updated authenticate method in ISecurityManager to be void and throw an AuthenticationException,

updated RestfulServer to return 401 when SecurityManager is present and authenticate throws the exception
2014-03-10 10:43:33 -04:00 · 2014-03-10 10:43:33 -04:00 · daa5ed6ea8
parent 25a1e6925b
commit daa5ed6ea8
3 changed files with 26 additions and 6 deletions
--- a/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/ISecurityManager.java
+++ b/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/ISecurityManager.java
@ -1,10 +1,12 @@
 package ca.uhn.fhir.rest.server;

+import ca.uhn.fhir.rest.server.exceptions.AuthenticationException;
+
 import javax.servlet.http.HttpServletRequest;

 /**
 * Created by dsotnikov on 3/7/2014.
 */
 public interface ISecurityManager {
-    public boolean authenticate(HttpServletRequest request);
+    public void authenticate(HttpServletRequest request) throws AuthenticationException;
 }
--- a/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/RestfulServer.java
+++ b/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/RestfulServer.java
@ -16,6 +16,7 @@ import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

+import ca.uhn.fhir.rest.server.exceptions.*;
 import org.apache.commons.lang3.StringUtils;

 import ca.uhn.fhir.context.FhirContext;
@ -26,10 +27,6 @@ import ca.uhn.fhir.model.api.IResource;
 import ca.uhn.fhir.model.primitive.IdDt;
 import ca.uhn.fhir.rest.common.BaseMethodBinding;
 import ca.uhn.fhir.rest.common.SearchMethodBinding;
-import ca.uhn.fhir.rest.server.exceptions.BaseServerResponseException;
-import ca.uhn.fhir.rest.server.exceptions.InternalErrorException;
-import ca.uhn.fhir.rest.server.exceptions.MethodNotFoundException;
-import ca.uhn.fhir.rest.server.exceptions.ResourceNotFoundException;

 public abstract class RestfulServer extends HttpServlet {

@ -107,6 +104,11 @@ public abstract class RestfulServer extends HttpServlet {

 	protected void handleRequest(SearchMethodBinding.RequestType requestType, HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
 		try {
+
+            if (null != securityManager) {
+                securityManager.authenticate(request);
+            }
+
 			String resourceName = null;
 			Long identity = null;

@ -178,7 +180,11 @@ public abstract class RestfulServer extends HttpServlet {
 			}
 			// resourceMethod.get

-		} catch (BaseServerResponseException e) {
+		} catch (AuthenticationException e) {
+            response.setStatus(401);
+            response.getWriter().write(e.getMessage());
+        }
+        catch (BaseServerResponseException e) {

 			if (e instanceof InternalErrorException) {
 				ourLog.error("Failure during REST processing", e);
--- a/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/exceptions/AuthenticationException.java
+++ b/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/exceptions/AuthenticationException.java
@ -0,0 +1,12 @@
+package ca.uhn.fhir.rest.server.exceptions;
+
+import javax.servlet.ServletException;
+
+/**
+ * Created by dsotnikov on 3/10/2014.
+ */
+public class AuthenticationException extends ServletException {
+
+    private static final long serialVersionUID = 1L;
+
+}