View Javadoc
1   /*
2    * Copyright 2008 Web Cohesion
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *   https://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.springframework.security.oauth.provider;
18  
19  import org.springframework.security.core.AuthenticationException;
20  import org.springframework.security.oauth.common.signature.UnsupportedSignatureMethodException;
21  import org.springframework.security.web.AuthenticationEntryPoint;
22  
23  import javax.servlet.ServletException;
24  import javax.servlet.http.HttpServletResponse;
25  import javax.servlet.http.HttpServletRequest;
26  import java.io.IOException;
27  
28  /**
29   * Entry point for OAuth authentication requests.
30   *
31   * @author Ryan Heaton
32   */
33  public class OAuthProcessingFilterEntryPoint implements AuthenticationEntryPoint {
34  
35    private String realmName;
36  
37    public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException {
38  	  if (authException instanceof InvalidOAuthParametersException) {
39  		  response.sendError(400, authException.getMessage());
40  	  }
41  	  else if (authException.getCause() instanceof UnsupportedSignatureMethodException) {
42  		  response.sendError(400, authException.getMessage());
43  	  }
44  	  else {
45  		  StringBuilder headerValue = new StringBuilder("OAuth");
46  		  if (realmName != null) {
47  			  headerValue.append(" realm=\"").append(realmName).append('"');
48  		  }
49  		  response.addHeader("WWW-Authenticate", headerValue.toString());
50  		  response.sendError(HttpServletResponse.SC_UNAUTHORIZED, authException.getMessage());
51  	  }
52    }
53  
54    public String getRealmName() {
55      return realmName;
56    }
57  
58    public void setRealmName(String realmName) {
59      this.realmName = realmName;
60    }
61  
62  }