• Home
• org.openl.rules
• org.openl.rules.ruleservice.ws
• 5.27.9-jakarta
• source code
• BasicAccessDeniedHandler.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.openl.rules.ruleservice.spring.BasicAccessDeniedHandler Maven / Gradle / Ivy

package org.openl.rules.ruleservice.spring;

import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;

import org.openl.rules.ruleservice.api.AccessDeniedHandler;

/**
 * Add the 'WWW-Authenticate: Basic' header if the 'Authorization' header is missing. This will prompt the browser
 * to display a login popup, allowing the user to enter their login credentials.
 *
 * @author Yury Molchan
 */
@Order
@Component
public class BasicAccessDeniedHandler implements AccessDeniedHandler {
    private final Logger log = LoggerFactory.getLogger(BasicAccessDeniedHandler.class);

    @Override
    public void handle(HttpServletRequest request, HttpServletResponse response) {
        log.info("Access denied: {} {};", request.getMethod(), request.getRequestURL());
        var credentials = request.getHeader("Authorization");
        if (credentials == null) {
            response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
            response.addHeader("WWW-Authenticate", "Basic");
        } else {
            response.setStatus(HttpServletResponse.SC_FORBIDDEN);
        }
    }
}