Fix the WWW-Authenticate header generation

This is dealing with the fault introduced while fixing MID-5725. Now we consistently provide "WWW-Authenticate" with the values of "Basic" and "SecQ".
Evolveum · Oct 11, 2019 · 49f8389 · 49f8389
1 parent cd01b50
commit 49f8389
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 8 deletions.
diff --git a/...pl/src/main/java/com/evolveum/midpoint/model/impl/security/MidpointRestAuthenticator.java b/...pl/src/main/java/com/evolveum/midpoint/model/impl/security/MidpointRestAuthenticator.java
@@ -108,7 +108,7 @@ public void handleRequest(AuthorizationPolicy policy, Message m, ContainerReques
 				CredentialsExpiredException | AccessDeniedException | AuthenticationCredentialsNotFoundException |
 				AuthenticationServiceException e) {
 			LOGGER.trace("Exception while authenticating username '{}' to REST service: {}", enteredUsername, e.getMessage(), e);
-			requestCtx.abortWith(Response.status(Status.UNAUTHORIZED).build());
+			RestServiceUtil.createAbortMessage(requestCtx);
 			return;
 		}
 
@@ -136,11 +136,9 @@ public void handleRequest(AuthorizationPolicy policy, Message m, ContainerReques
 			} catch (ObjectNotFoundException | SchemaException | SecurityViolationException
 					| CommunicationException | ConfigurationException | ExpressionEvaluationException e) {
 				LOGGER.trace("Exception while authenticating user identified with '{}' to REST service: {}", oid, e.getMessage(), e);
-				requestCtx.abortWith(Response.status(Status.UNAUTHORIZED).build());
+				RestServiceUtil.createAbortMessage(requestCtx);
 				return;
 			}
-
-
 		}
 
 		m.put(RestServiceUtil.MESSAGE_PROPERTY_TASK_NAME, task);

diff --git a/...com/evolveum/midpoint/model/impl/security/MidpointRestSecurityQuestionsAuthenticator.java b/...com/evolveum/midpoint/model/impl/security/MidpointRestSecurityQuestionsAuthenticator.java
@@ -117,14 +117,14 @@ protected SecurityQuestionsAuthenticationContext createAuthenticationContext(Aut
 				}
 
 				if (users.size() != 1) {
-					requestCtx.abortWith(Response.status(Status.UNAUTHORIZED).build());
+					RestServiceUtil.createAbortMessage(requestCtx);
 					return null;
 				}
 
 				PrismObject<UserType> user = users.get(0);
 				PrismContainer<SecurityQuestionAnswerType> questionAnswerContainer = user.findContainer(SchemaConstants.PATH_SECURITY_QUESTIONS_QUESTION_ANSWER);
 				if (questionAnswerContainer == null || questionAnswerContainer.isEmpty()) {
-					requestCtx.abortWith(Response.status(Status.UNAUTHORIZED).build());
+					RestServiceUtil.createAbortMessage(requestCtx);
 					return null;
 				}
 

diff --git a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/util/RestServiceUtil.java b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/util/RestServiceUtil.java
@@ -176,8 +176,12 @@ public static Response.ResponseBuilder createResultHeaders(Response.ResponseBuil
 //				.header(OPERATION_RESULT_MESSAGE, result.getMessage());
 	}
 
-	public static void createAbortMessage(ContainerRequestContext requestCtx){
-		requestCtx.abortWith(Response.status(Status.UNAUTHORIZED).build());
+	public static void createAbortMessage(ContainerRequestContext requestCtx) {
+		requestCtx.abortWith(Response.status(Status.UNAUTHORIZED)
+				.header("WWW-Authenticate",
+						RestAuthenticationMethod.BASIC.getMethod() + " realm=\"midpoint\", " +
+								RestAuthenticationMethod.SECURITY_QUESTIONS.getMethod())
+				.build());
 	}
 
 	public static void createSecurityQuestionAbortMessage(ContainerRequestContext requestCtx, String secQChallenge){