cms/org.argeo.cms.integration/src/org/argeo/cms/websocket/CmsWebSocketConfigurator.java

   1 package org.argeo.cms.websocket;
   2
   3 import java.security.AccessController;
   4 import java.security.PrivilegedAction;
   5 import java.util.List;
   6
   7 import javax.security.auth.Subject;
   8 import javax.security.auth.login.LoginContext;
   9 import javax.websocket.Extension;
  10 import javax.websocket.HandshakeResponse;
  11 import javax.websocket.server.HandshakeRequest;
  12 import javax.websocket.server.ServerEndpointConfig;
  13 import javax.websocket.server.ServerEndpointConfig.Configurator;
  14
  15 import org.argeo.api.cms.CmsAuth;
  16 import org.argeo.api.cms.CmsLog;
  17 import org.argeo.cms.auth.RemoteAuthCallbackHandler;
  18 import org.argeo.cms.auth.RemoteAuthSession;
  19 import org.argeo.cms.servlet.ServletHttpSession;
  20 import org.osgi.service.http.context.ServletContextHelper;
  21
  22 /** Customises the initialisation of a new web socket. */
  23 public class CmsWebSocketConfigurator extends Configurator {
  24         public final static String WEBSOCKET_SUBJECT = "org.argeo.cms.websocket.subject";
  25
  26         private final static CmsLog log = CmsLog.getLog(CmsWebSocketConfigurator.class);
  27         final static String HEADER_WWW_AUTHENTICATE = "WWW-Authenticate";
  28
  29         @Override
  30         public boolean checkOrigin(String originHeaderValue) {
  31                 return true;
  32         }
  33
  34         @Override
  35         public <T> T getEndpointInstance(Class<T> endpointClass) throws InstantiationException {
  36                 try {
  37                         return endpointClass.getDeclaredConstructor().newInstance();
  38                 } catch (Exception e) {
  39                         throw new IllegalArgumentException("Cannot get endpoint instance", e);
  40                 }
  41         }
  42
  43         @Override
  44         public List<Extension> getNegotiatedExtensions(List<Extension> installed, List<Extension> requested) {
  45                 return requested;
  46         }
  47
  48         @Override
  49         public String getNegotiatedSubprotocol(List<String> supported, List<String> requested) {
  50                 if ((requested == null) || (requested.size() == 0))
  51                         return "";
  52                 if ((supported == null) || (supported.isEmpty()))
  53                         return "";
  54                 for (String possible : requested) {
  55                         if (possible == null)
  56                                 continue;
  57                         if (supported.contains(possible))
  58                                 return possible;
  59                 }
  60                 return "";
  61         }
  62
  63         @Override
  64         public void modifyHandshake(ServerEndpointConfig sec, HandshakeRequest request, HandshakeResponse response) {
  65
  66                 RemoteAuthSession httpSession = new ServletHttpSession((javax.servlet.http.HttpSession) request.getHttpSession());
  67                 if (log.isDebugEnabled() && httpSession != null)
  68                         log.debug("Web socket HTTP session id: " + httpSession.getId());
  69
  70                 if (httpSession == null) {
  71                         rejectResponse(response, null);
  72                 }
  73                 try {
  74                         LoginContext lc = new LoginContext(CmsAuth.LOGIN_CONTEXT_USER,
  75                                         new RemoteAuthCallbackHandler(httpSession));
  76                         lc.login();
  77                         if (log.isDebugEnabled())
  78                                 log.debug("Web socket logged-in as " + lc.getSubject());
  79                         Subject.doAs(lc.getSubject(), new PrivilegedAction<Void>() {
  80
  81                                 @Override
  82                                 public Void run() {
  83                                         sec.getUserProperties().put(ServletContextHelper.REMOTE_USER, AccessController.getContext());
  84                                         return null;
  85                                 }
  86
  87                         });
  88                 } catch (Exception e) {
  89                         rejectResponse(response, e);
  90                 }
  91         }
  92
  93         /**
  94          * Behaviour when the web socket could not be authenticated. Throws an
  95          * {@link IllegalStateException} by default.
  96          *
  97          * @param e can be null
  98          */
  99         protected void rejectResponse(HandshakeResponse response, Exception e) {
 100                 // violent implementation, as suggested in
 101                 // https://stackoverflow.com/questions/21763829/jsr-356-how-to-abort-a-websocket-connection-during-the-handshake
 102 //              throw new IllegalStateException("Web socket cannot be authenticated");
 103         }
 104 }
 105
 106 //if (!webServerConfig.isEmpty()) {
 107 //webServerConfig.put("customizer.class", KernelConstants.CMS_JETTY_CUSTOMIZER_CLASS);
 108 //
 109 //// TODO centralise with Jetty extender
 110 //Object webSocketEnabled = webServerConfig.get(InternalHttpConstants.WEBSOCKET_ENABLED);
 111 //if (webSocketEnabled != null && webSocketEnabled.toString().equals("true")) {
 112 //      bc.registerService(ServerEndpointConfig.Configurator.class, new CmsWebSocketConfigurator(), null);
 113 //      webServerConfig.put(InternalHttpConstants.WEBSOCKET_ENABLED, "true");
 114 //}
 115 //}