01: /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
02: *
03: * Licensed under the Apache License, Version 2.0 (the "License");
04: * you may not use this file except in compliance with the License.
05: * You may obtain a copy of the License at
06: *
07: * http://www.apache.org/licenses/LICENSE-2.0
08: *
09: * Unless required by applicable law or agreed to in writing, software
10: * distributed under the License is distributed on an "AS IS" BASIS,
11: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12: * See the License for the specific language governing permissions and
13: * limitations under the License.
14: */
15:
16: package org.acegisecurity.ui.x509;
17:
18: import java.io.IOException;
19:
20: import javax.servlet.ServletException;
21: import javax.servlet.ServletRequest;
22: import javax.servlet.ServletResponse;
23: import javax.servlet.http.HttpServletResponse;
24:
25: import org.acegisecurity.AuthenticationException;
26: import org.acegisecurity.ui.AuthenticationEntryPoint;
27: import org.apache.commons.logging.Log;
28: import org.apache.commons.logging.LogFactory;
29:
30: /**
31: * In the X.509 authentication case (unlike CAS, for example) the certificate
32: * will already have been extracted from the request and a secure context
33: * established by the time the security-enforcement filter is invoked.
34: * <p>
35: * Therefore this class isn't actually responsible for the commencement of
36: * authentication, as it is in the case of other providers. It will be called if
37: * the certificate was rejected by Acegi's X509AuthenticationProvider, resulting
38: * in a null authentication.
39: * </p>
40: * The <code>commence</code> method will always return an
41: * <code>HttpServletResponse.SC_FORBIDDEN</code> (403 error).
42: *
43: * @author Luke Taylor
44: * @version $Id: X509ProcessingFilterEntryPoint.java 1496 2006-05-23 13:38:33Z
45: * benalex $
46: *
47: * @see org.acegisecurity.ui.ExceptionTranslationFilter
48: */
49: public class X509ProcessingFilterEntryPoint implements
50: AuthenticationEntryPoint {
51: // ~ Static fields/initializers
52: // =====================================================================================
53:
54: private static final Log logger = LogFactory
55: .getLog(X509ProcessingFilterEntryPoint.class);
56:
57: // ~ Methods
58: // ========================================================================================================
59:
60: /**
61: * Returns a 403 error code to the client.
62: *
63: * @param request DOCUMENT ME!
64: * @param response DOCUMENT ME!
65: * @param authException DOCUMENT ME!
66: *
67: * @throws IOException DOCUMENT ME!
68: * @throws ServletException DOCUMENT ME!
69: */
70: public void commence(ServletRequest request,
71: ServletResponse response,
72: AuthenticationException authException) throws IOException,
73: ServletException {
74: if (logger.isDebugEnabled()) {
75: logger.debug("X509 entry point called. Rejecting access");
76: }
77:
78: HttpServletResponse httpResponse = (HttpServletResponse) response;
79: httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN,
80: "Access Denied");
81: }
82: }
|