This is an automated email from the ASF dual-hosted git repository. heneveld pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/brooklyn-server.git
commit b00d9948b5a954437a42bce763bdd4d71a570b7f Author: Juan Cabrerizo <[email protected]> AuthorDate: Tue Jan 15 10:19:36 2019 +0000 Change redirection method and added log --- .../rest/filter/BrooklynSecurityProviderFilterJavax.java | 6 ++++-- .../rest/filter/BrooklynSecurityProviderFilterJersey.java | 15 +++++++++++---- 2 files changed, 15 insertions(+), 6 deletions(-) diff --git a/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/filter/BrooklynSecurityProviderFilterJavax.java b/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/filter/BrooklynSecurityProviderFilterJavax.java index b2b679b..2f448e2 100644 --- a/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/filter/BrooklynSecurityProviderFilterJavax.java +++ b/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/filter/BrooklynSecurityProviderFilterJavax.java @@ -43,12 +43,12 @@ import com.google.common.base.Preconditions; /** See {@link BrooklynSecurityProviderFilterHelper} */ public class BrooklynSecurityProviderFilterJavax implements Filter { - @SuppressWarnings("unused") private static final Logger log = LoggerFactory.getLogger(BrooklynSecurityProviderFilterJavax.class); @Override public void init(FilterConfig filterConfig) throws ServletException { // no init needed + log.debug("init"); } @Override @@ -56,6 +56,7 @@ public class BrooklynSecurityProviderFilterJavax implements Filter { throws IOException, ServletException { try { + log.debug("doFilter"); ManagementContext mgmt = new ManagementContextProvider(request.getServletContext()).getManagementContext(); Preconditions.checkNotNull(mgmt, "Brooklyn management context not available; cannot authenticate"); new BrooklynSecurityProviderFilterHelper().run((HttpServletRequest)request, mgmt); @@ -63,12 +64,13 @@ public class BrooklynSecurityProviderFilterJavax implements Filter { chain.doFilter(request, response); } catch (SecurityProviderDeniedAuthentication e) { + log.debug("doFilter catch SecurityProviderDeniedAuthentication {}",e); HttpServletResponse rout = ((HttpServletResponse)response); Response rin = e.getResponse(); if (rin==null) rin = Response.status(Status.UNAUTHORIZED).build(); rout.setStatus(rin.getStatus()); - + // note content-type is explicitly set in some Response objects, but this should set it rin.getHeaders().forEach((k,v) -> v.forEach(v2 -> rout.addHeader(k, Strings.toString(v2)))); diff --git a/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/filter/BrooklynSecurityProviderFilterJersey.java b/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/filter/BrooklynSecurityProviderFilterJersey.java index ff1a1d3..c9dc0d8 100644 --- a/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/filter/BrooklynSecurityProviderFilterJersey.java +++ b/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/filter/BrooklynSecurityProviderFilterJersey.java @@ -27,18 +27,23 @@ import javax.ws.rs.container.ContainerRequestFilter; import javax.ws.rs.core.Context; import javax.ws.rs.core.Response; import javax.ws.rs.core.Response.Status; +import javax.ws.rs.core.UriBuilder; import javax.ws.rs.ext.ContextResolver; import javax.ws.rs.ext.Provider; import org.apache.brooklyn.api.mgmt.ManagementContext; import org.apache.brooklyn.rest.security.provider.SecurityProvider.SecurityProviderDeniedAuthentication; import org.eclipse.jetty.http.HttpHeader; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** See {@link BrooklynSecurityProviderFilterHelper} */ @Provider @Priority(100) public class BrooklynSecurityProviderFilterJersey implements ContainerRequestFilter { - + + private static final Logger log = LoggerFactory.getLogger(BrooklynSecurityProviderFilterJersey.class); + @Context HttpServletRequest webRequest; @@ -47,9 +52,9 @@ public class BrooklynSecurityProviderFilterJersey implements ContainerRequestFil @Override public void filter(ContainerRequestContext requestContext) throws IOException { + log.debug("filter"); try { new BrooklynSecurityProviderFilterHelper().run(webRequest, mgmtC.getContext(ManagementContext.class)); - } catch (SecurityProviderDeniedAuthentication e) { Response rin = e.getResponse(); if (rin==null) rin = Response.status(Status.UNAUTHORIZED).build(); @@ -57,9 +62,11 @@ public class BrooklynSecurityProviderFilterJersey implements ContainerRequestFil if (rin.getStatus()==Status.FOUND.getStatusCode()) { String location = rin.getHeaderString(HttpHeader.LOCATION.asString()); if (location!=null) { - rin = Response.status(Status.UNAUTHORIZED).entity("Authentication is required at "+location). - header(HttpHeader.LOCATION.asString(), location).build(); + log.debug("Redirect to {} for authentication",location); + final UriBuilder uriBuilder = UriBuilder.fromPath(location); + rin= Response.temporaryRedirect(uriBuilder.build()).entity("Authentication is required at "+location).build(); } else { + log.debug("Unauthorized"); rin = Response.status(Status.UNAUTHORIZED).entity("Authentication is required").build(); } }
