Examples with LiteralRestResponseException com.peterphi.std.guice.web.rest.jaxrs.exception.LiteralRestResponseException used on opensource projects

Example 1 with LiteralRestResponseException

use of com.peterphi.std.guice.web.rest.jaxrs.exception.LiteralRestResponseException in project stdlib by petergeneric.

the class RedirectToOAuthAccessRefuser method refuse.

@Override
public Throwable refuse(final AuthScope scope, final AuthConstraint constraint, final CurrentUser login) {
    final RestException accessDeniedException = new RestException(403, "You do not have sufficient privileges to access this resource" + (constraint != null ? ": " + constraint.comment() : "") + ". Required role: " + scope.getRole(constraint) + ". You are: anonymous=" + login.isAnonymous() + ", browser=" + isBrowserConsumer());
    // If the user is logged in, deny access with a 403
    if (!login.isAnonymous()) {
        throw accessDeniedException;
    } else if (!isBrowserConsumer()) {
        // Non-browser consumer, send back an HTTP 401 immediately
        // TODO allow configuration of Basic with a realm?
        Response tryBasicAuth = Response.status(401).header("WWW-Authenticate", "Bearer").build();
        throw new LiteralRestResponseException(tryBasicAuth, accessDeniedException);
    } else if (!isGETRequest()) {
        // Don't redirect requests other than GET (the browser will retry the POST/PUT/DELETE/etc. against the redirect endpoint!
        throw new RestException(401, "You must log in to access this resource! Could not redirect you to the login provider because you were submitting a form, not requesting a page. Please return to the main page of the application and proceed to log in", accessDeniedException);
    } else {
        // Start an authorisation flow with the OAuth2 provider
        final OAuth2SessionRef sessionRef = sessionRefProvider.get();
        final URI redirectTo = sessionRef.getAuthFlowStartEndpoint(getRequestURI(), null);
        throw new LiteralRestResponseException(Response.seeOther(redirectTo).build(), accessDeniedException);
    }
}

Example 2 with LiteralRestResponseException

use of com.peterphi.std.guice.web.rest.jaxrs.exception.LiteralRestResponseException in project stdlib by petergeneric.

the class RedirectToLoginAccessRefuser method refuse.

@Override
public Throwable refuse(final AuthScope scope, final AuthConstraint constraint, final CurrentUser login) {
    AuthenticationFailureException exception = new AuthenticationFailureException("You do not have sufficient privileges to access this resource" + (constraint != null ? ": " + constraint.comment() : "") + ". Required role: " + scope.getRole(constraint));
    if (!login.isAnonymous()) {
        throw exception;
    } else {
        final UriBuilder builder = UriBuilder.fromPath("/login");
        // Try to populate returnTo with the page the user tried to access
        if (HttpCallContext.peek() != null) {
            final HttpServletRequest request = HttpCallContext.get().getRequest();
            // Apply a heuristic to determine if this is a service or browser request
            if (!isBrowserConsumer(request)) {
                // Non-browser consumer, send back an HTTP 401 immediately
                Response tryBasicAuth = Response.status(401).header("WWW-Authenticate", "Basic realm=\"user manager\"").build();
                throw new LiteralRestResponseException(tryBasicAuth, exception);
            } else {
                // Don't redirect POST/HEAD/PUT requests to the login page
                if (!request.getMethod().equalsIgnoreCase("GET"))
                    throw exception;
                builder.queryParam("returnTo", getRequestURI(request));
            }
        }
        builder.queryParam("errorText", "You must log in to access this page.");
        final Response response = Response.seeOther(builder.build()).build();
        throw new LiteralRestResponseException(response, exception);
    }
}