.status(SecurityResponse.SecurityStatus.FAILURE_FINISH) .statusCode(Http.Status.TEMPORARY_REDIRECT_307.code()) .description("Missing token, redirecting to identity server") .status(SecurityResponse.SecurityStatus.FAILURE) .statusCode(Http.Status.UNAUTHORIZED_401.code()) .responseHeader(Http.Header.WWW_AUTHENTICATE, "Bearer realm=\"" + oidcConfig.realm() + "\"") } else { return AuthenticationResponse.builder() .status(SecurityResponse.SecurityStatus.FAILURE) .statusCode(status.code()) .responseHeader(Http.Header.WWW_AUTHENTICATE, errorHeader(code, description))
private AuthenticationResponse fail(Throwable throwable) { if (optional) { LOGGER.log(Level.FINE, "Failed to authenticate Google token", throwable); return AuthenticationResponse.abstain(); } String description = ((null == throwable) ? null : throwable.getMessage()); if (null == description) { description = ((null == throwable) ? "verification failed" : throwable.getClass().getName()); } return AuthenticationResponse.builder() .statusCode(401) .responseHeader(HEADER_AUTHENTICATION_REQUIRED, buildChallenge(description)) .status(AuthenticationResponse.SecurityStatus.FAILURE) .description(description) .throwable(throwable) .build(); }
private AuthenticationResponse failNoToken() { if (optional) { LOGGER.log(Level.FINE, "Failed to authenticate Google token, token not present"); return AuthenticationResponse.abstain(); } return AuthenticationResponse.builder() .statusCode(401) .responseHeader(HEADER_AUTHENTICATION_REQUIRED, buildChallenge(null)) .status(AuthenticationResponse.SecurityStatus.FAILURE) .description("Missing authorization header") .build(); }
private AuthenticationResponse failInvalidRequest(Exception e) { if (optional) { LOGGER.log(Level.FINE, "Failed to authenticate Google token", e); return AuthenticationResponse.abstain(); } return AuthenticationResponse.builder() .statusCode(400) .responseHeader(HEADER_AUTHENTICATION_REQUIRED, buildInvalidRequestChallenge(e)) .status(AuthenticationResponse.SecurityStatus.FAILURE) .description("Invalid authorization header") .throwable(e) .build(); }
/** * Provider has authenticated the request and created a user Subject. * * @param subject Subject of the current user * @return AuthenticationResponse with information filled */ public static AuthenticationResponse success(Subject subject) { return builder().status(SecurityStatus.SUCCESS).user(subject).build(); }
private AuthenticationResponse fail(String message) { return AuthenticationResponse.builder() .statusCode(401) .responseHeader(HEADER_AUTHENTICATION_REQUIRED, buildChallenge()) .status(AuthenticationResponse.SecurityStatus.FAILURE) .description(message) .build(); }
/** * Provider has authenticated the request and created a service Subject. * * @param service Subject of requesting service (or client) * @return AuthenticationResponse with information filled */ public static AuthenticationResponse successService(Subject service) { return builder().status(SecurityStatus.SUCCESS).service(service).build(); }
/** * Provider returning this response is not capable to make a decision (e.g. the user format is not supported). * * @return AuthenticationResponse with information filled */ public static AuthenticationResponse abstain() { return builder().status(SecurityStatus.ABSTAIN).build(); }
/** * Construct a failed response with an explanatory message. * * @param message Descriptive message of what happened. This message is propagated to public API! * @return AuthenticationResponse with information filled */ public static AuthenticationResponse failed(String message) { return builder().description(message).status(SecurityStatus.FAILURE).build(); }
/** * Construct a failed response with a throwable as a cause. * * @param message Descriptive message of what happened. This message is propagated to public API! * @param cause Throwable causing the failed authentication. This will be logged. It may reach user only in case of debug. * @return AuthenticationResponse with information filled */ public static AuthenticationResponse failed(String message, Throwable cause) { return builder().description(message).throwable(cause).status(SecurityStatus.FAILURE).build(); }
private AuthenticationResponse fail(String message) { return AuthenticationResponse.builder() .statusCode(401) .responseHeader(HEADER_AUTHENTICATION_REQUIRED, buildChallenge()) .status(AuthenticationResponse.SecurityStatus.FAILURE) .description(message) .build(); }
/** * Provider has authenticated the request and created a user and service Subject. * * @param user Subject of the current user * @param service Subject of the current service * @return AuthenticationResponse with information filled */ public static AuthenticationResponse success(Subject user, Subject service) { return builder().status(SecurityStatus.SUCCESS) .user(user) .service(service) .build(); }
private AuthenticationResponse challenge(SecurityEnvironment env, String description) { return AuthenticationResponse.builder() .responseHeader("WWW-Authenticate", "Signature realm=\"" + realm + ",headers=\"" + headersForMethod(env.method()) + "\"") .status(SecurityResponse.SecurityStatus.FAILURE) .statusCode(401) .description(description) .build(); }