This is an automated email from the ASF dual-hosted git repository. heneveld pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/brooklyn-server.git
commit 530475a0105a8db47301ae4100e2a579eb7f004e Author: Duncan Grant <[email protected]> AuthorDate: Thu Jun 3 14:57:49 2021 +0100 Cleanup login form Logout was not redirecting correctly. This adds a reference to the login form to the 401 api response so that it can be a) ignored by the cli and b) followed by the api. --- .../rest/filter/BrooklynSecurityProviderFilterJavax.java | 2 +- .../rest/filter/BrooklynSecurityProviderFilterJersey.java | 9 ++++++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/filter/BrooklynSecurityProviderFilterJavax.java b/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/filter/BrooklynSecurityProviderFilterJavax.java index 9636deb..0856f38 100644 --- a/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/filter/BrooklynSecurityProviderFilterJavax.java +++ b/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/filter/BrooklynSecurityProviderFilterJavax.java @@ -50,7 +50,7 @@ public class BrooklynSecurityProviderFilterJavax implements Filter { private static final Logger log = LoggerFactory.getLogger(BrooklynSecurityProviderFilterJavax.class); - private static final ConfigKey<String> LOGIN_FORM = + public static final ConfigKey<String> LOGIN_FORM = ConfigKeys.newStringConfigKey(BrooklynWebConfig.BASE_NAME_SECURITY + ".login.form", "Login form location otherwise use browser popup", ""); @Override diff --git a/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/filter/BrooklynSecurityProviderFilterJersey.java b/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/filter/BrooklynSecurityProviderFilterJersey.java index d5d7cd2..af9830c 100644 --- a/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/filter/BrooklynSecurityProviderFilterJersey.java +++ b/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/filter/BrooklynSecurityProviderFilterJersey.java @@ -33,6 +33,7 @@ import javax.ws.rs.ext.Provider; import org.apache.brooklyn.api.mgmt.ManagementContext; import org.apache.brooklyn.rest.security.provider.SecurityProvider.SecurityProviderDeniedAuthentication; +import org.apache.brooklyn.util.text.Strings; import org.eclipse.jetty.http.HttpHeader; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -54,8 +55,9 @@ public class BrooklynSecurityProviderFilterJersey implements ContainerRequestFil @Override public void filter(ContainerRequestContext requestContext) throws IOException { log.trace("BrooklynSecurityProviderFilterJersey.filter {}", requestContext); + ManagementContext mgmt = mgmtC.getContext(ManagementContext.class); try { - new BrooklynSecurityProviderFilterHelper().run(webRequest, mgmtC.getContext(ManagementContext.class)); + new BrooklynSecurityProviderFilterHelper().run(webRequest, mgmt); } catch (SecurityProviderDeniedAuthentication e) { Response rin = e.getResponse(); if (rin==null) rin = Response.status(Status.UNAUTHORIZED).build(); @@ -71,6 +73,11 @@ public class BrooklynSecurityProviderFilterJersey implements ContainerRequestFil rin = Response.status(Status.UNAUTHORIZED).entity("Authentication is required").build(); } } + if (rin.getStatus()==Status.UNAUTHORIZED.getStatusCode() && + Strings.isNonBlank(mgmt.getConfig().getConfig(BrooklynSecurityProviderFilterJavax.LOGIN_FORM))) { + rin = Response.status(Status.UNAUTHORIZED).entity("Authentication is required").header("LOGIN_PAGE", "brooklyn-ui-login").build(); + } + requestContext.abortWith(rin); } }
