
<span class="sourceLineNo">008</span><a id="line.8"> * to you under the Apache License, Version 2.0 (the</a>
<span class="sourceLineNo">009</span><a id="line.9"> * "License"); you may not use this file except in compliance</a>
<span class="sourceLineNo">010</span><a id="line.10"> * with the License. You may obtain a copy of the License at</a>
<span class="sourceLineNo">011</span><a id="line.11"> *</a>
<span class="sourceLineNo">012</span><a id="line.12"> * http://www.apache.org/licenses/LICENSE-2.0</a>
<span class="sourceLineNo">013</span><a id="line.13"> * Unless required by applicable law or agreed to in writing,</a>
<span class="sourceLineNo">014</span><a id="line.14"> * software distributed under the License is distributed on an</a>
<span class="sourceLineNo">015</span><a id="line.15"> * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY</a>
<span class="sourceLineNo">016</span><a id="line.16"> * KIND, either express or implied. See the License for the</a>
<span class="sourceLineNo">017</span><a id="line.17"> * specific language governing permissions and limitations</a>
<span class="sourceLineNo">018</span><a id="line.18"> * under the License.</a>
<span class="sourceLineNo">019</span><a id="line.19"> */</a>
<span class="sourceLineNo">020</span><a id="line.20"></a>
<span class="sourceLineNo">021</span><a id="line.21">import org.apache.archiva.redback.authentication.AuthenticationException;</a>
<span class="sourceLineNo">022</span><a id="line.22">import org.apache.archiva.redback.authentication.AuthenticationFailureCause;</a>
<span class="sourceLineNo">023</span><a id="line.23">import org.apache.archiva.redback.authentication.AuthenticationResult;</a>
<span class="sourceLineNo">024</span><a id="line.24">import org.apache.archiva.redback.authentication.BearerTokenAuthenticationDataSource;</a>
<span class="sourceLineNo">025</span><a id="line.25">import org.apache.archiva.redback.authentication.jwt.BearerError;</a>
<span class="sourceLineNo">026</span><a id="line.26">import org.apache.archiva.redback.authentication.jwt.JwtAuthenticator;</a>
<span class="sourceLineNo">027</span><a id="line.27">import org.apache.archiva.redback.authorization.RedbackAuthorization;</a>
<span class="sourceLineNo">028</span><a id="line.28">import org.apache.archiva.redback.integration.filter.authentication.HttpAuthenticationException;</a>
<span class="sourceLineNo">029</span><a id="line.29">import org.apache.archiva.redback.policy.AccountLockedException;</a>
<span class="sourceLineNo">030</span><a id="line.30">import org.apache.archiva.redback.policy.MustChangePasswordException;</a>
<span class="sourceLineNo">031</span><a id="line.31">import org.apache.archiva.redback.rbac.RBACManager;</a>
<span class="sourceLineNo">032</span><a id="line.32">import org.apache.archiva.redback.rest.services.RedbackAuthenticationThreadLocal;</a>
<span class="sourceLineNo">033</span><a id="line.33">import org.apache.archiva.redback.rest.services.RedbackRequestInformation;</a>
<span class="sourceLineNo">034</span><a id="line.34">import org.apache.archiva.redback.system.SecuritySession;</a>
<span class="sourceLineNo">035</span><a id="line.35">import org.apache.archiva.redback.system.SecuritySystem;</a>
<span class="sourceLineNo">036</span><a id="line.36">import org.apache.archiva.redback.users.User;</a>
<span class="sourceLineNo">037</span><a id="line.37">import org.apache.archiva.redback.users.UserManager;</a>
<span class="sourceLineNo">038</span><a id="line.38">import org.apache.archiva.redback.users.UserManagerException;</a>
