diff --git a/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/ISecurityManager.java b/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/ISecurityManager.java index f407182dfde..59f6b202323 100644 --- a/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/ISecurityManager.java +++ b/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/ISecurityManager.java @@ -1,10 +1,12 @@ package ca.uhn.fhir.rest.server; +import ca.uhn.fhir.rest.server.exceptions.AuthenticationException; + import javax.servlet.http.HttpServletRequest; /** * Created by dsotnikov on 3/7/2014. */ public interface ISecurityManager { - public boolean authenticate(HttpServletRequest request); + public void authenticate(HttpServletRequest request) throws AuthenticationException; } diff --git a/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/RestfulServer.java b/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/RestfulServer.java index 65933bf9d7e..eb8cb3c9108 100644 --- a/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/RestfulServer.java +++ b/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/RestfulServer.java @@ -16,6 +16,7 @@ import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import ca.uhn.fhir.rest.server.exceptions.*; import org.apache.commons.lang3.StringUtils; import ca.uhn.fhir.context.FhirContext; @@ -26,10 +27,6 @@ import ca.uhn.fhir.model.api.IResource; import ca.uhn.fhir.model.primitive.IdDt; import ca.uhn.fhir.rest.common.BaseMethodBinding; import ca.uhn.fhir.rest.common.SearchMethodBinding; -import ca.uhn.fhir.rest.server.exceptions.BaseServerResponseException; -import ca.uhn.fhir.rest.server.exceptions.InternalErrorException; -import ca.uhn.fhir.rest.server.exceptions.MethodNotFoundException; -import ca.uhn.fhir.rest.server.exceptions.ResourceNotFoundException; public abstract class RestfulServer extends HttpServlet { @@ -107,6 +104,11 @@ public abstract class RestfulServer extends HttpServlet { protected void handleRequest(SearchMethodBinding.RequestType requestType, HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { try { + + if (null != securityManager) { + securityManager.authenticate(request); + } + String resourceName = null; Long identity = null; @@ -178,7 +180,11 @@ public abstract class RestfulServer extends HttpServlet { } // resourceMethod.get - } catch (BaseServerResponseException e) { + } catch (AuthenticationException e) { + response.setStatus(e.getStatusCode()); + response.getWriter().write(e.getMessage()); + } + catch (BaseServerResponseException e) { if (e instanceof InternalErrorException) { ourLog.error("Failure during REST processing", e); diff --git a/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/exceptions/AuthenticationException.java b/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/exceptions/AuthenticationException.java new file mode 100644 index 00000000000..bd49917fcf1 --- /dev/null +++ b/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/exceptions/AuthenticationException.java @@ -0,0 +1,23 @@ +package ca.uhn.fhir.rest.server.exceptions; + +import javax.servlet.ServletException; + +/** + * Created by dsotnikov on 3/10/2014. + */ +public class AuthenticationException extends BaseServerResponseException { + + private static final long serialVersionUID = 1L; + + public AuthenticationException() { + super(401, "Client unauthorized"); + } + + public AuthenticationException(String theMessage) { + super(401, theMessage); + } + + public AuthenticationException(int theStatusCode, String theMessage) { + super(theStatusCode, theMessage); + } +} \ No newline at end of file