001/* 002 * Copyright 2012-2017 the original author or authors. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 */ 016 017package org.springframework.boot.autoconfigure.security; 018 019import java.io.IOException; 020 021import javax.servlet.ServletException; 022import javax.servlet.http.HttpServletRequest; 023import javax.servlet.http.HttpServletResponse; 024 025import org.springframework.security.core.AuthenticationException; 026import org.springframework.security.web.AuthenticationEntryPoint; 027import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint; 028 029/** 030 * AuthenticationEntryPoint that sends a 401 and Parameterized by the value of the 031 * {@code WWW-Authenticate} header. Like the {@link BasicAuthenticationEntryPoint} but 032 * more flexible. 033 * 034 * @author Dave Syer 035 * @since 1.3.0 036 */ 037public class Http401AuthenticationEntryPoint implements AuthenticationEntryPoint { 038 039 private final String headerValue; 040 041 public Http401AuthenticationEntryPoint(String headerValue) { 042 this.headerValue = headerValue; 043 } 044 045 @Override 046 public void commence(HttpServletRequest request, HttpServletResponse response, 047 AuthenticationException authException) throws IOException, ServletException { 048 response.setHeader("WWW-Authenticate", this.headerValue); 049 response.sendError(HttpServletResponse.SC_UNAUTHORIZED, 050 authException.getMessage()); 051 } 052 053}