aboutsummaryrefslogtreecommitdiff
path: root/src/org/traccar/api
diff options
context:
space:
mode:
authorAnton Tananaev <anton.tananaev@gmail.com>2016-12-28 05:56:10 +1300
committerAnton Tananaev <anton.tananaev@gmail.com>2016-12-28 04:56:10 +1300
commit4ebf4b522d002884e4f2c009eef62ce2c2ab9859 (patch)
tree2de15e3a9b01f7e5d29c5a3318bbfd59cfd159c3 /src/org/traccar/api
parent94eb4c83a07bf212fe2981ee7ee8e2c323f7001c (diff)
downloadtrackermap-server-4ebf4b522d002884e4f2c009eef62ce2c2ab9859.tar.gz
trackermap-server-4ebf4b522d002884e4f2c009eef62ce2c2ab9859.tar.bz2
trackermap-server-4ebf4b522d002884e4f2c009eef62ce2c2ab9859.zip
No Authorization header for ajax
Diffstat (limited to 'src/org/traccar/api')
-rw-r--r--src/org/traccar/api/SecurityRequestFilter.java9
1 files changed, 7 insertions, 2 deletions
diff --git a/src/org/traccar/api/SecurityRequestFilter.java b/src/org/traccar/api/SecurityRequestFilter.java
index ca3ebf04d..7024bdbc9 100644
--- a/src/org/traccar/api/SecurityRequestFilter.java
+++ b/src/org/traccar/api/SecurityRequestFilter.java
@@ -38,6 +38,8 @@ public class SecurityRequestFilter implements ContainerRequestFilter {
public static final String AUTHORIZATION_HEADER = "Authorization";
public static final String WWW_AUTHENTICATE = "WWW-Authenticate";
public static final String BASIC_REALM = "Basic realm=\"api\"";
+ public static final String X_REQUESTED_WITH = "X-Requested-With";
+ public static final String XML_HTTP_REQUEST = "XMLHttpRequest";
public static String[] decodeBasicAuth(String auth) {
auth = auth.replaceFirst("[B|b]asic ", "");
@@ -99,8 +101,11 @@ public class SecurityRequestFilter implements ContainerRequestFilter {
} else {
Method method = resourceInfo.getResourceMethod();
if (!method.isAnnotationPresent(PermitAll.class)) {
- throw new WebApplicationException(
- Response.status(Response.Status.UNAUTHORIZED).header(WWW_AUTHENTICATE, BASIC_REALM).build());
+ Response.ResponseBuilder responseBuilder = Response.status(Response.Status.UNAUTHORIZED);
+ if (!XML_HTTP_REQUEST.equals(request.getHeader(X_REQUESTED_WITH))) {
+ responseBuilder.header(WWW_AUTHENTICATE, BASIC_REALM);
+ }
+ throw new WebApplicationException(responseBuilder.build());
}
}