@Override public boolean reRequestAuthentication(final RestChannel channel, AuthCredentials creds) { final BytesRestResponse wwwAuthenticateResponse = new BytesRestResponse(RestStatus.UNAUTHORIZED, "Unauthorized"); wwwAuthenticateResponse.addHeader("WWW-Authenticate", "Basic realm=\"Search Guard\""); channel.sendResponse(wwwAuthenticateResponse); return true; }
/** * Handle HTTP OPTIONS requests to a valid REST endpoint. A 200 HTTP * response code is returned, and the response 'Allow' header includes a * list of valid HTTP methods for the endpoint (see * <a href="https://tools.ietf.org/html/rfc2616#section-9.2">HTTP/1.1 - 9.2 * - Options</a>). */ private void handleOptionsRequest(RestRequest request, RestChannel channel, Set<RestRequest.Method> validMethodSet) { if (request.method() == RestRequest.Method.OPTIONS && validMethodSet.size() > 0) { BytesRestResponse bytesRestResponse = new BytesRestResponse(OK, TEXT_CONTENT_TYPE, BytesArray.EMPTY); bytesRestResponse.addHeader("Allow", Strings.collectionToDelimitedString(validMethodSet, ",")); channel.sendResponse(bytesRestResponse); } else if (request.method() == RestRequest.Method.OPTIONS && validMethodSet.size() == 0) { /* * When we have an OPTIONS HTTP request and no valid handlers, * simply send OK by default (with the Access Control Origin header * which gets automatically added). */ channel.sendResponse(new BytesRestResponse(OK, TEXT_CONTENT_TYPE, BytesArray.EMPTY)); } }
/** * Handle requests to a valid REST endpoint using an unsupported HTTP * method. A 405 HTTP response code is returned, and the response 'Allow' * header includes a list of valid HTTP methods for the endpoint (see * <a href="https://tools.ietf.org/html/rfc2616#section-10.4.6">HTTP/1.1 - * 10.4.6 - 405 Method Not Allowed</a>). */ private void handleUnsupportedHttpMethod(RestRequest request, RestChannel channel, Set<RestRequest.Method> validMethodSet) { try { BytesRestResponse bytesRestResponse = BytesRestResponse.createSimpleErrorResponse(channel, METHOD_NOT_ALLOWED, "Incorrect HTTP method for uri [" + request.uri() + "] and method [" + request.method() + "], allowed: " + validMethodSet); bytesRestResponse.addHeader("Allow", Strings.collectionToDelimitedString(validMethodSet, ",")); channel.sendResponse(bytesRestResponse); } catch (final IOException e) { logger.warn("failed to send bad request response", e); channel.sendResponse(new BytesRestResponse(INTERNAL_SERVER_ERROR, BytesRestResponse.TEXT_CONTENT_TYPE, BytesArray.EMPTY)); } }
@Override public boolean reRequestAuthentication(final RestChannel channel, AuthCredentials creds) { final BytesRestResponse wwwAuthenticateResponse = new BytesRestResponse(RestStatus.UNAUTHORIZED, "Unauthorized"); wwwAuthenticateResponse.addHeader("WWW-Authenticate", "Basic realm=\"Search Guard\""); channel.sendResponse(wwwAuthenticateResponse); return true; }
private void askAgain(final RestChannel channel) { final BytesRestResponse wwwAuthenticateResponse = new BytesRestResponse(RestStatus.UNAUTHORIZED); wwwAuthenticateResponse.addHeader("WWW-Authenticate", "Basic realm=\"Search Guard\""); channel.sendResponse(wwwAuthenticateResponse); }
private void writeResponse(final RestRequest request, final RestChannel channel, final File outputFile, final long limit, final DataContent dataContent) { if (outputFile.length() > limit) { onFailure(new ElasticsearchException("Content size is too large " + outputFile.length())); return; } try (FileInputStream fis = new FileInputStream(outputFile)) { final ByteArrayOutputStream out = new ByteArrayOutputStream(); final byte[] bytes = new byte[1024]; int len; while ((len = fis.read(bytes)) > 0) { out.write(bytes, 0, len); } final ContentType contentType = dataContent.getContentType(); final BytesRestResponse response = new BytesRestResponse( RestStatus.OK, contentType.contentType(), out.toByteArray()); response.addHeader("Content-Disposition", "attachment; filename=\"" + contentType.fileName(request) + "\""); channel.sendResponse(response); } catch (final Throwable e) { throw new ElasticsearchException("Failed to render the content.", e); } } }
