} else if (p instanceof X509Principal) {
// have to check Basic Auth here, because it might be CSP.
String authz = req.getHeader("Authorization");
- if(authz.startsWith("Basic ")) {
+ if (authz.startsWith("Basic ")) {
BasicHttpTaf bht = ((X509Principal)p).getBasicHttpTaf();
- if(bht!=null) {
+ if (bht!=null) {
BasicPrincipal bp = new BasicPrincipal(authz,"");
CredVal cv = bht.getCredVal(bp.getDomain());
- if(cv!=null) {
- if(cv.validate(bp.getName(), Type.PASSWORD, bp.getCred(), null) ) {
+ if (cv!=null) {
+ if (cv.validate(bp.getName(), Type.PASSWORD, bp.getCred(), null) ) {
resp.setStatus(HttpStatus.OK_200);
} else {
- resp.setStatus(HttpStatus.FORBIDDEN_403);
+ resp.setStatus(HttpStatus.UNAUTHORIZED_401);
}
}
} else {
int colon = decoded.indexOf(':');
TimeTaken tt = trans.start("Direct Validation", Env.REMOTE);
try {
- if(directAAFUserPass.validate(
+ if (directAAFUserPass.validate(
decoded.substring(0,colon),
CredVal.Type.PASSWORD ,
decoded.substring(colon+1).getBytes(),trans)) {
-
resp.setStatus(HttpStatus.OK_200);
} else {
// DME2 at this version crashes without some sort of response
}
}
}
- } else if(p == null) {
+ } else if (p == null) {
trans.error().log("Transaction not Authenticated... no Principal");
resp.setStatus(HttpStatus.FORBIDDEN_403);
} else {
AuthzTrans trans,
HttpServletRequest req,
HttpServletResponse resp) throws Exception {
-
+ // will be a valid Entity. Do we need to add permission
+ //if(trans.fish("ns","password","request")) or the like
Result<Date> r = context.doesCredentialMatch(trans, req, resp);
- if(r.isOK()) {
+ if (r.isOK()) {
resp.setStatus(HttpStatus.OK_200);
} else {
// For Security, we don't give any info out on why failed, other than forbidden
// Can't do "401", because that is on the call itself
- resp.setStatus(HttpStatus.FORBIDDEN_403);
+ // 403 Implies you MAY NOT Ask.
+ resp.setStatus(HttpStatus.NOT_ACCEPTABLE_406);
}
}
});
HttpServletResponse resp) throws Exception {
Result<Void> r = context.getCertInfoByID(trans, req, resp, pathParam(req,":id") );
- if(r.isOK()) {
+ if (r.isOK()) {
resp.setStatus(HttpStatus.OK_200);
} else {
// For Security, we don't give any info out on why failed, other than forbidden
*/
authzAPI.route(POST,"/authn/cred",API.CRED_REQ,new Code(facade,"Add a New ID/Credential", true) {
@Override
- public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { Result<Void> r = context.createUserCred(trans, req);
- if(r.isOK()) {
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
+ Result<Void> r = context.createUserCred(trans, req);
+ if (r.isOK()) {
resp.setStatus(HttpStatus.CREATED_201);
} else {
context.error(trans,resp,r);
HttpServletResponse resp) throws Exception {
Result<Void> r = context.getCredsByNS(trans, resp, pathParam(req, "ns"));
- if(r.isOK()) {
+ if (r.isOK()) {
resp.setStatus(HttpStatus.OK_200);
} else {
context.error(trans,resp,r);
HttpServletResponse resp) throws Exception {
Result<Void> r = context.getCredsByID(trans, resp, pathParam(req, "id"));
- if(r.isOK()) {
+ if (r.isOK()) {
resp.setStatus(HttpStatus.OK_200);
} else {
context.error(trans,resp,r);
public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
Result<Void> r = context.changeUserCred(trans, req);
- if(r.isOK()) {
+ if (r.isOK()) {
resp.setStatus(HttpStatus.OK_200);
} else {
context.error(trans,resp,r);
@Override
public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
Result<Void> r = context.extendUserCred(trans, req, pathParam(req, "days"));
- if(r.isOK()) {
+ if (r.isOK()) {
resp.setStatus(HttpStatus.OK_200);
} else {
context.error(trans,resp,r);
@Override
public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
Result<Void> r = context.deleteUserCred(trans, req);
- if(r.isOK()) {
+ if (r.isOK()) {
resp.setStatus(HttpStatus.OK_200);
} else {
context.error(trans,resp,r);