private SecurityContext basicAuthentication(HttpRequest request, HttpResponse response) throws IOException { List<String> headers = request.getHttpHeaders().getRequestHeader(HttpHeaderNames.AUTHORIZATION); if (!headers.isEmpty()) { String auth = headers.get(0); if (auth.length() > 5) { String type = auth.substring(0, 5); type = type.toLowerCase(); if ("basic".equals(type)) { String cookie = auth.substring(6); cookie = new String(Base64.decodeBase64(cookie.getBytes())); String[] split = cookie.split(":"); Principal user = null; try { user = domain.authenticate(split[0], split[1]); return new NettySecurityContext(user, domain, "BASIC", true); } catch (SecurityException e) { response.sendError(HttpResponseCodes.SC_UNAUTHORIZED); return null; } } else { response.sendError(HttpResponseCodes.SC_UNAUTHORIZED); return null; } } } return null; }
protected void writeFailure(HttpRequest request, HttpResponse response, Response jaxrsResponse) { response.reset(); try { writeJaxrsResponse(request, response, jaxrsResponse); } catch (WebApplicationException ex) { if (response.isCommitted()) throw new UnhandledException("Request was committed couldn't handle exception", ex); // don't think I want to call writeJaxrsResponse infinately! so we'll just write the status response.reset(); response.setStatus(ex.getResponse().getStatus()); } catch (Exception e1) { throw new UnhandledException(e1); // we're screwed, can't handle the exception } }
public void doWrite( HttpResponse response, Object toOutput, Class type, Type genericType, Annotation[] annotations, MediaType mediaType) throws IOException { doWrite( toOutput, type, genericType, mediaType, annotations, response.getOutputHeaders(), response.getOutputStream()); }
protected void handleWebApplicationException( HttpRequest request, HttpResponse response, WebApplicationException wae) { if (!(wae instanceof NoLogWebApplicationException)) logger.error("failed to execute", wae); if (response.isCommitted()) throw new UnhandledException("Request was committed couldn't handle exception", wae); writeFailure(request, response, wae.getResponse()); }
public void build(HttpResponse response) { String origin = request.getHttpHeaders().getRequestHeaders().getFirst(ORIGIN_HEADER); if (origin == null) { logger.debug("No origin returning"); return; } if (!preflight && (allowedOrigins == null || (!allowedOrigins.contains(origin) && !allowedOrigins.contains(ACCESS_CONTROL_ALLOW_ORIGIN_WILDCARD)))) { logger.debug("!preflight and no origin"); return; } logger.debug("build CORS headers and return"); response.getOutputHeaders().add(ACCESS_CONTROL_ALLOW_ORIGIN, origin); if (preflight) { if (allowedMethods != null) { response .getOutputHeaders() .add(ACCESS_CONTROL_ALLOW_METHODS, CollectionUtil.join(allowedMethods)); } else { response.getOutputHeaders().add(ACCESS_CONTROL_ALLOW_METHODS, DEFAULT_ALLOW_METHODS); } } if (!preflight && exposedHeaders != null) { response .getOutputHeaders() .add(ACCESS_CONTROL_EXPOSE_HEADERS, CollectionUtil.join(exposedHeaders)); } response.getOutputHeaders().add(ACCESS_CONTROL_ALLOW_CREDENTIALS, Boolean.toString(auth)); if (preflight) { if (auth) { response .getOutputHeaders() .add( ACCESS_CONTROL_ALLOW_HEADERS, String.format("%s, %s", DEFAULT_ALLOW_HEADERS, AUTHORIZATION_HEADER)); } else { response.getOutputHeaders().add(ACCESS_CONTROL_ALLOW_HEADERS, DEFAULT_ALLOW_HEADERS); } } if (preflight) { response.getOutputHeaders().add(ACCESS_CONTROL_MAX_AGE, DEFAULT_MAX_AGE); } }
protected void handleFailure(HttpRequest request, HttpResponse response, Failure failure) { if (failure.isLoggable()) logger.error( "Failed executing " + request.getHttpMethod() + " " + request.getUri().getPath(), failure); else logger.debug( "Failed executing " + request.getHttpMethod() + " " + request.getUri().getPath(), failure); if (failure.getResponse() != null) { writeFailure(request, response, failure.getResponse()); } else { try { if (failure.getMessage() != null) { response.sendError(failure.getErrorCode(), failure.getMessage()); } else { response.sendError(failure.getErrorCode()); } } catch (IOException e1) { throw new UnhandledException(e1); } } }