<span class="sourceLineNo">039</span><a id="line.39">import org.apache.archiva.redback.users.UserNotFoundException;</a>
<span class="sourceLineNo">040</span><a id="line.40">import org.apache.commons.lang3.StringUtils;</a>
<span class="sourceLineNo">041</span><a id="line.41">import org.slf4j.Logger;</a>
<span class="sourceLineNo">042</span><a id="line.42">import org.slf4j.LoggerFactory;</a>
<span class="sourceLineNo">043</span><a id="line.43">import org.springframework.stereotype.Service;</a>
<span class="sourceLineNo">044</span><a id="line.44"></a>
<span class="sourceLineNo">045</span><a id="line.45">import javax.annotation.Priority;</a>
<span class="sourceLineNo">046</span><a id="line.46">import javax.inject.Inject;</a>
<span class="sourceLineNo">047</span><a id="line.47">import javax.inject.Named;</a>
<span class="sourceLineNo">048</span><a id="line.48">import javax.servlet.http.HttpServletRequest;</a>
<span class="sourceLineNo">049</span><a id="line.49">import javax.servlet.http.HttpServletResponse;</a>
<span class="sourceLineNo">050</span><a id="line.50">import javax.ws.rs.container.ContainerRequestContext;</a>
<span class="sourceLineNo">051</span><a id="line.51">import javax.ws.rs.container.ContainerRequestFilter;</a>
<span class="sourceLineNo">052</span><a id="line.52">import javax.ws.rs.container.ResourceInfo;</a>
<span class="sourceLineNo">053</span><a id="line.53">import javax.ws.rs.core.Context;</a>
<span class="sourceLineNo">054</span><a id="line.54">import javax.ws.rs.core.Response;</a>
<span class="sourceLineNo">055</span><a id="line.55">import javax.ws.rs.core.SecurityContext;</a>
<span class="sourceLineNo">056</span><a id="line.56">import javax.ws.rs.core.UriInfo;</a>
<span class="sourceLineNo">057</span><a id="line.57">import javax.ws.rs.ext.Provider;</a>
<span class="sourceLineNo">058</span><a id="line.58">import java.io.IOException;</a>
<span class="sourceLineNo">059</span><a id="line.59">import java.util.List;</a>
<span class="sourceLineNo">060</span><a id="line.60">import java.util.function.Function;</a>
<span class="sourceLineNo">061</span><a id="line.61">import java.util.regex.Pattern;</a>
<span class="sourceLineNo">062</span><a id="line.62">import java.util.stream.Collectors;</a>
<span class="sourceLineNo">063</span><a id="line.63">import java.util.stream.Stream;</a>
<span class="sourceLineNo">064</span><a id="line.64"></a>
<span class="sourceLineNo">065</span><a id="line.65">/**</a>
<span class="sourceLineNo">066</span><a id="line.66"> * Interceptor that checks for the Bearer Header value and tries to verify the token.</a>
<span class="sourceLineNo">067</span><a id="line.67"> *</a>
<span class="sourceLineNo">068</span><a id="line.68"> * @author Martin Stockhammer &lt;martin_s@apache.org&gt;</a>
<span class="sourceLineNo">069</span><a id="line.69"> * @since 3.0</a>
<span class="sourceLineNo">070</span><a id="line.70"> */</a>
<span class="sourceLineNo">071</span><a id="line.71">@Service( "bearerAuthInterceptor#rest" )</a>
<span class="sourceLineNo">072</span><a id="line.72">@Provider</a>
<span class="sourceLineNo">073</span><a id="line.73">@Priority( Priorities.AUTHENTICATION )</a>
<span class="sourceLineNo">074</span><a id="line.74">public class BearerAuthInterceptor extends AbstractInterceptor</a>
<span class="sourceLineNo">075</span><a id="line.75"> implements ContainerRequestFilter</a>
<span class="sourceLineNo">076</span><a id="line.76">{</a>
<span class="sourceLineNo">077</span><a id="line.77"></a>
