Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-08 03:32:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Commence method now returns 403 error

Browse Source
This commit is contained in:
Luke Taylor 2005-03-16 18:26:41 +00:00
parent 452604ff3b
commit bb7d428617
1 changed files with 20 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
core/src/main/java/org/acegisecurity/ui/x509/X509ProcessingFilterEntryPoint.java
View File

@ -2,26 +2,44 @@ package net.sf.acegisecurity.ui.x509;
import net.sf.acegisecurity.intercept.web.AuthenticationEntryPoint; import net.sf.acegisecurity.intercept.web.AuthenticationEntryPoint;
import net.sf.acegisecurity.AuthenticationException; import net.sf.acegisecurity.AuthenticationException;
import net.sf.acegisecurity.providers.x509.X509AuthenticationProvider;
import javax.servlet.ServletRequest; import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse; import javax.servlet.ServletResponse;
import javax.servlet.ServletException; import javax.servlet.ServletException;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException; import java.io.IOException;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
/** /**
* In the X.509 authentication case (unlike CAS, for example) the certificate will already
* have been extracted from the request and a secure context established by the time
* the security-enforcement filter is invoked.
* <p>
* Therefore this class isn't actually responsible for the commencement of authentication, as it
* is in the case of other providers. It will be called if the certificate was rejected by
* Acegi's X509AuthenticationProvider, resulting in a null authentication.
* </p>
* The <code>commence</code> method will always return an
* <code>HttpServletResponse.SC_FORBIDDEN</code> (403 error).
*
* *
* @author Luke Taylor * @author Luke Taylor
* @version $Id$
* @see net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter
*/ */
public class X509ProcessingFilterEntryPoint implements AuthenticationEntryPoint { public class X509ProcessingFilterEntryPoint implements AuthenticationEntryPoint {
//~ Static fields/initializers ============================================= //~ Static fields/initializers =============================================
private static final Log logger = LogFactory.getLog(X509ProcessingFilterEntryPoint.class); private static final Log logger = LogFactory.getLog(X509ProcessingFilterEntryPoint.class);
/**
* Returns a 403 error code to the client.
*/
public void commence(ServletRequest request, ServletResponse response, AuthenticationException authException) throws IOException, ServletException { public void commence(ServletRequest request, ServletResponse response, AuthenticationException authException) throws IOException, ServletException {
logger.debug("commence called: request = [" + request +"] exception ["+ authException + "]"); logger.debug("X509 entry point called. Rejecting access");
HttpServletResponse httpResponse = (HttpServletResponse)response;
httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN, authException.getMessage());
} }
} }