X509ProcessingFilterEntryPoint xref

View Javadoc

1   /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
2    *
3    * Licensed under the Apache License, Version 2.0 (the "License");
4    * you may not use this file except in compliance with the License.
5    * You may obtain a copy of the License at
6    *
7    *     http://www.apache.org/licenses/LICENSE-2.0
8    *
9    * Unless required by applicable law or agreed to in writing, software
10   * distributed under the License is distributed on an "AS IS" BASIS,
11   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12   * See the License for the specific language governing permissions and
13   * limitations under the License.
14   */
15  
16  package org.acegisecurity.ui.x509;
17  
18  import java.io.IOException;
19  
20  import javax.servlet.ServletException;
21  import javax.servlet.ServletRequest;
22  import javax.servlet.ServletResponse;
23  import javax.servlet.http.HttpServletResponse;
24  
25  import org.acegisecurity.AuthenticationException;
26  import org.acegisecurity.ui.AuthenticationEntryPoint;
27  import org.apache.commons.logging.Log;
28  import org.apache.commons.logging.LogFactory;
29  
30  /**
31   * In the X.509 authentication case (unlike CAS, for example) the certificate
32   * will already have been extracted from the request and a secure context
33   * established by the time the security-enforcement filter is invoked.
34   * <p>
35   * Therefore this class isn't actually responsible for the commencement of
36   * authentication, as it is in the case of other providers. It will be called if
37   * the certificate was rejected by Acegi's X509AuthenticationProvider, resulting
38   * in a null authentication.
39   * </p>
40   * The <code>commence</code> method will always return an
41   * <code>HttpServletResponse.SC_FORBIDDEN</code> (403 error).
42   * 
43   * @author Luke Taylor
44   * @version $Id: X509ProcessingFilterEntryPoint.java 1496 2006-05-23 13:38:33Z
45   * benalex $
46   * 
47   * @see org.acegisecurity.ui.ExceptionTranslationFilter
48   */
49  public class X509ProcessingFilterEntryPoint implements AuthenticationEntryPoint {
50  	// ~ Static fields/initializers
51  	// =====================================================================================
52  
53  	private static final Log logger = LogFactory.getLog(X509ProcessingFilterEntryPoint.class);
54  
55  	// ~ Methods
56  	// ========================================================================================================
57  
58  	/**
59  	 * Returns a 403 error code to the client.
60  	 * 
61  	 * @param request DOCUMENT ME!
62  	 * @param response DOCUMENT ME!
63  	 * @param authException DOCUMENT ME!
64  	 * 
65  	 * @throws IOException DOCUMENT ME!
66  	 * @throws ServletException DOCUMENT ME!
67  	 */
68  	public void commence(ServletRequest request, ServletResponse response, AuthenticationException authException)
69  			throws IOException, ServletException {
70  		if (logger.isDebugEnabled()) {
71  			logger.debug("X509 entry point called. Rejecting access");
72  		}
73  
74  		HttpServletResponse httpResponse = (HttpServletResponse) response;
75  		httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN, "Access Denied");
76  	}
77  }