<span class="sourceLineNo">078</span><a id="line.78"> private static final Logger log = LoggerFactory.getLogger( BearerAuthInterceptor.class );</a>
<span class="sourceLineNo">079</span><a id="line.79"></a>
<span class="sourceLineNo">080</span><a id="line.80"> @Inject</a>
<span class="sourceLineNo">081</span><a id="line.81"> @Named( value = "userManager#default" )</a>
<span class="sourceLineNo">082</span><a id="line.82"> private UserManager userManager;</a>
<span class="sourceLineNo">083</span><a id="line.83"></a>
<span class="sourceLineNo">084</span><a id="line.84"> @Inject</a>
<span class="sourceLineNo">085</span><a id="line.85"> @Named( value = "rbacManager#default" )</a>
<span class="sourceLineNo">086</span><a id="line.86"> RBACManager rbacManager;</a>
<span class="sourceLineNo">087</span><a id="line.87"></a>
<span class="sourceLineNo">088</span><a id="line.88"> @Inject</a>
<span class="sourceLineNo">089</span><a id="line.89"> @Named( value = "securitySystem" )</a>
<span class="sourceLineNo">090</span><a id="line.90"> SecuritySystem securitySystem;</a>
<span class="sourceLineNo">091</span><a id="line.91"></a>
<span class="sourceLineNo">092</span><a id="line.92"> @Inject</a>
<span class="sourceLineNo">093</span><a id="line.93"> JwtAuthenticator jwtAuthenticator;</a>
<span class="sourceLineNo">094</span><a id="line.94"></a>
<span class="sourceLineNo">095</span><a id="line.95"> @Context</a>
<span class="sourceLineNo">096</span><a id="line.96"> private ResourceInfo resourceInfo;</a>
<span class="sourceLineNo">097</span><a id="line.97"></a>
<span class="sourceLineNo">098</span><a id="line.98"> protected void setUserManager( UserManager userManager )</a>
<span class="sourceLineNo">099</span><a id="line.99"> {</a>
<span class="sourceLineNo">100</span><a id="line.100"> this.userManager = userManager;</a>
<span class="sourceLineNo">101</span><a id="line.101"> }</a>
<span class="sourceLineNo">102</span><a id="line.102"></a>
<span class="sourceLineNo">103</span><a id="line.103"> protected void setJwtAuthenticator( JwtAuthenticator jwtAuthenticator )</a>
<span class="sourceLineNo">104</span><a id="line.104"> {</a>
<span class="sourceLineNo">105</span><a id="line.105"> this.jwtAuthenticator = jwtAuthenticator;</a>
<span class="sourceLineNo">106</span><a id="line.106"> }</a>
<span class="sourceLineNo">107</span><a id="line.107"></a>
<span class="sourceLineNo">108</span><a id="line.108"> protected void setResourceInfo( ResourceInfo resourceInfo )</a>
<span class="sourceLineNo">109</span><a id="line.109"> {</a>
<span class="sourceLineNo">110</span><a id="line.110"> this.resourceInfo = resourceInfo;</a>
<span class="sourceLineNo">111</span><a id="line.111"> }</a>
<span class="sourceLineNo">112</span><a id="line.112"></a>
<span class="sourceLineNo">113</span><a id="line.113"> @Override</a>
<span class="sourceLineNo">114</span><a id="line.114"> public void filter( ContainerRequestContext requestContext ) throws IOException</a>
<span class="sourceLineNo">115</span><a id="line.115"> {</a>
<span class="sourceLineNo">116</span><a id="line.116"> log.debug( "Intercepting request for bearer token" );</a>
<span class="sourceLineNo">117</span><a id="line.117"> log.debug( "Request {}", requestContext.getUriInfo( ).getPath( ) );</a>
<span class="sourceLineNo">118</span><a id="line.118"> final String requestPath = requestContext.getUriInfo( ).getPath( );</a>
<span class="sourceLineNo">119</span><a id="line.119"> if (ignoreAuth( requestPath )) {</a>
<span class="sourceLineNo">120</span><a id="line.120"> return;</a>
<span class="sourceLineNo">121</span><a id="line.121"> }</a>
