John Lewis
19 years ago
1 changed files with 75 additions and 0 deletions
@ -0,0 +1,75 @@ |
|||||||
|
/* |
||||||
|
* Copyright 2005-2007 the original author or authors. |
||||||
|
* |
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); |
||||||
|
* you may not use this file except in compliance with the License. |
||||||
|
* You may obtain a copy of the License at |
||||||
|
* |
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
* |
||||||
|
* Unless required by applicable law or agreed to in writing, software |
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, |
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||||
|
* See the License for the specific language governing permissions and |
||||||
|
* limitations under the License. |
||||||
|
*/ |
||||||
|
|
||||||
|
package org.acegisecurity.ui.portlet; |
||||||
|
|
||||||
|
import java.io.IOException; |
||||||
|
|
||||||
|
import javax.servlet.ServletException; |
||||||
|
import javax.servlet.ServletRequest; |
||||||
|
import javax.servlet.ServletResponse; |
||||||
|
import javax.servlet.http.HttpServletResponse; |
||||||
|
|
||||||
|
import org.acegisecurity.AuthenticationException; |
||||||
|
import org.acegisecurity.ui.AuthenticationEntryPoint; |
||||||
|
import org.apache.commons.logging.Log; |
||||||
|
import org.apache.commons.logging.LogFactory; |
||||||
|
import org.springframework.core.Ordered; |
||||||
|
|
||||||
|
/** |
||||||
|
* <p>In the case of relying on Portlet authentication to access Servlet resources |
||||||
|
* (such as embedded images or AJAX calls), the authentication should already |
||||||
|
* be in place by the time the security enforcement takes place. |
||||||
|
* So, if this class is ever called, then portlet-based authentication has |
||||||
|
* already failed. Therefore the <code>commence</code> method in this case will |
||||||
|
* always return <code>HttpServletResponse.SC_FORBIDDEN</code> (HTTP 403 error). |
||||||
|
* |
||||||
|
* @see org.acegisecurity.ui.ExceptionTranslationFilter |
||||||
|
* @author John A. Lewis |
||||||
|
* @since 2.0 |
||||||
|
* @version $Id$ |
||||||
|
*/ |
||||||
|
public class PortletProcessingFilterEntryPoint implements AuthenticationEntryPoint, Ordered { |
||||||
|
|
||||||
|
//~ Static fields/initializers =====================================================================================
|
||||||
|
|
||||||
|
private static final Log logger = LogFactory.getLog(PortletProcessingFilterEntryPoint.class); |
||||||
|
|
||||||
|
//~ Instance fields ================================================================================================
|
||||||
|
|
||||||
|
private int order = Integer.MAX_VALUE; // ~ default
|
||||||
|
|
||||||
|
//~ Methods ========================================================================================================
|
||||||
|
|
||||||
|
public int getOrder() { |
||||||
|
return order; |
||||||
|
} |
||||||
|
|
||||||
|
public void setOrder(int order) { |
||||||
|
this.order = order; |
||||||
|
} |
||||||
|
|
||||||
|
public void commence(ServletRequest request, ServletResponse response, |
||||||
|
AuthenticationException authException) throws IOException, ServletException { |
||||||
|
|
||||||
|
if (logger.isDebugEnabled()) |
||||||
|
logger.debug("portlet entry point called. Rejecting access"); |
||||||
|
|
||||||
|
HttpServletResponse httpResponse = (HttpServletResponse)response; |
||||||
|
httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN, "Access Denied"); |
||||||
|
} |
||||||
|
|
||||||
|
} |
||||||
Loading…
Reference in new issue