func NewRequestAuthenticator(context RequestContext, auth authenticator.Request, failed http.Handler, handler http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
user, ok, err := auth.AuthenticateRequest(req)
if err != nil || !ok {
failed.ServeHTTP(w, req)
return
}
glog.V(1).Infof("Found user, %v, when accessing %v", user, req.URL)
context.Set(req, user)
defer context.Remove(req)
handler.ServeHTTP(w, req)
})
}
// authenticationHandlerFilter creates a filter object that will enforce authentication directly
func authenticationHandlerFilter(handler http.Handler, authenticator authenticator.Request, contextMapper kapi.RequestContextMapper) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
user, ok, err := authenticator.AuthenticateRequest(req)
if err != nil || !ok {
http.Error(w, "Unauthorized", http.StatusUnauthorized)
return
}
ctx, ok := contextMapper.Get(req)
if !ok {
http.Error(w, "Unable to find request context", http.StatusInternalServerError)
return
}
if err := contextMapper.Update(req, kapi.WithUser(ctx, user)); err != nil {
glog.V(4).Infof("Error setting authenticated context: %v", err)
http.Error(w, "Unable to set authenticated request context", http.StatusInternalServerError)
return
}
handler.ServeHTTP(w, req)
})
}