Improving response of permission interceptor

2021-05-30 10:55:29 +02:00 · 2021-05-30 10:55:29 +02:00 · 8a45cf5519
parent ec89237419
commit 8a45cf5519
2 changed files with 19 additions and 3 deletions
--- a/redback-authorization/redback-authorization-api/src/main/java/org/apache/archiva/redback/authorization/RedbackAuthorization.java
+++ b/redback-authorization/redback-authorization-api/src/main/java/org/apache/archiva/redback/authorization/RedbackAuthorization.java
@ -49,7 +49,9 @@ public @interface RedbackAuthorization
     * The resource is used to restrict access by using information from
     * the method parameters or call environment.
     * Resource annotations have to be in line with the defined permissions.
-     * @return the redback ressource karma needed
+     * Parameters have to be given in the form <code>{parameterName}</code> and are extracted from the URIInfo (path- and
+     * query-parameters)
+     * @return the redback resource karma needed
     */
    String resource() default ( "" );

@ -65,7 +67,7 @@ public @interface RedbackAuthorization
    boolean noRestriction() default false;

    /**
-     * @return if this service need only authentication and not special karma
+     * @return True, if this service need only authentication and not special karma
     */
    boolean noPermission() default false;
 }
--- a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/interceptors/PermissionsInterceptor.java
+++ b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/interceptors/PermissionsInterceptor.java
@ -66,6 +66,9 @@ public class PermissionsInterceptor
    @Named( value = "httpAuthenticator#basic" )
    private HttpBasicAuthentication httpAuthenticator;

+    private static final String DEFAULT_AUTHENTICATION_REALM = "archiva";
+    private String authenticationRealm = DEFAULT_AUTHENTICATION_REALM;
+
    @Context
    private ResourceInfo resourceInfo;

@ -172,7 +175,9 @@ public class PermissionsInterceptor
                        return;
                    } else {
                        log.debug( "Path {} is protected and needs authentication. User not authenticated.", requestPath );
-                        containerRequestContext.abortWith( Response.status( Response.Status.UNAUTHORIZED ).build() );
+                        containerRequestContext.abortWith( Response.status( Response.Status.UNAUTHORIZED )
+                            .header( "WWW-Authenticate", "Bearer realm=\""+getAuthenticationRealm()+"\"" )
+                            .build() );
                        return;
                    }
                }
@ -204,4 +209,13 @@ public class PermissionsInterceptor
    }


+    public String getAuthenticationRealm( )
+    {
+        return authenticationRealm;
+    }
+
+    public void setAuthenticationRealm( String authenticationRealm )
+    {
+        this.authenticationRealm = authenticationRealm;
+    }
 }