<span class="sourceLineNo">122</span><a id="line.122"></a>
<span class="sourceLineNo">123</span><a id="line.123"> // If no redback resource info, we deny the request</a>
<span class="sourceLineNo">124</span><a id="line.124"> RedbackAuthorization redbackAuthorization = getRedbackAuthorization( resourceInfo );</a>
<span class="sourceLineNo">125</span><a id="line.125"> if ( redbackAuthorization == null )</a>
<span class="sourceLineNo">126</span><a id="line.126"> {</a>
<span class="sourceLineNo">127</span><a id="line.127"></a>
<span class="sourceLineNo">128</span><a id="line.128"> log.warn( "Request path {} doesn't contain any information regarding permissions. Denying access.",</a>
<span class="sourceLineNo">129</span><a id="line.129"> requestContext.getUriInfo( ).getRequestUri( ) );</a>
<span class="sourceLineNo">130</span><a id="line.130"> // here we failed to authenticate so 403 as there is no detail on karma for this</a>
<span class="sourceLineNo">131</span><a id="line.131"> // it must be marked as it's exposed</a>
<span class="sourceLineNo">132</span><a id="line.132"> requestContext.abortWith( Response.status( Response.Status.FORBIDDEN ).build( ) );</a>
<span class="sourceLineNo">133</span><a id="line.133"> return;</a>
<span class="sourceLineNo">134</span><a id="line.134"> }</a>
<span class="sourceLineNo">135</span><a id="line.135"> String bearerHeader = StringUtils.defaultIfEmpty( requestContext.getHeaderString( "Authorization" ), "" ).trim( );</a>
<span class="sourceLineNo">136</span><a id="line.136"> if ( !"".equals( bearerHeader ) )</a>
<span class="sourceLineNo">137</span><a id="line.137"> {</a>
<span class="sourceLineNo">138</span><a id="line.138"> log.debug( "Found Bearer token in header" );</a>
<span class="sourceLineNo">139</span><a id="line.139"> String bearerToken = bearerHeader.replaceFirst( "\\s*Bearer\\s+(\\S+)\\s*", "$1" );</a>
<span class="sourceLineNo">140</span><a id="line.140"> final HttpServletRequest request = getHttpServletRequest( );</a>
<span class="sourceLineNo">141</span><a id="line.141"> BearerTokenAuthenticationDataSource source = new BearerTokenAuthenticationDataSource( "", bearerToken );</a>
<span class="sourceLineNo">142</span><a id="line.142"></a>
<span class="sourceLineNo">143</span><a id="line.143"> if ( redbackAuthorization.noRestriction( ) )</a>
<span class="sourceLineNo">144</span><a id="line.144"> {</a>
<span class="sourceLineNo">145</span><a id="line.145"> log.debug( "No restriction for method {}#{}", resourceInfo.getResourceClass( ), resourceInfo.getResourceMethod( ) );</a>
<span class="sourceLineNo">146</span><a id="line.146"> // maybe session exists so put it in threadLocal</a>
<span class="sourceLineNo">147</span><a id="line.147"> // some services need the current user if logged</a>
<span class="sourceLineNo">148</span><a id="line.148"> // maybe there is some authz in the request so try it but not fail so catch Exception !</a>
<span class="sourceLineNo">149</span><a id="line.149"> try</a>
<span class="sourceLineNo">150</span><a id="line.150"> {</a>
<span class="sourceLineNo">151</span><a id="line.151"> SecuritySession securitySession = securitySystem.authenticate( source );</a>
<span class="sourceLineNo">152</span><a id="line.152"> AuthenticationResult authenticationResult = securitySession.getAuthenticationResult( );</a>
<span class="sourceLineNo">153</span><a id="line.153"></a>
<span class="sourceLineNo">154</span><a id="line.154"> if ( ( authenticationResult == null ) || ( !authenticationResult.isAuthenticated( ) ) )</a>
