View Javadoc
1   /**
2    * Waffle (https://github.com/dblock/waffle)
3    *
4    * Copyright (c) 2010 - 2015 Application Security, Inc.
5    *
6    * All rights reserved. This program and the accompanying materials
7    * are made available under the terms of the Eclipse Public License v1.0
8    * which accompanies this distribution, and is available at
9    * http://www.eclipse.org/legal/epl-v10.html
10   *
11   * Contributors:
12   *     Application Security, Inc.
13   */
14  package waffle.spring;
15  
16  import java.io.IOException;
17  
18  import javax.servlet.ServletException;
19  import javax.servlet.http.HttpServletRequest;
20  import javax.servlet.http.HttpServletResponse;
21  
22  import org.slf4j.Logger;
23  import org.slf4j.LoggerFactory;
24  import org.springframework.security.core.AuthenticationException;
25  import org.springframework.security.web.AuthenticationEntryPoint;
26  
27  import waffle.servlet.spi.SecurityFilterProviderCollection;
28  
29  /**
30   * Sends back a request for a Negotiate Authentication to the browser.
31   * 
32   * @author dblock[at]dblock[dot]org
33   */
34  public class NegotiateSecurityFilterEntryPoint implements AuthenticationEntryPoint {
35  
36      /** The Constant LOGGER. */
37      private static final Logger              LOGGER = LoggerFactory.getLogger(NegotiateSecurityFilterEntryPoint.class);
38      
39      /** The provider. */
40      private SecurityFilterProviderCollection provider;
41  
42      /**
43       * Instantiates a new negotiate security filter entry point.
44       */
45      public NegotiateSecurityFilterEntryPoint() {
46          NegotiateSecurityFilterEntryPoint.LOGGER.debug("[waffle.spring.NegotiateEntryPoint] loaded");
47      }
48  
49      /* (non-Javadoc)
50       * @see org.springframework.security.web.AuthenticationEntryPoint#commence(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, org.springframework.security.core.AuthenticationException)
51       */
52      @Override
53      public void commence(final HttpServletRequest request, final HttpServletResponse response,
54              final AuthenticationException ex) throws IOException, ServletException {
55  
56          NegotiateSecurityFilterEntryPoint.LOGGER.debug("[waffle.spring.NegotiateEntryPoint] commence");
57  
58          if (this.provider == null) {
59              throw new ServletException("Missing NegotiateEntryPoint.Provider");
60          }
61  
62          response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
63          response.setHeader("Connection", "keep-alive");
64          this.provider.sendUnauthorized(response);
65          response.flushBuffer();
66      }
67  
68      /**
69       * Gets the provider.
70       *
71       * @return the provider
72       */
73      public SecurityFilterProviderCollection getProvider() {
74          return this.provider;
75      }
76  
77      /**
78       * Sets the provider.
79       *
80       * @param value
81       *            the new provider
82       */
83      public void setProvider(final SecurityFilterProviderCollection value) {
84          this.provider = value;
85      }
86  }