Glynn, Eoghan wrote:
I can construct a complex graph of interceptors on the server
side to send the 401 and the proper realm information.
A complex graph of interceptors just to send a 401?
Can you describe what server-side interceptors chains you needed to
achieve this? If something so simple as rejecting an incoming request
with an auth challenge requires some complex choreography in the
server-side interceptors chains, then we are surely doing something very
wrong in our interceptor/dispatch architecture
Well, I tell you what I did. I am still somewhat naive about this so,
please tell me if I have gone astray. This is where I was learning about
interceptors, and when handleMessage and handleFault gets called. I
think I'm better informed at that now, but I still may be lacking in
some aspects.
I set up one Inbound interceptor on the RECEIVE phase to check for the
authorization information if present and validate it. If it wasn't there
or validated I throw a Fault, which was subclassed to HTTPBAFault, which
held the realm identifier.
This Inbound InterceptorChain unwinds through the InboundChain. In
handleFault() I tried setting the response code, but that was
ineffective, as I realized I was not really manipulating a response
here. so I know I couldn't do this entirely in one interceptor. Fair enough.
Throwing the Fault, I found, automatically generates a response message,
which seems to know its a"fault" message with a response code of 500 and
heads out in an Outbound Fault Interceptor Chain using handleMessage()
calls.
I set up a second interceptor that gets installed (dynamically?) on the
OutFaultInterceptor chain on the USER_STREAM phase. I discoverd some
state saved on the message in the previous interceptor chain, which was
the actual HTTPBAFault I threw, which I discovered is available through
a Message.getContent(Exception.class) call. Then I changed the response
code from 500 to a 401 and had to add the Authorization header with the
realm information.
I am not sure if I got the phases right for this sort of thing (I played
with these with varying degrees of success and failure), or even if I
took the right approach. I may be relying on some technique or
information that is coincidental and not guaranteed.
Cheers,
-Polar