<span class="sourceLineNo">155</span><a id="line.155"> {</a>
<span class="sourceLineNo">156</span><a id="line.156"> return;</a>
<span class="sourceLineNo">157</span><a id="line.157"> }</a>
<span class="sourceLineNo">158</span><a id="line.158"></a>
<span class="sourceLineNo">159</span><a id="line.159"> User user = authenticationResult.getUser( ) == null ? userManager.findUser(</a>
<span class="sourceLineNo">160</span><a id="line.160"> authenticationResult.getPrincipal( ) ) : authenticationResult.getUser( );</a>
<span class="sourceLineNo">161</span><a id="line.161"> RedbackRequestInformation redbackRequestInformation =</a>
<span class="sourceLineNo">162</span><a id="line.162"> new RedbackRequestInformation( securitySession, user, request.getRemoteAddr( ) );</a>
<span class="sourceLineNo">163</span><a id="line.163"></a>
<span class="sourceLineNo">164</span><a id="line.164"> RedbackAuthenticationThreadLocal.set( redbackRequestInformation );</a>
<span class="sourceLineNo">165</span><a id="line.165"> requestContext.setProperty( AUTHENTICATION_RESULT, authenticationResult );</a>
<span class="sourceLineNo">166</span><a id="line.166"> requestContext.setProperty( SECURITY_SESSION, securitySession );</a>
<span class="sourceLineNo">167</span><a id="line.167"> RedbackSecurityContext securityContext = new RedbackSecurityContext(requestContext.getUriInfo(), user, securitySession );</a>
<span class="sourceLineNo">168</span><a id="line.168"></a>
<span class="sourceLineNo">169</span><a id="line.169"> if (rbacManager!=null)</a>
<span class="sourceLineNo">170</span><a id="line.170"> {</a>
<span class="sourceLineNo">171</span><a id="line.171"> List&lt;String&gt; roleNames = rbacManager.getAssignedRoles( user.getUsername( ) ).stream( )</a>
<span class="sourceLineNo">172</span><a id="line.172"> .flatMap( role -&gt; Stream.concat( Stream.of( role.getName( ) ), role.getChildRoleNames( ).stream( ) ) )</a>
<span class="sourceLineNo">173</span><a id="line.173"> .collect( Collectors.toList( ) );</a>
<span class="sourceLineNo">174</span><a id="line.174"> securityContext.setRoles( roleNames );</a>
<span class="sourceLineNo">175</span><a id="line.175"> }</a>
<span class="sourceLineNo">176</span><a id="line.176"> requestContext.setSecurityContext( securityContext );</a>
<span class="sourceLineNo">177</span><a id="line.177"> }</a>
<span class="sourceLineNo">178</span><a id="line.178"> catch ( Exception e )</a>
<span class="sourceLineNo">179</span><a id="line.179"> {</a>
<span class="sourceLineNo">180</span><a id="line.180"> log.debug( "Authentication failed {}", e.getMessage( ), e );</a>
<span class="sourceLineNo">181</span><a id="line.181"> // ignore here</a>
<span class="sourceLineNo">182</span><a id="line.182"> }</a>
<span class="sourceLineNo">183</span><a id="line.183"> return;</a>
<span class="sourceLineNo">184</span><a id="line.184"> }</a>
<span class="sourceLineNo">185</span><a id="line.185"> HttpServletResponse response = getHttpServletResponse( );</a>
<span class="sourceLineNo">186</span><a id="line.186"> try</a>
<span class="sourceLineNo">187</span><a id="line.187"> {</a>
<span class="sourceLineNo">188</span><a id="line.188"> SecuritySession securitySession = securitySystem.authenticate( source );</a>
<span class="sourceLineNo">189</span><a id="line.189"> AuthenticationResult authenticationResult = securitySession.getAuthenticationResult( );</a>
<span class="sourceLineNo">190</span><a id="line.190"></a>
<span class="sourceLineNo">191</span><a id="line.191"> if ( ( authenticationResult == null ) || ( !authenticationResult.isAuthenticated( ) ) )</a>
