QPID-4292: Java Web Management - standardise of the use of SC_FORBIDDEN and avoid ugly stack trace in logs in response to some authorisation failures

Work of Robbie Gemmell <robbie@apache.org> and myself.

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1383894 13f79535-47bb-0310-9956-ffa450edef68

6 files changed, 15 insertions, 14 deletions

diff --git a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/DefinedFileServlet.java b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/DefinedFileServlet.java
index d8a8395550..e6ae47dcff 100644
--- a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/DefinedFileServlet.java
+++ b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/DefinedFileServlet.java
@@ -73,7 +73,7 @@ public class DefinedFileServlet extends HttpServlet
         }
         else
         {
-            response.sendError(404, "unknown file: "+ _filename);
+            response.sendError(HttpServletResponse.SC_NOT_FOUND, "unknown file: "+ _filename);
         }
     }
 }
diff --git a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/FileServlet.java b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/FileServlet.java
index f8ca082d79..24e5e7c049 100644
--- a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/FileServlet.java
+++ b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/FileServlet.java
@@ -20,11 +20,8 @@
  */
 package org.apache.qpid.server.management.plugin.servlet;
 
-import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
-import java.net.URI;
-import java.net.URISyntaxException;
 import java.net.URL;
 import java.util.Collections;
 import java.util.HashMap;
@@ -101,7 +98,7 @@ public class FileServlet extends HttpServlet
         }
         else
         {
-            response.sendError(404, "unknown file: "+ filename);
+            response.sendError(HttpServletResponse.SC_NOT_FOUND, "unknown file: "+ filename);
         }
 
     }
diff --git a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/MessageServlet.java b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/MessageServlet.java
index 3920443b07..4bbb43be70 100644
--- a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/MessageServlet.java
+++ b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/MessageServlet.java
@@ -435,7 +435,7 @@ public class MessageServlet extends AbstractServlet
             }
             else
             {
-                response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+                response.setStatus(HttpServletResponse.SC_FORBIDDEN);
             }
         }
         catch(RuntimeException e)
@@ -473,7 +473,7 @@ public class MessageServlet extends AbstractServlet
         }
         else
         {
-            response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+            response.setStatus(HttpServletResponse.SC_FORBIDDEN);
         }
 
     }
diff --git a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/RestServlet.java b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/RestServlet.java
index f2ca25d664..203fa66ff9 100644
--- a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/RestServlet.java
+++ b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/RestServlet.java
@@ -19,6 +19,7 @@ package org.apache.qpid.server.management.plugin.servlet.rest;
 import java.io.BufferedWriter;
 import java.io.IOException;
 import java.io.Writer;
+import java.security.AccessControlException;
 import java.util.*;
 import javax.servlet.ServletConfig;
 import javax.servlet.ServletException;
@@ -465,10 +466,13 @@ public class RestServlet extends AbstractServlet
 
     private void setResponseStatus(HttpServletResponse response, RuntimeException e) throws IOException
     {
-        if (e.getCause() instanceof AMQSecurityException)
+        if (e instanceof AccessControlException || e.getCause() instanceof AMQSecurityException)
         {
-            LOGGER.debug("Caught AMQSecurityException", e);
-            response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+            if (LOGGER.isDebugEnabled())
+            {
+                LOGGER.debug("Caught security exception, sending " + HttpServletResponse.SC_FORBIDDEN, e);
+            }
+            response.setStatus(HttpServletResponse.SC_FORBIDDEN);
         }
         else
         {
diff --git a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/SaslServlet.java b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/SaslServlet.java
index 0a035006c7..df77f9dc5d 100644
--- a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/SaslServlet.java
+++ b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/SaslServlet.java
@@ -228,7 +228,7 @@ public class SaslServlet extends AbstractServlet
             session.removeAttribute(ATTR_ID);
             session.removeAttribute(ATTR_SASL_SERVER);
             session.removeAttribute(ATTR_EXPIRY);
-            response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+            response.setStatus(HttpServletResponse.SC_FORBIDDEN);
 
             return;
         }
diff --git a/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/authorization/sasl.js b/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/authorization/sasl.js
index f003b896eb..98313c6798 100644
--- a/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/authorization/sasl.js
+++ b/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/authorization/sasl.js
@@ -71,7 +71,7 @@ var saslPlain = function saslPlain(user, password)
             },
             function(error)
             {
-                if(error.status == 401)
+                if(error.status == 403)
                 {
                     alert("Authentication Failed");
                 }
@@ -127,7 +127,7 @@ var saslCramMD5 = function saslCramMD5(user, password)
                                         },
                                         function(error)
                                         {
-                                            if(error.status == 401)
+                                            if(error.status == 403)
                                             {
                                                 alert("Authentication Failed");
                                             }
@@ -141,7 +141,7 @@ var saslCramMD5 = function saslCramMD5(user, password)
             },
             function(error)
             {
-                if(error.status == 401)
+                if(error.status == 403)
                 {
                     alert("Authentication Failed");
                 }