updated authenticate method in ISecurityManager to be void and throw an AuthenticationException,

updated RestfulServer to return 401 when SecurityManager is present and authenticate throws the exception
This commit is contained in:
Yogthos 2014-03-10 10:43:33 -04:00
parent 25a1e6925b
commit daa5ed6ea8
3 changed files with 26 additions and 6 deletions

View File

@ -1,10 +1,12 @@
package ca.uhn.fhir.rest.server;
import ca.uhn.fhir.rest.server.exceptions.AuthenticationException;
import javax.servlet.http.HttpServletRequest;
/**
* Created by dsotnikov on 3/7/2014.
*/
public interface ISecurityManager {
public boolean authenticate(HttpServletRequest request);
public void authenticate(HttpServletRequest request) throws AuthenticationException;
}

View File

@ -16,6 +16,7 @@ import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import ca.uhn.fhir.rest.server.exceptions.*;
import org.apache.commons.lang3.StringUtils;
import ca.uhn.fhir.context.FhirContext;
@ -26,10 +27,6 @@ import ca.uhn.fhir.model.api.IResource;
import ca.uhn.fhir.model.primitive.IdDt;
import ca.uhn.fhir.rest.common.BaseMethodBinding;
import ca.uhn.fhir.rest.common.SearchMethodBinding;
import ca.uhn.fhir.rest.server.exceptions.BaseServerResponseException;
import ca.uhn.fhir.rest.server.exceptions.InternalErrorException;
import ca.uhn.fhir.rest.server.exceptions.MethodNotFoundException;
import ca.uhn.fhir.rest.server.exceptions.ResourceNotFoundException;
public abstract class RestfulServer extends HttpServlet {
@ -107,6 +104,11 @@ public abstract class RestfulServer extends HttpServlet {
protected void handleRequest(SearchMethodBinding.RequestType requestType, HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
try {
if (null != securityManager) {
securityManager.authenticate(request);
}
String resourceName = null;
Long identity = null;
@ -178,7 +180,11 @@ public abstract class RestfulServer extends HttpServlet {
}
// resourceMethod.get
} catch (BaseServerResponseException e) {
} catch (AuthenticationException e) {
response.setStatus(401);
response.getWriter().write(e.getMessage());
}
catch (BaseServerResponseException e) {
if (e instanceof InternalErrorException) {
ourLog.error("Failure during REST processing", e);

View File

@ -0,0 +1,12 @@
package ca.uhn.fhir.rest.server.exceptions;
import javax.servlet.ServletException;
/**
* Created by dsotnikov on 3/10/2014.
*/
public class AuthenticationException extends ServletException {
private static final long serialVersionUID = 1L;
}