/** * Processes unauthenticated requests. It handles the two-stage request/challenge authentication protocol. * * @param request incoming ServletRequest * @param response outgoing ServletResponse * @return true if the request should be processed; false if the request should not continue to be processed */ protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception { boolean loggedIn = false; //false by default or we wouldn't be in this method if (isLoginAttempt(request, response)) { loggedIn = executeLogin(request, response); } if (!loggedIn) { sendChallenge(request, response); } return loggedIn; }
/** * If request comes from a web-browser render an error page, else perform default challenge. */ @Override protected boolean sendChallenge(final ServletRequest request, final ServletResponse response) { if (browserDetector.isBrowserInitiated(request)) { HttpServletRequest httpRequest = WebUtils.toHttp(request); HttpServletResponse httpResponse = WebUtils.toHttp(response); httpResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED); // omit WWW-Authenticate we do NOT want to have browser prompt Map<String,Object> params = ImmutableMap.of( "nexusVersion", applicationStatusSource.getSystemStatus().getVersion(), "nexusRoot", (Object)templateRenderer.getAppRootUrl(httpRequest) ); try { templateRenderer.render("/org/sonatype/nexus/web/internal/accessDeniedHtml.vm", params, httpResponse); } catch (IOException e) { throw Throwables.propagate(e); } return false; } else { return super.sendChallenge(request, response); } }