<span class="sourceLineNo">192</span><a id="line.192"> {</a>
<span class="sourceLineNo">193</span><a id="line.193"> String error;</a>
<span class="sourceLineNo">194</span><a id="line.194"> String message;</a>
<span class="sourceLineNo">195</span><a id="line.195"> if ( authenticationResult.getAuthenticationFailureCauses( ).size( ) &gt; 0 )</a>
<span class="sourceLineNo">196</span><a id="line.196"> {</a>
<span class="sourceLineNo">197</span><a id="line.197"> AuthenticationFailureCause cause = authenticationResult.getAuthenticationFailureCauses( ).get( 0 );</a>
<span class="sourceLineNo">198</span><a id="line.198"> error = BearerError.get( cause.getCause( ) ).getError( );</a>
<span class="sourceLineNo">199</span><a id="line.199"> message = cause.getMessage( );</a>
<span class="sourceLineNo">200</span><a id="line.200"> }</a>
<span class="sourceLineNo">201</span><a id="line.201"> else</a>
<span class="sourceLineNo">202</span><a id="line.202"> {</a>
<span class="sourceLineNo">203</span><a id="line.203"> error = "invalid_token";</a>
<span class="sourceLineNo">204</span><a id="line.204"> message = "Unknown error";</a>
<span class="sourceLineNo">205</span><a id="line.205"> }</a>
<span class="sourceLineNo">206</span><a id="line.206"> response.setHeader( "WWW-Authenticate", "Bearer realm=\"" + request.getRemoteHost( ) + "\",error=\""</a>
<span class="sourceLineNo">207</span><a id="line.207"> + error + "\",error_description=\"" + message + "\"" );</a>
<span class="sourceLineNo">208</span><a id="line.208"> requestContext.abortWith( Response.status( Response.Status.UNAUTHORIZED ).build( ) );</a>
<span class="sourceLineNo">209</span><a id="line.209"> return;</a>
<span class="sourceLineNo">210</span><a id="line.210"> }</a>
<span class="sourceLineNo">211</span><a id="line.211"></a>
<span class="sourceLineNo">212</span><a id="line.212"> User user = authenticationResult.getUser( ) == null</a>
<span class="sourceLineNo">213</span><a id="line.213"> ? userManager.findUser( authenticationResult.getPrincipal( ) )</a>
<span class="sourceLineNo">214</span><a id="line.214"> : authenticationResult.getUser( );</a>
<span class="sourceLineNo">215</span><a id="line.215"></a>
<span class="sourceLineNo">216</span><a id="line.216"> RedbackRequestInformation redbackRequestInformation =</a>
<span class="sourceLineNo">217</span><a id="line.217"> new RedbackRequestInformation( user, request.getRemoteAddr( ) );</a>
<span class="sourceLineNo">218</span><a id="line.218"> redbackRequestInformation.setSecuritySession( securitySession );</a>
<span class="sourceLineNo">219</span><a id="line.219"> RedbackAuthenticationThreadLocal.set( redbackRequestInformation );</a>
<span class="sourceLineNo">220</span><a id="line.220"> // message.put( AuthenticationResult.class, authenticationResult );</a>
<span class="sourceLineNo">221</span><a id="line.221"> requestContext.setProperty( AUTHENTICATION_RESULT, authenticationResult );</a>
<span class="sourceLineNo">222</span><a id="line.222"> requestContext.setProperty( SECURITY_SESSION, securitySession );</a>
<span class="sourceLineNo">223</span><a id="line.223"> RedbackSecurityContext securityContext = new RedbackSecurityContext(requestContext.getUriInfo(), user, securitySession );</a>
<span class="sourceLineNo">224</span><a id="line.224"> requestContext.setSecurityContext( securityContext );</a>
<span class="sourceLineNo">225</span><a id="line.225"> return;</a>
<span class="sourceLineNo">226</span><a id="line.226"> }</a>
