public void setNoCacheHeaders() { webContext.setResponseHeader("Cache-control", "no-cache, no-store"); webContext.setResponseHeader("Pragma", "no-cache"); }
@Override protected TokenCredentials retrieveCredentials(final WebContext context) { // set the www-authenticate in case of error context.setResponseHeader(HttpConstants.AUTHENTICATE_HEADER, HttpConstants.BEARER_HEADER_PREFIX + "realm=\"" + realmName + "\""); return super.retrieveCredentials(context); }
@Override protected UsernamePasswordCredentials retrieveCredentials(final WebContext context) { // set the www-authenticate in case of error context.setResponseHeader(HttpConstants.AUTHENTICATE_HEADER, "Basic realm=\"" + realmName + "\""); return super.retrieveCredentials(context); }
/** Per RFC 2617 * If a server receives a request for an access-protected object, and an * acceptable Authorization header is not sent, the server responds with * a "401 Unauthorized" status code, and a WWW-Authenticate header */ @Override protected DigestCredentials retrieveCredentials(final WebContext context) { // set the www-authenticate in case of error final String nonce = calculateNonce(); context.setResponseHeader(HttpConstants.AUTHENTICATE_HEADER, "Digest realm=\"" + realm + "\", qop=\"auth\", nonce=\"" + nonce + "\""); return super.retrieveCredentials(context); }
@Override public RedirectAction getLogoutAction(final WebContext context, final U currentProfile, final String targetUrl) { final String logoutUrl = configuration.getLogoutUrl(); if (CommonHelper.isNotBlank(logoutUrl)) { try { final URI endSessionEndpoint = new URI(logoutUrl); final JWT idToken = currentProfile.getIdToken(); LogoutRequest logoutRequest; if (CommonHelper.isNotBlank(targetUrl)) { logoutRequest = new LogoutRequest(endSessionEndpoint, idToken, new URI(targetUrl), null); } else { logoutRequest = new LogoutRequest(endSessionEndpoint, idToken); } if (ajaxRequestResolver.isAjax(context)) { context.getSessionStore().set(context, Pac4jConstants.REQUESTED_URL, ""); context.setResponseHeader(HttpConstants.LOCATION_HEADER, logoutRequest.toURI().toString()); throw HttpAction.status(403, context); } return RedirectAction.redirect(logoutRequest.toURI().toString()); } catch (final URISyntaxException e) { throw new TechnicalException(e); } } return null; }
@Override protected UsernamePasswordCredentials retrieveCredentials(final WebContext context) { assertNotNull("credentialsExtractor", getCredentialsExtractor()); assertNotNull("authenticator", getAuthenticator()); // set the www-authenticate in case of error context.setResponseHeader(HttpConstants.AUTHENTICATE_HEADER, "Basic realm=\"" + realmName + "\""); final UsernamePasswordCredentials credentials; try { // retrieve credentials credentials = getCredentialsExtractor().extract(context); logger.debug("credentials : {}", credentials); if (credentials == null) { throw HttpAction.unauthorized(context); } // validate credentials getAuthenticator().validate(credentials, context); } catch (final CredentialsException e) { throw HttpAction.unauthorized(context); } return credentials; }
@Override protected KerberosCredentials retrieveCredentials(final WebContext context) { CommonHelper.assertNotNull("credentialsExtractor", getCredentialsExtractor()); CommonHelper.assertNotNull("authenticator", getAuthenticator()); // set the www-authenticate in case of error context.setResponseHeader(HttpConstants.AUTHENTICATE_HEADER, "Negotiate"); final KerberosCredentials credentials; try { // retrieve credentials credentials = getCredentialsExtractor().extract(context); logger.debug("kerberos credentials : {}", credentials); if (credentials == null) { throw HttpAction.unauthorized(context); } // validate credentials getAuthenticator().validate(credentials, context); } catch (final CredentialsException e) { throw HttpAction.unauthorized(context); } return credentials; }
context.setResponseHeader(HttpConstants.AUTHENTICATE_HEADER, "Bearer realm=\"" + realmName + "\"");