Added /$login path to basic auth to force login when anonymous access is allowed

Author: hylkevds

CHANGELOG.md

@@ -4,9 +4,11 @@
 
 **New Features**
 * Added support for headers in JSON-Batch requets, enabling JSON-Patch requests in JSON-Batch requests.
+* Added `/$login` path to basic auth to force login when anonymous access is allowed.
 
 **Internal changes & Bugfixes**
-* Fixed #1754: resultTime/phenomenonTime mixup in MultiDatastream
+* Fixed #1754: resultTime/phenomenonTime mixup in MultiDatastream.
+* Improved loading speed of custom data models.
 
 
 ## Release version 2.2.0

FROST-Server.Auth.Basic/src/main/java/de/fraunhofer/iosb/ilt/frostserver/auth/basic/BasicAuthFilter.java

@@ -82,6 +82,7 @@ public class BasicAuthFilter implements Filter {
     private static final String AUTHORIZATION_HEADER = "Authorization";
     private static final String AUTHORIZATION_REQUIRED_HEADER = "WWW-Authenticate";
     private static final String BASIC_PREFIX = "Basic ";
+    private static final String LOGIN_PATH = "/$login";
     private static final UserData USER_DATA_NO_USER = new UserData(null, null);
 
     private boolean allowAnonymous;
@@ -94,6 +95,8 @@ public class BasicAuthFilter implements Filter {
 
     private String roleAdmin;
 
+    private String serviceRootUrl;
+
     @Override
     public void init(FilterConfig filterConfig) throws ServletException {
         LOGGER.info("Turning on Basic authentication.");
@@ -117,6 +120,7 @@ public void init(FilterConfig filterConfig) throws ServletException {
         CoreSettings coreSettings = (CoreSettings) attribute;
         Settings authSettings = coreSettings.getAuthSettings();
 
+        serviceRootUrl = coreSettings.getQueryDefaults().getServiceRootUrl();
         databaseHandler = DatabaseHandler.getInstance(coreSettings);
         String realmName = authSettings.get(TAG_AUTH_REALM_NAME, BasicAuthProvider.class);
         authHeaderValue = "Basic realm=\"" + realmName + "\", charset=\"UTF-8\"";
@@ -181,26 +185,41 @@ public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain
         final HttpServletRequest request = (HttpServletRequest) req;
         final HttpServletResponse response = (HttpServletResponse) resp;
 
-        final HttpMethod method;
-        try {
-            method = HttpMethod.valueOf(request.getMethod().toUpperCase());
-        } catch (IllegalArgumentException exc) {
-            LOGGER.debug("Rejecting request: Unknown method: {}.", request.getMethod());
-            LOGGER.trace("", exc);
-            throwAuthRequired(response);
-            return;
-        }
-
         UserData userData = findCredentials(request);
+        String pathInfo = request.getPathInfo();
+        if (pathInfo == null) {
+            pathInfo = "";
+        }
 
+        if (pathInfo.endsWith(LOGIN_PATH)) {
+            if (userData == USER_DATA_NO_USER) {
+                // Login path requested, force login.
+                throwAuthRequired(response);
+                return;
+            } else {
+                response.sendRedirect(serviceRootUrl + pathInfo.substring(0, pathInfo.length() - LOGIN_PATH.length()));
+                return;
+            }
+        }
         if (authenticateOnly) {
             if (!allowAnonymous && userData == USER_DATA_NO_USER) {
                 // We only authenticate, there is no user, but we don't allow anonymous.
                 throwAuthRequired(response);
+                return;
             } else {
                 boolean admin = userData.roles.contains(roleAdmin);
                 chain.doFilter(new RequestWrapper(request, new PrincipalExtended(userData.userName, admin, userData.roles)), response);
+                return;
             }
+        }
+
+        final HttpMethod method;
+        try {
+            method = HttpMethod.valueOf(request.getMethod().toUpperCase());
+        } catch (IllegalArgumentException exc) {
+            LOGGER.debug("Rejecting request: Unknown method: {}.", request.getMethod());
+            LOGGER.trace("", exc);
+            throwAuthRequired(response);
             return;
         }