Stopping a Processing Request on Authentication Failure
Procedure
- Get the headers from the HTTPServerRequest.
- Check for authentication header.
- Validate the value of authentication header. On validation failure, set the TrafficManagerResponse to complete.
-
Mashery would terminate the request and would not send it to Customer's target sever and returns ERROR as "ERR_403_NOT_AUTHORIZED".
Unsuccessful Authentication
private void doAuthenticateEvent(AuthenticationEvent event) throws ProcessorException { //For example request doesn't contain the authorization header then user can terminate the call by marking response as complete // in order to thrown 403 ERR_403_NOT_AUTHORIZED for the incoming request. HTTPHeaders headers = event.getServerRequest().getHeaders(); if (headers != null) { String authorization = headers.get(HEADER_AUTHORIZATION); if ((null == authorization || authorization == "") || !authorization.startsWith(AUTH_BASIC)) { Logger.warn(MyCustomAuthenticator.class,"Error validating the authentication header {}",HEADER_AUTHORIZATION); event.getCallContext().getResponse().setComplete(); } }
Copyright © Cloud Software Group, Inc. All rights reserved.