diff options
author | Anton Tananaev <anton.tananaev@gmail.com> | 2016-12-28 05:56:10 +1300 |
---|---|---|
committer | Anton Tananaev <anton.tananaev@gmail.com> | 2016-12-28 04:56:10 +1300 |
commit | 4ebf4b522d002884e4f2c009eef62ce2c2ab9859 (patch) | |
tree | 2de15e3a9b01f7e5d29c5a3318bbfd59cfd159c3 /src/org/traccar/api | |
parent | 94eb4c83a07bf212fe2981ee7ee8e2c323f7001c (diff) | |
download | trackermap-server-4ebf4b522d002884e4f2c009eef62ce2c2ab9859.tar.gz trackermap-server-4ebf4b522d002884e4f2c009eef62ce2c2ab9859.tar.bz2 trackermap-server-4ebf4b522d002884e4f2c009eef62ce2c2ab9859.zip |
No Authorization header for ajax
Diffstat (limited to 'src/org/traccar/api')
-rw-r--r-- | src/org/traccar/api/SecurityRequestFilter.java | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/src/org/traccar/api/SecurityRequestFilter.java b/src/org/traccar/api/SecurityRequestFilter.java index ca3ebf04d..7024bdbc9 100644 --- a/src/org/traccar/api/SecurityRequestFilter.java +++ b/src/org/traccar/api/SecurityRequestFilter.java @@ -38,6 +38,8 @@ public class SecurityRequestFilter implements ContainerRequestFilter { public static final String AUTHORIZATION_HEADER = "Authorization"; public static final String WWW_AUTHENTICATE = "WWW-Authenticate"; public static final String BASIC_REALM = "Basic realm=\"api\""; + public static final String X_REQUESTED_WITH = "X-Requested-With"; + public static final String XML_HTTP_REQUEST = "XMLHttpRequest"; public static String[] decodeBasicAuth(String auth) { auth = auth.replaceFirst("[B|b]asic ", ""); @@ -99,8 +101,11 @@ public class SecurityRequestFilter implements ContainerRequestFilter { } else { Method method = resourceInfo.getResourceMethod(); if (!method.isAnnotationPresent(PermitAll.class)) { - throw new WebApplicationException( - Response.status(Response.Status.UNAUTHORIZED).header(WWW_AUTHENTICATE, BASIC_REALM).build()); + Response.ResponseBuilder responseBuilder = Response.status(Response.Status.UNAUTHORIZED); + if (!XML_HTTP_REQUEST.equals(request.getHeader(X_REQUESTED_WITH))) { + responseBuilder.header(WWW_AUTHENTICATE, BASIC_REALM); + } + throw new WebApplicationException(responseBuilder.build()); } } |