svn commit: r734297 - in /incubator/shindig/trunk/java: common/src/main/java/org/apache/shindig/auth/ social-api/src/main/java/org/apache/shindig/social/core/oauth/

lindner Tue, 13 Jan 2009 17:42:43 -0800

Author: lindner
Date: Tue Jan 13 17:42:19 2009
New Revision: 734297

URL: http://svn.apache.org/viewvc?rev=734297&view=rev
Log:
SHINDIG-851 | Authentication handlers can now set WWW-Authenticate headers


Modified:
    
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/AnonymousAuthenticationHandler.java
    
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/AuthenticationHandler.java
    
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/AuthenticationServletFilter.java
    
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/UrlParameterAuthenticationHandler.java
    
incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthConsumerRequestAuthenticationHandler.java

Modified: 
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/AnonymousAuthenticationHandler.java
URL: 
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/AnonymousAuthenticationHandler.java?rev=734297&r1=734296&r2=734297&view=diff
==============================================================================
--- 
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/AnonymousAuthenticationHandler.java
 (original)
+++ 
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/AnonymousAuthenticationHandler.java
 Tue Jan 13 17:42:19 2009
@@ -43,4 +43,9 @@
     }
     return null;
   }
+
+  @Override
+  public String getWWWAuthenticateHeader(String realm) {
+    return null;
+  }
 }
\ No newline at end of file

Modified: 
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/AuthenticationHandler.java
URL: 
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/AuthenticationHandler.java?rev=734297&r1=734296&r2=734297&view=diff
==============================================================================
--- 
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/AuthenticationHandler.java
 (original)
+++ 
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/AuthenticationHandler.java
 Tue Jan 13 17:42:19 2009
@@ -37,4 +37,16 @@
    * @return A valid security token for the request, or null if it wasn't 
possible to authenticate.
    */
   SecurityToken getSecurityTokenFromRequest(HttpServletRequest request);
+
+    /**
+     * Return a String to be used for a WWW-Authenticate header. This will be 
called if the
+     * call to getSecurityTokenFromRequest returns null.
+     *
+     * If non-null/non-blank it will be added to the Response.
+     * See Section 6.1.3 of the Portable Contacts Specification
+     *
+     * @param realm the name of the realm to use for the authenticate header
+     * @return Header value for a WWW-Authenticate Header
+     */
+  String getWWWAuthenticateHeader(String realm);
 }

Modified: 
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/AuthenticationServletFilter.java
URL: 
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/AuthenticationServletFilter.java?rev=734297&r1=734296&r2=734297&view=diff
==============================================================================
--- 
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/AuthenticationServletFilter.java
 (original)
+++ 
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/AuthenticationServletFilter.java
 Tue Jan 13 17:42:19 2009
@@ -29,6 +29,7 @@
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 
 /**
  * Filter that attempts to authenticate an incoming HTTP request. It uses the 
guice injected
@@ -41,6 +42,9 @@
 public class AuthenticationServletFilter extends InjectedFilter {
   public static final String AUTH_TYPE_OAUTH = "OAuth";
 
+  // At some point change this to a container specific realm
+  private static final String realm = "shindig";
+
   private List<AuthenticationHandler> handlers;
 
   @Inject
@@ -53,21 +57,25 @@
   public void doFilter(ServletRequest request, ServletResponse response,
       FilterChain chain) throws IOException, ServletException {
 
-    if (!(request instanceof HttpServletRequest)) {
+    if (!(request instanceof HttpServletRequest && response instanceof 
HttpServletResponse)) {
       throw new ServletException("Auth filter can only handle HTTP");
     }
 
     HttpServletRequest req = (HttpServletRequest) request;
-
+    HttpServletResponse resp = (HttpServletResponse) response;
     for (AuthenticationHandler handler : handlers) {
       SecurityToken token = handler.getSecurityTokenFromRequest(req);
       if (token != null) {
         new 
AuthInfo(req).setAuthType(handler.getName()).setSecurityToken(token);
         chain.doFilter(req, response);
         return;
+      } else {
+          String authHeader = handler.getWWWAuthenticateHeader(realm);
+          if (authHeader != null) {
+              resp.addHeader("WWW-Authenticate", authHeader);
+          }
       }
     }
-
     // We did not find a security token so we will just pass null
     chain.doFilter(req, response);
   }

Modified: 
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/UrlParameterAuthenticationHandler.java
URL: 
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/UrlParameterAuthenticationHandler.java?rev=734297&r1=734296&r2=734297&view=diff
==============================================================================
--- 
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/UrlParameterAuthenticationHandler.java
 (original)
+++ 
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/UrlParameterAuthenticationHandler.java
 Tue Jan 13 17:42:19 2009
@@ -62,6 +62,11 @@
     }
   }
 
+  @Override
+  public String getWWWAuthenticateHeader(String realm) {
+    return null;
+  }
+
   protected SecurityTokenDecoder getSecurityTokenDecoder() {
     return this.securityTokenDecoder;
   }

Modified: 
incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthConsumerRequestAuthenticationHandler.java
URL: 
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthConsumerRequestAuthenticationHandler.java?rev=734297&r1=734296&r2=734297&view=diff
==============================================================================
--- 
incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthConsumerRequestAuthenticationHandler.java
 (original)
+++ 
incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthConsumerRequestAuthenticationHandler.java
 Tue Jan 13 17:42:19 2009
@@ -71,7 +71,12 @@
     }
   }
 
-  private String getParameter(OAuthMessage requestMessage, String key) {
+    @Override
+    public String getWWWAuthenticateHeader(String realm) {
+       return String.format("OAuth realm=\"%s\"", realm);
+    }
+
+    private String getParameter(OAuthMessage requestMessage, String key) {
     try {
       return requestMessage.getParameter(key);
     } catch (IOException e) {

svn commit: r734297 - in /incubator/shindig/trunk/java: common/src/main/java/org/apache/shindig/auth/ social-api/src/main/java/org/apache/shindig/social/core/oauth/

Reply via email to