public void basicAuthInterceptorRealm() { //START SNIPPET: basicAuthInterceptorRealm AuthenticationException ex = new AuthenticationException(); ex.addAuthenticateHeaderForRealm("myRealm"); throw ex; //END SNIPPET: basicAuthInterceptorRealm }
/** * Adds a <code>WWW-Authenticate</code> header to the response, of the form:<br/> * <code>WWW-Authenticate: Basic realm="theRealm"</code> * * @return Returns a reference to <code>this</code> for easy method chaining */ public AuthenticationException addAuthenticateHeaderForRealm(String theRealm) { addResponseHeader("WWW-Authenticate", "Basic realm=\"" + theRealm + "\""); return this; }
throw new AuthenticationException("Missing or invalid Authorization header"); throw new AuthenticationException("Invalid username or password");
/** * This method must be overridden to provide the list of compartments * and/or resources that the current user should have access to */ @Override protected AuthorizedList buildAuthorizedList(RequestDetails theRequestDetails) { // Process authorization header - The following is a fake // implementation. Obviously we'd want something more real // for a production scenario. // // In this basic example we have two hardcoded bearer tokens, // one which is for a user that has access to one patient, and // another that has full access. String authHeader = theRequestDetails.getHeader("Authorization"); if ("Bearer dfw98h38r".equals(authHeader)) { // This user will have access to two compartments return new AuthorizedList() .addCompartment("Patient/123") .addCompartment("Patient/456"); } else if ("Bearer 39ff939jgg".equals(authHeader)) { // This user has access to everything return new AuthorizedList(); } else { throw new AuthenticationException("Unknown bearer token"); } }
} else { throw new AuthenticationException("Missing or invalid Authorization header value");
/** * Adds a <code>WWW-Authenticate</code> header to the response, of the form:<br/> * <code>WWW-Authenticate: Basic realm="theRealm"</code> * * @return Returns a reference to <code>this</code> for easy method chaining */ public AuthenticationException addAuthenticateHeaderForRealm(String theRealm) { addResponseHeader("WWW-Authenticate", "Basic realm=\"" + theRealm + "\""); return this; }