boolean sendUnauthorized()

in src/main/java/org/apache/sling/auth/core/impl/HttpBasicAuthenticationHandler.java [254:292]

• 18 lines of code
• 3 McCabe index (conditional complexity)

    boolean sendUnauthorized(HttpServletResponse response) {

        if (response.isCommitted()) {

            log.error("sendUnauthorized: Cannot send 401/UNAUTHORIZED; response is already committed");

        } else {

            response.resetBuffer();

            /*
             * TODO: Check whether we have to redirect
             * If this is a GET request not targeted at the registration path
             * for which this handler is selected we have to redirect to the
             * registration path using either the provided resource attribute
             * or parameter or the current URL as the "resource" parameter
             * for the redirect and also setting the "sling:authRequestLogin"
             * parameter to "BASIC" to get the 401 response for the registration
             * path and redirect back to actual path afterwards.
             */

            // just set the status because this may be called as part of an
            // error handler in which case sendError would result in an error
            // handler loop and thus be ignored.
            response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
            response.setHeader(HEADER_WWW_AUTHENTICATE,
                AUTHENTICATION_SCHEME_BASIC + " realm=\"" + this.realm + "\"");

            try {
                response.flushBuffer();
                return true;
            } catch (IOException ioe) {
                log.error("sendUnauthorized: Failed requesting authentication",
                    ioe);
            }
        }

        return false;
    }