@Provides(type = Core.Type.SECURITY, with = Core.With.AUTHORIZATION_FAILURE)
  public static Result handleAuthFailure(Node node, String withType, Map<String, Object> args)
      throws NodeLoadException, ModuleException {

    User user = SecurityEventGenerator.triggerCurrentUserInterceptor();
    SecurityEventGenerator.triggerBeforeAuthorizationFailure(user);

    try {
      String unauthorizedPage = Settings.load().getValue(CoreSettingsHelper.Keys.UNAUTHORIZED_PAGE);
      try {
        if (StringUtils.isNotBlank(unauthorizedPage)) {
          Content content = CoreLoader.loadAndDecorateNode(unauthorizedPage, 0);
          if (user != null) {
            return Controller.forbidden(content);
          } else {
            return Controller.unauthorized(content);
          }
        }
      } catch (NodeNotFoundException | NodeLoadException | ModuleException e) {
        ExceptionUtil.assertExceptionHandling(e);
        return CoreLoader.redirectToPageLoadErrorPage();
      }

      if (user != null) {
        Logger.warn("Using fallback forbidden handling, sending 403 with no content");
        return Controller.forbidden();
      } else {
        Logger.warn("Using fallback unauthorized handling, sending 401 with no content");
        return Controller.unauthorized();
      }
    } finally {
      SecurityEventGenerator.triggerAfterAuthorizationFailure(user);
    }
  }
Example #2
0
    @Override
    public Result call(Http.Context context) throws Throwable {

      Result result = delegate.call(context);

      final int statusCode = JavaResultExtractor.getStatus(result);
      final Map<String, String> headers = JavaResultExtractor.getHeaders(result);
      final String body = new String(JavaResultExtractor.getBody(result));

      switch (statusCode) {
          // Codes that should be handled by error pages
        case 404: // File Not Found
          {
            return CoreLoader.redirectToPageNotFoundPage();
          }
        case 500: // Internal Server Error
          {
            return CoreLoader.redirectToPageLoadErrorPage();
          }
          // Codes which should be sent directly to the browser
        case 204: // No Content
        case 205: // Reset Content
        case 301: // Moved Permanently
        case 302: // Found
        case 303: // See Other
        case 304: // Not Modified
        case 307: // Temporary Redirect
        case 405: // Method Not Allowed
        case 406: // Not Acceptable
        case 409: // Gone
        case 501: // Not Implemented
        case 503: // Service Unavailable
          return result;

          // Codes that can be used with content or without
        case 400: // Bad Request
        case 401: // Unauthorized
        case 403: // Forbidden
          {
            if (body.isEmpty()) {
              return result;
            }
            return decorate(headers, body);
          }

          // Codes which mean that the body should be wrapped and sent to be decorated
        case 200: // OK
        case 201: // Created
        case 202: // Accepted
          {
            return decorate(headers, body);
          }
        default:
          Logger.error("Code '" + statusCode + "' is not set up to be handled");
      }

      return result;
    }
Example #3
0
    private Result decorate(Map<String, String> headers, String body) {

      try {
        NodeContext.set();
        Component.setWrappedComponent(new Component(headers, body));
        String path = Http.Context.current().request().path().substring(1);
        if (headers.containsKey(Component.PATH_ALIAS)) {
          path = headers.get(Component.PATH_ALIAS);
        }
        return CoreLoader.loadPage(path);
      } finally {
        NodeContext.clear();
      }
    }