Java tutorial
/* * Copyright 2006-2011 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the * specific language governing permissions and limitations under the License. */ package org.springframework.security.oauth2.provider.error; import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.springframework.http.HttpHeaders; import org.springframework.http.ResponseEntity; import org.springframework.security.core.AuthenticationException; import org.springframework.security.oauth2.common.OAuth2AccessToken; import org.springframework.security.web.AuthenticationEntryPoint; import org.springframework.util.StringUtils; /** * If authentication fails and the caller has asked for a specific content type response, this entry point can send one, * along with a standard 401 status. Add to the Spring Security configuration as an {@link AuthenticationEntryPoint} in * the usual way. * * @author Dave Syer * */ public class OAuth2AuthenticationEntryPoint extends AbstractOAuth2SecurityExceptionHandler implements AuthenticationEntryPoint { private String typeName = OAuth2AccessToken.BEARER_TYPE; private String realmName = "oauth"; public void setRealmName(String realmName) { this.realmName = realmName; } public void setTypeName(String typeName) { this.typeName = typeName; } public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException { doHandle(request, response, authException); } @Override protected ResponseEntity<?> enhanceResponse(ResponseEntity<?> response, Exception exception) { HttpHeaders headers = response.getHeaders(); String existing = null; if (headers.containsKey("WWW-Authenticate")) { existing = extractTypePrefix(headers.getFirst("WWW-Authenticate")); } StringBuilder builder = new StringBuilder(); builder.append(typeName + " "); builder.append("realm=\"" + realmName + "\""); if (existing != null) { builder.append(", " + existing); } HttpHeaders update = new HttpHeaders(); update.putAll(response.getHeaders()); update.set("WWW-Authenticate", builder.toString()); return new ResponseEntity<Object>(response.getBody(), update, response.getStatusCode()); } private String extractTypePrefix(String header) { String existing = header; String[] tokens = existing.split(" +"); if (tokens.length > 1 && !tokens[0].endsWith(",")) { existing = StringUtils.arrayToDelimitedString(tokens, " ").substring(existing.indexOf(" ") + 1); } return existing; } }