Is there a way to work around RatpackPac4j#requireAuth not setting the WWW-Authenticate header?

回眸只為那壹抹淺笑 提交于 2020-01-06 07:15:22

问题


When testing Pac4j (2.x) authentication in the context of a Ratpack (1.5.x) app, I find that when I use this handler:

all RatpackPac4j.requireAuth(HeaderClient)

...Unauthorised requests get rejected correctly with a 401 status, and RFC-7235 states that a WWW-Authenticate header should be added, and it is not.

I raised an issue on the RatpackPac4j tracker here, but it was closed as (I infer) "won't fix" since Pac4j v3 implements this properly. And RatpackPac4j has not been upgraded to work with Pac4j v3 yet.

So: is it possible to insert something which post-process all responses to, for example, conditionally add a header based on the response?

Aside - I'm using the following versions in my gradle config:

    compile group: 'io.ratpack', name: 'ratpack-groovy', version: '1.5.4'
    compile group: 'org.slf4j', name: 'slf4j-simple', version: '1.7.25'
//    compile ratpack.dependency('pac4j') // Don't use this, because we need the org.pac4j version
    compile group: 'org.pac4j', name: 'ratpack-pac4j', version: '2.0.0'
    compile group: 'org.pac4j', name: 'pac4j-core', version: '2.2.1'
    compile group: 'org.pac4j', name: 'pac4j-jwt', version: '2.2.1'
    compile group: 'org.pac4j', name: 'pac4j-http', version: '2.2.1'

回答1:


Thanks to John Engelman in the Ratpack Slack channel, here is a work-around: use Response#beforeSend

handlers {
  all {
    response.beforeSend { response ->
      if (response.status.code == 401) {
        response.headers.set('WWW-Authenticate', 'bearer realm="authenticated api"')
      }
    }
  }
}

Note that this handler must be inserted before any others which may generate a 401 response or the callback will not be bound when they are triggered.



来源:https://stackoverflow.com/questions/50926500/is-there-a-way-to-work-around-ratpackpac4jrequireauth-not-setting-the-www-authe

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!