/** * ************************************************************************************************* * * <p> * * <p>This file is part of WebGoat, an Open Web Application Security Project utility. For details, * please see http://www.owasp.org/ * * <p>Copyright (c) 2002 - 2014 Bruce Mayhew * * <p>This program is free software; you can redistribute it and/or modify it under the terms of the * GNU General Public License as published by the Free Software Foundation; either version 2 of the * License, or (at your option) any later version. * * <p>This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * <p>You should have received a copy of the GNU General Public License along with this program; if * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA * 02111-1307, USA. * * <p>Getting Source ============== * * <p>Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository * for free software projects. */ package org.owasp.webgoat.container; import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.springframework.security.core.AuthenticationException; import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint; /** * AjaxAuthenticationEntryPoint class. * * @author zupzup */ public class AjaxAuthenticationEntryPoint extends LoginUrlAuthenticationEntryPoint { public AjaxAuthenticationEntryPoint(String loginFormUrl) { super(loginFormUrl); } @Override public void commence( HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException { if (request.getHeader("x-requested-with") != null) { response.sendError(401, authException.getMessage()); } else { super.commence(request, response, authException); } } }