/** * Handle HTTP OPTIONS requests to a valid REST endpoint. A 200 HTTP * response code is returned, and the response 'Allow' header includes a * list of valid HTTP methods for the endpoint (see * <a href="https://tools.ietf.org/html/rfc2616#section-9.2">HTTP/1.1 - 9.2 * - Options</a>). */ private void handleOptionsRequest(RestRequest request, RestChannel channel, Set<RestRequest.Method> validMethodSet) { if (request.method() == RestRequest.Method.OPTIONS && validMethodSet.size() > 0) { BytesRestResponse bytesRestResponse = new BytesRestResponse(OK, TEXT_CONTENT_TYPE, BytesArray.EMPTY); bytesRestResponse.addHeader("Allow", Strings.collectionToDelimitedString(validMethodSet, ",")); channel.sendResponse(bytesRestResponse); } else if (request.method() == RestRequest.Method.OPTIONS && validMethodSet.size() == 0) { /* * When we have an OPTIONS HTTP request and no valid handlers, * simply send OK by default (with the Access Control Origin header * which gets automatically added). */ channel.sendResponse(new BytesRestResponse(OK, TEXT_CONTENT_TYPE, BytesArray.EMPTY)); } }
/** * Handle HTTP OPTIONS requests to a valid REST endpoint. A 200 HTTP * response code is returned, and the response 'Allow' header includes a * list of valid HTTP methods for the endpoint (see * <a href="https://tools.ietf.org/html/rfc2616#section-9.2">HTTP/1.1 - 9.2 * - Options</a>). */ private void handleOptionsRequest(RestRequest request, RestChannel channel, Set<RestRequest.Method> validMethodSet) { if (request.method() == RestRequest.Method.OPTIONS && validMethodSet.size() > 0) { BytesRestResponse bytesRestResponse = new BytesRestResponse(OK, TEXT_CONTENT_TYPE, BytesArray.EMPTY); bytesRestResponse.addHeader("Allow", Strings.collectionToDelimitedString(validMethodSet, ",")); channel.sendResponse(bytesRestResponse); } else if (request.method() == RestRequest.Method.OPTIONS && validMethodSet.size() == 0) { /* * When we have an OPTIONS HTTP request and no valid handlers, * simply send OK by default (with the Access Control Origin header * which gets automatically added). */ channel.sendResponse(new BytesRestResponse(OK, TEXT_CONTENT_TYPE, BytesArray.EMPTY)); } }
/** * Handle requests to a valid REST endpoint using an unsupported HTTP * method. A 405 HTTP response code is returned, and the response 'Allow' * header includes a list of valid HTTP methods for the endpoint (see * <a href="https://tools.ietf.org/html/rfc2616#section-10.4.6">HTTP/1.1 - * 10.4.6 - 405 Method Not Allowed</a>). */ private void handleUnsupportedHttpMethod(RestRequest request, RestChannel channel, Set<RestRequest.Method> validMethodSet) { try { BytesRestResponse bytesRestResponse = BytesRestResponse.createSimpleErrorResponse(channel, METHOD_NOT_ALLOWED, "Incorrect HTTP method for uri [" + request.uri() + "] and method [" + request.method() + "], allowed: " + validMethodSet); bytesRestResponse.addHeader("Allow", Strings.collectionToDelimitedString(validMethodSet, ",")); channel.sendResponse(bytesRestResponse); } catch (final IOException e) { logger.warn("failed to send bad request response", e); channel.sendResponse(new BytesRestResponse(INTERNAL_SERVER_ERROR, BytesRestResponse.TEXT_CONTENT_TYPE, BytesArray.EMPTY)); } }
/** * Handle requests to a valid REST endpoint using an unsupported HTTP * method. A 405 HTTP response code is returned, and the response 'Allow' * header includes a list of valid HTTP methods for the endpoint (see * <a href="https://tools.ietf.org/html/rfc2616#section-10.4.6">HTTP/1.1 - * 10.4.6 - 405 Method Not Allowed</a>). */ private void handleUnsupportedHttpMethod(RestRequest request, RestChannel channel, Set<RestRequest.Method> validMethodSet) { try { BytesRestResponse bytesRestResponse = BytesRestResponse.createSimpleErrorResponse(channel, METHOD_NOT_ALLOWED, "Incorrect HTTP method for uri [" + request.uri() + "] and method [" + request.method() + "], allowed: " + validMethodSet); bytesRestResponse.addHeader("Allow", Strings.collectionToDelimitedString(validMethodSet, ",")); channel.sendResponse(bytesRestResponse); } catch (final IOException e) { logger.warn("failed to send bad request response", e); channel.sendResponse(new BytesRestResponse(INTERNAL_SERVER_ERROR, BytesRestResponse.TEXT_CONTENT_TYPE, BytesArray.EMPTY)); } }
