[Minor] Fixed HTTP return code for BasicAuth errors
This commit is contained in:
parent
68bd3dd6d6
commit
cf4ae20d0b
|
@ -3,6 +3,7 @@ package li.strolch.rest.helper;
|
|||
import jakarta.ws.rs.core.Response;
|
||||
import li.strolch.exception.StrolchAccessDeniedException;
|
||||
import li.strolch.exception.StrolchNotAuthenticatedException;
|
||||
import li.strolch.privilege.base.InvalidCredentialsException;
|
||||
import li.strolch.privilege.model.Certificate;
|
||||
import li.strolch.privilege.model.Usage;
|
||||
import li.strolch.runtime.sessions.StrolchSessionHandler;
|
||||
|
@ -27,9 +28,9 @@ public class BasicAuth {
|
|||
|
||||
public Certificate doBasicAuth(String authorization, String remoteIp) throws BasicAuthFailure {
|
||||
if (isEmpty(authorization))
|
||||
throw new BasicAuthFailure(Response.Status.UNAUTHORIZED, "Missing auth!");
|
||||
throw new BasicAuthFailure(Response.Status.UNAUTHORIZED, "No authentication!");
|
||||
if (!authorization.startsWith("Basic "))
|
||||
throw new BasicAuthFailure(Response.Status.BAD_REQUEST, "Bad request!");
|
||||
throw new BasicAuthFailure(Response.Status.BAD_REQUEST, "Invalid basic auth request!");
|
||||
|
||||
try {
|
||||
String auth = new String(Base64.getDecoder().decode(authorization.substring(6)), UTF_8);
|
||||
|
@ -39,22 +40,23 @@ public class BasicAuth {
|
|||
|
||||
return this.sessionHandler.authenticate(username, password.toCharArray(), remoteIp, Usage.SINGLE, false);
|
||||
|
||||
} catch (StrolchNotAuthenticatedException e) {
|
||||
} catch (StrolchNotAuthenticatedException | InvalidCredentialsException e) {
|
||||
logger.error(e.getMessage());
|
||||
throw new BasicAuthFailure(Response.Status.UNAUTHORIZED, "Not authenticated!", e);
|
||||
throw new BasicAuthFailure(Response.Status.UNAUTHORIZED, "Authentication failed", e);
|
||||
} catch (StrolchAccessDeniedException e) {
|
||||
logger.error(e.getMessage());
|
||||
throw new BasicAuthFailure(Response.Status.UNAUTHORIZED, "User is not authorized!", e);
|
||||
throw new BasicAuthFailure(Response.Status.FORBIDDEN, "User is not authorized!", e);
|
||||
} catch (Exception e) {
|
||||
logger.error(e.getMessage());
|
||||
|
||||
Throwable rootCause = ExceptionHelper.getRootCause(e);
|
||||
if (rootCause instanceof StrolchNotAuthenticatedException) {
|
||||
if (rootCause instanceof StrolchNotAuthenticatedException
|
||||
|| rootCause instanceof InvalidCredentialsException) {
|
||||
logger.error(e.getMessage());
|
||||
throw new BasicAuthFailure(Response.Status.UNAUTHORIZED, "Not authenticated!", e);
|
||||
throw new BasicAuthFailure(Response.Status.UNAUTHORIZED, "Authentication failed", e);
|
||||
} else if (rootCause instanceof StrolchAccessDeniedException) {
|
||||
logger.error(e.getMessage());
|
||||
throw new BasicAuthFailure(Response.Status.UNAUTHORIZED, "User is not authorized!", e);
|
||||
throw new BasicAuthFailure(Response.Status.FORBIDDEN, "User is not authorized!", e);
|
||||
}
|
||||
|
||||
throw new BasicAuthFailure(Response.Status.INTERNAL_SERVER_ERROR, "Internal error", e);
|
||||
|
|
Loading…
Reference in New Issue