From daa5ed6ea8a4af5f4779d9c43678c0ba2320ead2 Mon Sep 17 00:00:00 2001 From: Yogthos Date: Mon, 10 Mar 2014 10:43:33 -0400 Subject: [PATCH] updated authenticate method in ISecurityManager to be void and throw an AuthenticationException, updated RestfulServer to return 401 when SecurityManager is present and authenticate throws the exception --- .../uhn/fhir/rest/server/ISecurityManager.java | 4 +++- .../ca/uhn/fhir/rest/server/RestfulServer.java | 16 +++++++++++----- .../exceptions/AuthenticationException.java | 12 ++++++++++++ 3 files changed, 26 insertions(+), 6 deletions(-) create mode 100644 hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/exceptions/AuthenticationException.java diff --git a/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/ISecurityManager.java b/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/ISecurityManager.java index f407182dfde..59f6b202323 100644 --- a/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/ISecurityManager.java +++ b/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/ISecurityManager.java @@ -1,10 +1,12 @@ package ca.uhn.fhir.rest.server; +import ca.uhn.fhir.rest.server.exceptions.AuthenticationException; + import javax.servlet.http.HttpServletRequest; /** * Created by dsotnikov on 3/7/2014. */ public interface ISecurityManager { - public boolean authenticate(HttpServletRequest request); + public void authenticate(HttpServletRequest request) throws AuthenticationException; } diff --git a/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/RestfulServer.java b/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/RestfulServer.java index 65933bf9d7e..d9ebf418889 100644 --- a/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/RestfulServer.java +++ b/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/RestfulServer.java @@ -16,6 +16,7 @@ import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import ca.uhn.fhir.rest.server.exceptions.*; import org.apache.commons.lang3.StringUtils; import ca.uhn.fhir.context.FhirContext; @@ -26,10 +27,6 @@ import ca.uhn.fhir.model.api.IResource; import ca.uhn.fhir.model.primitive.IdDt; import ca.uhn.fhir.rest.common.BaseMethodBinding; import ca.uhn.fhir.rest.common.SearchMethodBinding; -import ca.uhn.fhir.rest.server.exceptions.BaseServerResponseException; -import ca.uhn.fhir.rest.server.exceptions.InternalErrorException; -import ca.uhn.fhir.rest.server.exceptions.MethodNotFoundException; -import ca.uhn.fhir.rest.server.exceptions.ResourceNotFoundException; public abstract class RestfulServer extends HttpServlet { @@ -107,6 +104,11 @@ public abstract class RestfulServer extends HttpServlet { protected void handleRequest(SearchMethodBinding.RequestType requestType, HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { try { + + if (null != securityManager) { + securityManager.authenticate(request); + } + String resourceName = null; Long identity = null; @@ -178,7 +180,11 @@ public abstract class RestfulServer extends HttpServlet { } // resourceMethod.get - } catch (BaseServerResponseException e) { + } catch (AuthenticationException e) { + response.setStatus(401); + response.getWriter().write(e.getMessage()); + } + catch (BaseServerResponseException e) { if (e instanceof InternalErrorException) { ourLog.error("Failure during REST processing", e); diff --git a/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/exceptions/AuthenticationException.java b/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/exceptions/AuthenticationException.java new file mode 100644 index 00000000000..b24c538653c --- /dev/null +++ b/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/exceptions/AuthenticationException.java @@ -0,0 +1,12 @@ +package ca.uhn.fhir.rest.server.exceptions; + +import javax.servlet.ServletException; + +/** + * Created by dsotnikov on 3/10/2014. + */ +public class AuthenticationException extends ServletException { + + private static final long serialVersionUID = 1L; + +} \ No newline at end of file