.description("Missing token, redirecting to identity server") .responseHeader("Location", authorizationEndpoint + queryString) .build(); } else { .responseHeader(Http.Header.WWW_AUTHENTICATE, "Bearer realm=\"" + oidcConfig.realm() + "\"") .description(description) .build(); } else { return AuthenticationResponse.builder() .responseHeader(Http.Header.WWW_AUTHENTICATE, errorHeader(code, description)) .description(description) .build();
private AuthenticationResponse fail(Throwable throwable) { if (optional) { LOGGER.log(Level.FINE, "Failed to authenticate Google token", throwable); return AuthenticationResponse.abstain(); } String description = ((null == throwable) ? null : throwable.getMessage()); if (null == description) { description = ((null == throwable) ? "verification failed" : throwable.getClass().getName()); } return AuthenticationResponse.builder() .statusCode(401) .responseHeader(HEADER_AUTHENTICATION_REQUIRED, buildChallenge(description)) .status(AuthenticationResponse.SecurityStatus.FAILURE) .description(description) .throwable(throwable) .build(); }
private CompletionStage<AuthenticationResponse> enhance(Subject subject, AuthenticationResponse previousResponse) { String username = subject.principal().getName(); List<? extends Grant> grants = roleCache.computeValue(username, () -> getGrantsFromServer(username)) .orElse(CollectionsHelper.listOf()); AuthenticationResponse.Builder builder = AuthenticationResponse.builder(); builder.user(buildSubject(subject, grants)); previousResponse.service().ifPresent(builder::service); previousResponse.description().ifPresent(builder::description); builder.requestHeaders(previousResponse.requestHeaders()); AuthenticationResponse response = builder.build(); return CompletableFuture.completedFuture(response); }
private AuthenticationResponse failInvalidRequest(Exception e) { if (optional) { LOGGER.log(Level.FINE, "Failed to authenticate Google token", e); return AuthenticationResponse.abstain(); } return AuthenticationResponse.builder() .statusCode(400) .responseHeader(HEADER_AUTHENTICATION_REQUIRED, buildInvalidRequestChallenge(e)) .status(AuthenticationResponse.SecurityStatus.FAILURE) .description("Invalid authorization header") .throwable(e) .build(); }
private AuthenticationResponse failNoToken() { if (optional) { LOGGER.log(Level.FINE, "Failed to authenticate Google token, token not present"); return AuthenticationResponse.abstain(); } return AuthenticationResponse.builder() .statusCode(401) .responseHeader(HEADER_AUTHENTICATION_REQUIRED, buildChallenge(null)) .status(AuthenticationResponse.SecurityStatus.FAILURE) .description("Missing authorization header") .build(); }
/** * Provider has authenticated the request and created a user Subject. * * @param subject Subject of the current user * @return AuthenticationResponse with information filled */ public static AuthenticationResponse success(Subject subject) { return builder().status(SecurityStatus.SUCCESS).user(subject).build(); }
private AuthenticationResponse fail(String message) { return AuthenticationResponse.builder() .statusCode(401) .responseHeader(HEADER_AUTHENTICATION_REQUIRED, buildChallenge()) .status(AuthenticationResponse.SecurityStatus.FAILURE) .description(message) .build(); }
/** * Provider has authenticated the request and created a service Subject. * * @param service Subject of requesting service (or client) * @return AuthenticationResponse with information filled */ public static AuthenticationResponse successService(Subject service) { return builder().status(SecurityStatus.SUCCESS).service(service).build(); }
/** * Provider returning this response is not capable to make a decision (e.g. the user format is not supported). * * @return AuthenticationResponse with information filled */ public static AuthenticationResponse abstain() { return builder().status(SecurityStatus.ABSTAIN).build(); }
private AuthenticationResponse challenge(SecurityEnvironment env, String description) { return AuthenticationResponse.builder() .responseHeader("WWW-Authenticate", "Signature realm=\"" + realm + ",headers=\"" + headersForMethod(env.method()) + "\"") .status(SecurityResponse.SecurityStatus.FAILURE) .statusCode(401) .description(description) .build(); }
/** * Construct a failed response with an explanatory message. * * @param message Descriptive message of what happened. This message is propagated to public API! * @return AuthenticationResponse with information filled */ public static AuthenticationResponse failed(String message) { return builder().description(message).status(SecurityStatus.FAILURE).build(); }
/** * Construct a failed response with a throwable as a cause. * * @param message Descriptive message of what happened. This message is propagated to public API! * @param cause Throwable causing the failed authentication. This will be logged. It may reach user only in case of debug. * @return AuthenticationResponse with information filled */ public static AuthenticationResponse failed(String message, Throwable cause) { return builder().description(message).throwable(cause).status(SecurityStatus.FAILURE).build(); }
private AuthenticationResponse fail(String message) { return AuthenticationResponse.builder() .statusCode(401) .responseHeader(HEADER_AUTHENTICATION_REQUIRED, buildChallenge()) .status(AuthenticationResponse.SecurityStatus.FAILURE) .description(message) .build(); }
/** * Provider has authenticated the request and created a user and service Subject. * * @param user Subject of the current user * @param service Subject of the current service * @return AuthenticationResponse with information filled */ public static AuthenticationResponse success(Subject user, Subject service) { return builder().status(SecurityStatus.SUCCESS) .user(user) .service(service) .build(); }