X509ProcessingFilterEntryPoint xref

View Javadoc

1   /* Copyright 2004, 2005 Acegi Technology Pty Limited
2    *
3    * Licensed under the Apache License, Version 2.0 (the "License");
4    * you may not use this file except in compliance with the License.
5    * You may obtain a copy of the License at
6    *
7    *     http://www.apache.org/licenses/LICENSE-2.0
8    *
9    * Unless required by applicable law or agreed to in writing, software
10   * distributed under the License is distributed on an "AS IS" BASIS,
11   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12   * See the License for the specific language governing permissions and
13   * limitations under the License.
14   */
15  
16  package org.acegisecurity.ui.x509;
17  
18  import org.acegisecurity.intercept.web.AuthenticationEntryPoint;
19  import org.acegisecurity.AuthenticationException;
20  
21  import javax.servlet.ServletRequest;
22  import javax.servlet.ServletResponse;
23  import javax.servlet.ServletException;
24  import javax.servlet.http.HttpServletResponse;
25  import java.io.IOException;
26  
27  import org.apache.commons.logging.Log;
28  import org.apache.commons.logging.LogFactory;
29  
30  /***
31   * In the X.509 authentication case (unlike CAS, for example) the certificate will already
32   * have been extracted from the request and a secure context established by the time
33   * the security-enforcement filter is invoked.
34   * <p>
35   * Therefore this class isn't actually responsible for the commencement of authentication, as it
36   * is in the case of other providers. It will be called if the certificate was rejected by
37   * Acegi's X509AuthenticationProvider, resulting in a null authentication.
38   * </p>
39   * The <code>commence</code> method will always return an
40   * <code>HttpServletResponse.SC_FORBIDDEN</code> (403 error).
41   *
42   *
43   * @author Luke Taylor
44   * @version $Id: X509ProcessingFilterEntryPoint.java,v 1.5 2005/11/17 00:56:28 benalex Exp $
45   * @see org.acegisecurity.intercept.web.SecurityEnforcementFilter
46   */
47  public class X509ProcessingFilterEntryPoint implements AuthenticationEntryPoint {
48      //~ Static fields/initializers =============================================
49  
50      private static final Log logger = LogFactory.getLog(X509ProcessingFilterEntryPoint.class);
51  
52      //~ Methods ================================================================
53      
54      /***
55       * Returns a 403 error code to the client.
56       */
57      public void commence(ServletRequest request, ServletResponse response, AuthenticationException authException) throws IOException, ServletException {
58          logger.debug("X509 entry point called. Rejecting access");
59          HttpServletResponse httpResponse = (HttpServletResponse)response;
60          httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN, "Access Denied");
61      }
62  }