diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurer.java index bd104bd94c..0ec279344f 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurer.java @@ -15,13 +15,10 @@ */ package org.springframework.security.config.annotation.web.configurers; -import java.io.IOException; import java.util.Collections; import java.util.LinkedHashMap; -import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; @@ -29,15 +26,15 @@ import org.springframework.security.authentication.AuthenticationDetailsSource; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.annotation.web.HttpSecurityBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.core.AuthenticationException; import org.springframework.security.web.AuthenticationEntryPoint; import org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint; +import org.springframework.security.web.authentication.HttpStatusEntryPoint; import org.springframework.security.web.authentication.WebAuthenticationDetailsSource; import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint; import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; -import org.springframework.security.web.util.matcher.RequestMatcher; import org.springframework.security.web.util.matcher.MediaTypeRequestMatcher; import org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher; +import org.springframework.security.web.util.matcher.RequestMatcher; import org.springframework.web.accept.ContentNegotiationStrategy; import org.springframework.web.accept.HeaderContentNegotiationStrategy; @@ -170,20 +167,4 @@ public final class HttpBasicConfigurer> extends basicAuthenticationFilter = postProcess(basicAuthenticationFilter); http.addFilter(basicAuthenticationFilter); } - - private static class HttpStatusEntryPoint implements AuthenticationEntryPoint { - private final HttpStatus httpStatus; - - public HttpStatusEntryPoint(HttpStatus httpStatus) { - super(); - this.httpStatus = httpStatus; - } - - public void commence(HttpServletRequest request, - HttpServletResponse response, - AuthenticationException authException) throws IOException, - ServletException { - response.setStatus(httpStatus.value()); - } - } } \ No newline at end of file diff --git a/web/src/main/java/org/springframework/security/web/authentication/HttpStatusEntryPoint.java b/web/src/main/java/org/springframework/security/web/authentication/HttpStatusEntryPoint.java new file mode 100644 index 0000000000..2201d16ce0 --- /dev/null +++ b/web/src/main/java/org/springframework/security/web/authentication/HttpStatusEntryPoint.java @@ -0,0 +1,56 @@ +/* + * Copyright 2002-2015 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy of + * the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations under + * the License. + */ +package org.springframework.security.web.authentication; + +import java.io.IOException; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.http.HttpStatus; +import org.springframework.security.core.AuthenticationException; +import org.springframework.security.web.AuthenticationEntryPoint; +import org.springframework.util.Assert; + +/** + * An {@link AuthenticationEntryPoint} that sends a generic {@link HttpStatus} + * as a response. Useful for JavaScript clients which cannot use Basic + * authentication since the browser intercepts the response. + * + * @author Rob Winch + * @since 4.0 + */ +public final class HttpStatusEntryPoint implements AuthenticationEntryPoint { + private final HttpStatus httpStatus; + + /** + * Creates a new instance. + * + * @param httpStatus the HttpSatus to set + */ + public HttpStatusEntryPoint(HttpStatus httpStatus) { + Assert.notNull(httpStatus, "httpStatus cannot be null"); + this.httpStatus = httpStatus; + } + + public void commence(HttpServletRequest request, + HttpServletResponse response, + AuthenticationException authException) throws IOException, + ServletException { + response.setStatus(httpStatus.value()); + } +} \ No newline at end of file diff --git a/web/src/test/java/org/springframework/security/web/authentication/HttpStatusEntryPointTests.java b/web/src/test/java/org/springframework/security/web/authentication/HttpStatusEntryPointTests.java new file mode 100644 index 0000000000..c619a8269a --- /dev/null +++ b/web/src/test/java/org/springframework/security/web/authentication/HttpStatusEntryPointTests.java @@ -0,0 +1,60 @@ +/* + * Copyright 2002-2015 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy of + * the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations under + * the License. + */ +package org.springframework.security.web.authentication; + +import static org.fest.assertions.Assertions.assertThat; + +import org.junit.Before; +import org.junit.Test; +import org.springframework.http.HttpStatus; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.security.core.AuthenticationException; + +/** + * + * @author Rob Winch + * @since 4.0 + */ +public class HttpStatusEntryPointTests { + MockHttpServletRequest request; + MockHttpServletResponse response; + AuthenticationException authException; + + HttpStatusEntryPoint entryPoint; + + @SuppressWarnings("serial") + @Before + public void setup() { + request = new MockHttpServletRequest(); + response = new MockHttpServletResponse(); + authException = new AuthenticationException("") {}; + entryPoint = new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED); + } + + @Test(expected = IllegalArgumentException.class) + public void constructorNullStatus() { + new HttpStatusEntryPoint(null); + } + + @Test + public void unauthorized() throws Exception { + entryPoint.commence(request, response, authException); + + assertThat(response.getStatus()).isEqualTo(HttpStatus.UNAUTHORIZED.value()); + } + +} \ No newline at end of file