From 49f838975211e2179b9f90b7f3feb86ef98bdf03 Mon Sep 17 00:00:00 2001
From: Pavol Mederly <mederly@evolveum.com>
Date: Fri, 6 Sep 2019 17:01:30 +0200
Subject: [PATCH] Fix the WWW-Authenticate header generation

This is dealing with the fault introduced while fixing MID-5725.
Now we consistently provide "WWW-Authenticate" with the values of
"Basic" and "SecQ".
---
 .../model/impl/security/MidpointRestAuthenticator.java    | 6 ++----
 .../MidpointRestSecurityQuestionsAuthenticator.java       | 4 ++--
 .../midpoint/model/impl/util/RestServiceUtil.java         | 8 ++++++--
 3 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/MidpointRestAuthenticator.java b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/MidpointRestAuthenticator.java
index fd132b441a1..f458376aa6e 100644
--- a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/MidpointRestAuthenticator.java
+++ b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/MidpointRestAuthenticator.java
@@ -108,7 +108,7 @@ public void handleRequest(AuthorizationPolicy policy, Message m, ContainerReques
 				CredentialsExpiredException | AccessDeniedException | AuthenticationCredentialsNotFoundException |
 				AuthenticationServiceException e) {
 			LOGGER.trace("Exception while authenticating username '{}' to REST service: {}", enteredUsername, e.getMessage(), e);
-			requestCtx.abortWith(Response.status(Status.UNAUTHORIZED).build());
+			RestServiceUtil.createAbortMessage(requestCtx);
 			return;
 		}
 
@@ -136,11 +136,9 @@ public void handleRequest(AuthorizationPolicy policy, Message m, ContainerReques
 			} catch (ObjectNotFoundException | SchemaException | SecurityViolationException
 					| CommunicationException | ConfigurationException | ExpressionEvaluationException e) {
 				LOGGER.trace("Exception while authenticating user identified with '{}' to REST service: {}", oid, e.getMessage(), e);
-				requestCtx.abortWith(Response.status(Status.UNAUTHORIZED).build());
+				RestServiceUtil.createAbortMessage(requestCtx);
 				return;
 			}
-
-
 		}
 
 		m.put(RestServiceUtil.MESSAGE_PROPERTY_TASK_NAME, task);
diff --git a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/MidpointRestSecurityQuestionsAuthenticator.java b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/MidpointRestSecurityQuestionsAuthenticator.java
index 3ac9c7e530f..8fc04517e1f 100644
--- a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/MidpointRestSecurityQuestionsAuthenticator.java
+++ b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/MidpointRestSecurityQuestionsAuthenticator.java
@@ -117,14 +117,14 @@ protected SecurityQuestionsAuthenticationContext createAuthenticationContext(Aut
 				}
 
 				if (users.size() != 1) {
-					requestCtx.abortWith(Response.status(Status.UNAUTHORIZED).build());
+					RestServiceUtil.createAbortMessage(requestCtx);
 					return null;
 				}
 
 				PrismObject<UserType> user = users.get(0);
 				PrismContainer<SecurityQuestionAnswerType> questionAnswerContainer = user.findContainer(SchemaConstants.PATH_SECURITY_QUESTIONS_QUESTION_ANSWER);
 				if (questionAnswerContainer == null || questionAnswerContainer.isEmpty()) {
-					requestCtx.abortWith(Response.status(Status.UNAUTHORIZED).build());
+					RestServiceUtil.createAbortMessage(requestCtx);
 					return null;
 				}
 
diff --git a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/util/RestServiceUtil.java b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/util/RestServiceUtil.java
index 04dea954047..c09a470c68e 100644
--- a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/util/RestServiceUtil.java
+++ b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/util/RestServiceUtil.java
@@ -176,8 +176,12 @@ public static Response.ResponseBuilder createResultHeaders(Response.ResponseBuil
 //				.header(OPERATION_RESULT_MESSAGE, result.getMessage());
 	}
 
-	public static void createAbortMessage(ContainerRequestContext requestCtx){
-		requestCtx.abortWith(Response.status(Status.UNAUTHORIZED).build());
+	public static void createAbortMessage(ContainerRequestContext requestCtx) {
+		requestCtx.abortWith(Response.status(Status.UNAUTHORIZED)
+				.header("WWW-Authenticate",
+						RestAuthenticationMethod.BASIC.getMethod() + " realm=\"midpoint\", " +
+								RestAuthenticationMethod.SECURITY_QUESTIONS.getMethod())
+				.build());
 	}
 
 	public static void createSecurityQuestionAbortMessage(ContainerRequestContext requestCtx, String secQChallenge){