in geronimo-metrics-common/src/main/java/org/apache/geronimo/microprofile/metrics/common/jaxrs/SecurityValidator.java [55:68]
public void checkSecurity(final SecurityContext securityContext, final UriInfo uriInfo) {
if (acceptedHosts != null && uriInfo != null) {
final String host = uriInfo.getRequestUri().getHost();
if (host == null || acceptedHosts.stream().noneMatch(it -> it.test(host))) {
throw new WebApplicationException(Response.Status.NOT_FOUND);
}
}
if (!hasValidRole(securityContext)) {
if (securityContext == null || securityContext.getUserPrincipal() == null) {
throw new WebApplicationException(Response.Status.UNAUTHORIZED);
}
throw new WebApplicationException(Response.Status.FORBIDDEN);
}
}