public static void addPreResponseAuthorizationCheckFilter( ServletContextHandler root, List<Authenticator> authenticators, ObjectMapper jsonMapper ) { root.addFilter( new FilterHolder( new PreResponseAuthorizationCheckFilter(authenticators, jsonMapper) ), "/*", null ); } }
handleUnauthenticatedRequest(response); return; if (authInfoChecked == null && statusIsSuccess(response.getStatus())) { handleAuthorizationCheckError( "Request did not have an authorization check performed.", request, handleAuthorizationCheckError( "Request's authorization check failed but status code was not 403.", request,
private void handleUnauthenticatedRequest( final HttpServletResponse response ) throws IOException { // Since this is the last filter in the chain, some previous authentication filter // should have placed an authentication result in the request. // If not, send an authentication challenge. Set<String> supportedAuthSchemes = Sets.newHashSet(); for (Authenticator authenticator : authenticators) { String challengeHeader = authenticator.getAuthChallengeHeader(); if (challengeHeader != null) { supportedAuthSchemes.add(challengeHeader); } } for (String authScheme : supportedAuthSchemes) { response.addHeader("WWW-Authenticate", authScheme); } QueryInterruptedException unauthorizedError = new QueryInterruptedException( QueryInterruptedException.UNAUTHORIZED, null, null, DruidNode.getDefaultHost() ); unauthorizedError.setStackTrace(new StackTraceElement[0]); OutputStream out = response.getOutputStream(); sendJsonError(response, Response.SC_UNAUTHORIZED, jsonMapper.writeValueAsString(unauthorizedError), out); out.close(); return; }