<span class="sourceLineNo">227</span><a id="line.227"> catch ( AuthenticationException e )</a>
<span class="sourceLineNo">228</span><a id="line.228"> {</a>
<span class="sourceLineNo">229</span><a id="line.229"> response.setHeader( "WWW-Authenticate", "Bearer realm=\"" + request.getRemoteHost( )</a>
<span class="sourceLineNo">230</span><a id="line.230"> + "\",error=\"invalid_token\",error_description=\"" + e.getMessage( ) + "\"" );</a>
<span class="sourceLineNo">231</span><a id="line.231"> requestContext.abortWith( Response.status( Response.Status.UNAUTHORIZED ).build( ) );</a>
<span class="sourceLineNo">232</span><a id="line.232"> }</a>
<span class="sourceLineNo">233</span><a id="line.233"> catch ( UserNotFoundException e )</a>
<span class="sourceLineNo">234</span><a id="line.234"> {</a>
<span class="sourceLineNo">235</span><a id="line.235"> response.setHeader( "WWW-Authenticate", "Bearer realm=\"" + request.getRemoteHost( )</a>
<span class="sourceLineNo">236</span><a id="line.236"> + "\",error=\"invalid_token\",error_description=\"user not found\"" );</a>
<span class="sourceLineNo">237</span><a id="line.237"> requestContext.abortWith( Response.status( Response.Status.UNAUTHORIZED ).build( ) );</a>
<span class="sourceLineNo">238</span><a id="line.238"> }</a>
<span class="sourceLineNo">239</span><a id="line.239"> catch ( UserManagerException e )</a>
<span class="sourceLineNo">240</span><a id="line.240"> {</a>
<span class="sourceLineNo">241</span><a id="line.241"> log.error( "Error from user manager " + e.getMessage( ) );</a>
<span class="sourceLineNo">242</span><a id="line.242"> requestContext.abortWith( Response.status( Response.Status.INTERNAL_SERVER_ERROR ).build( ) );</a>
<span class="sourceLineNo">243</span><a id="line.243"> }</a>
<span class="sourceLineNo">244</span><a id="line.244"> catch ( AccountLockedException e )</a>
<span class="sourceLineNo">245</span><a id="line.245"> {</a>
<span class="sourceLineNo">246</span><a id="line.246"> response.setHeader( "WWW-Authenticate", "Bearer realm=\"" + request.getRemoteHost( )</a>
<span class="sourceLineNo">247</span><a id="line.247"> + "\",error=\"invalid_token\",error_description=\"account locked\"" );</a>
<span class="sourceLineNo">248</span><a id="line.248"> requestContext.abortWith( Response.status( Response.Status.UNAUTHORIZED ).build( ) );</a>
<span class="sourceLineNo">249</span><a id="line.249"> }</a>
<span class="sourceLineNo">250</span><a id="line.250"> catch ( MustChangePasswordException e )</a>
<span class="sourceLineNo">251</span><a id="line.251"> {</a>
<span class="sourceLineNo">252</span><a id="line.252"> response.setHeader( "WWW-Authenticate", "Bearer realm=\"" + request.getRemoteHost( )</a>
<span class="sourceLineNo">253</span><a id="line.253"> + "\",error=\"invalid_token\",error_description=\"password change required\"" );</a>
<span class="sourceLineNo">254</span><a id="line.254"> requestContext.abortWith( Response.status( Response.Status.UNAUTHORIZED ).build( ) );</a>
<span class="sourceLineNo">255</span><a id="line.255"> }</a>
<span class="sourceLineNo">256</span><a id="line.256"></a>
<span class="sourceLineNo">257</span><a id="line.257"></a>
<span class="sourceLineNo">258</span><a id="line.258"> } else {</a>
<span class="sourceLineNo">259</span><a id="line.259"> log.debug( "No Bearer token found" );</a>
<span class="sourceLineNo">260</span><a id="line.260"> }</a>
<span class="sourceLineNo">261</span><a id="line.261"> }</a>
<span class="sourceLineNo">262</span><a id="line.262">}</a>
</pre>
</div>
</main>
</body>
</html>