restResponse.addHeader("Location", redirectUrl); channel.sendResponse(restResponse); return;
@Override public void handleRequest(RestRequest request, RestChannel channel, NodeClient client) throws Exception { if (bucklerConfig.getAuthConfig().isEnabledForHttp() && !allow(request, bucklerConfig.getAuthConfig())) { BytesRestResponse response = new BytesRestResponse(channel, RestStatus.UNAUTHORIZED, null); response.addHeader(HttpHeaderNames.WWW_AUTHENTICATE.toString(), "Basic realm=\"Restricted\""); channel.sendResponse(response); return; } restHandler.handleRequest(request, channel, client); }
log.trace("Ticket validation not successful"); final BytesRestResponse wwwAuthenticateResponse = new BytesRestResponse(RestStatus.UNAUTHORIZED); wwwAuthenticateResponse.addHeader("WWW-Authenticate", "Negotiate"); channel.sendResponse(wwwAuthenticateResponse); return null; log.trace("Ticket validation not successful due to {}", e); final BytesRestResponse wwwAuthenticateResponse = new BytesRestResponse(RestStatus.UNAUTHORIZED); wwwAuthenticateResponse.addHeader("WWW-Authenticate", "Negotiate"); channel.sendResponse(wwwAuthenticateResponse); return null; wwwAuthenticateResponse.addHeader("WWW-Authenticate", "Negotiate"); channel.sendResponse(wwwAuthenticateResponse); return null; wwwAuthenticateResponse.addHeader("WWW-Authenticate", "Negotiate " + DatatypeConverter.printBase64Binary(outToken)); channel.sendResponse(wwwAuthenticateResponse); throw new AuthException("Cannot authenticate"); wwwAuthenticateResponse.addHeader("WWW-Authenticate", "Negotiate"); channel.sendResponse(wwwAuthenticateResponse); return null;
wwwAuthenticateResponse.addHeader("WWW-Authenticate", "Negotiate"); wwwAuthenticateResponse.addHeader("WWW-Authenticate", "NTLM"); channel.sendResponse(wwwAuthenticateResponse); return null; final String continueToken = BaseEncoding.base64().encode(continueTokenBytes); log.trace("continue token: {}", continueToken); wwwAuthenticateResponse.addHeader("WWW-Authenticate", securityPackage + " " + continueToken); if (securityContext.isContinue() || ntlmPost) { wwwAuthenticateResponse.addHeader("Connection", "keep-alive"); channel.sendResponse(wwwAuthenticateResponse); return null;
@Override public void internalDispatchRequest(final HttpRequest request, final HttpChannel channel) { if (log) { logRequest(request); } // allow health check even without authorization if (healthCheck(request)) { channel.sendResponse(new BytesRestResponse(OK, "{\"OK\":{}}")); } else if (authorized(request)) { super.internalDispatchRequest(request, channel); } else { logUnAuthorizedRequest(request); BytesRestResponse response = new BytesRestResponse(UNAUTHORIZED, "Authentication Required"); response.addHeader(HEADER_WWW_AUTHENTICATE, "Basic realm=\"" + this.realm + "\""); channel.sendResponse(response); } }
@Override public void internalDispatchRequest(final HttpRequest request, final HttpChannel channel) { if (log) { logRequest(request); } // allow health check even without authorization if (healthCheck(request)) { channel.sendResponse(new BytesRestResponse(OK, "{\"OK\":{}}")); } else if (authorized(request)) { super.internalDispatchRequest(request, channel); } else { logUnAuthorizedRequest(request); BytesRestResponse response = new BytesRestResponse(UNAUTHORIZED, "Authentication Required"); response.addHeader(HEADER_WWW_AUTHENTICATE, "Basic realm=\"" + this.realm + "\""); channel.sendResponse(response); } }
if (username == null || password == null) { BytesRestResponse resp = new BytesRestResponse(RestStatus.UNAUTHORIZED, "Needs Basic Auth"); resp.addHeader("WWW-Authenticate", "Basic realm=\"Http User Auth Plugin\""); channel.sendResponse(resp); EFLogger.info( ipaddr + " auth failed: " + request.path()); resp.addHeader("WWW-Authenticate", "Basic realm=\"Http User Auth Plugin\""); channel.sendResponse(resp); EFLogger.info("Invalid User: " + request.path());