]> git.argeo.org Git - lgpl/argeo-commons.git/blob - internal/http/DataHttpContext.java
projects / lgpl / argeo-commons.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Prepare next development cycle
[lgpl/argeo-commons.git] / internal / http / DataHttpContext.java
1 package org.argeo.cms.internal.http;
2
3 import java.io.IOException;
4 import java.net.URL;
5
6 import javax.security.auth.login.LoginContext;
7 import javax.security.auth.login.LoginException;
8 import javax.servlet.http.HttpServletRequest;
9 import javax.servlet.http.HttpServletResponse;
10
11 import org.apache.commons.logging.Log;
12 import org.apache.commons.logging.LogFactory;
13 import org.argeo.api.NodeConstants;
14 import org.argeo.cms.auth.HttpRequestCallbackHandler;
15 import org.osgi.framework.BundleContext;
16 import org.osgi.framework.FrameworkUtil;
17 import org.osgi.service.http.HttpContext;
18
19 @Deprecated
20 public class DataHttpContext implements HttpContext {
21 private final static Log log = LogFactory.getLog(DataHttpContext.class);
22
23 private final BundleContext bc = FrameworkUtil.getBundle(getClass()).getBundleContext();
24
25 // FIXME Make it more unique
26 private final String httpAuthRealm;
27 private final boolean forceBasic;
28
29 public DataHttpContext(String httpAuthrealm, boolean forceBasic) {
30 this.httpAuthRealm = httpAuthrealm;
31 this.forceBasic = forceBasic;
32 }
33
34 public DataHttpContext(String httpAuthrealm) {
35 this(httpAuthrealm, false);
36 }
37
38 @Override
39 public boolean handleSecurity(final HttpServletRequest request, HttpServletResponse response) throws IOException {
40
41 if (log.isTraceEnabled())
42 HttpUtils.logRequestHeaders(log, request);
43 LoginContext lc;
44 try {
45 lc = new LoginContext(NodeConstants.LOGIN_CONTEXT_USER, new HttpRequestCallbackHandler(request, response));
46 lc.login();
47 } catch (LoginException e) {
48 lc = processUnauthorized(request, response);
49 if (lc == null)
50 return false;
51 }
52 return true;
53 }
54
55 @Override
56 public URL getResource(String name) {
57 return bc.getBundle().getResource(name);
58 }
59
60 @Override
61 public String getMimeType(String name) {
62 return null;
63 }
64
65 protected LoginContext processUnauthorized(HttpServletRequest request, HttpServletResponse response) {
66 // anonymous
67 try {
68 LoginContext lc = new LoginContext(NodeConstants.LOGIN_CONTEXT_ANONYMOUS, new HttpRequestCallbackHandler(request, response));
69 lc.login();
70 return lc;
71 } catch (LoginException e1) {
72 if (log.isDebugEnabled())
73 log.error("Cannot log in as anonymous", e1);
74 return null;
75 }
76 }
77 protected void askForWwwAuth(HttpServletRequest request, HttpServletResponse response) {
78 response.setStatus(401);
79 // response.setHeader(HttpUtils.HEADER_WWW_AUTHENTICATE, "basic
80 // realm=\"" + httpAuthRealm + "\"");
81 if (org.argeo.cms.internal.kernel.Activator.getAcceptorCredentials() != null && !forceBasic)// SPNEGO
82 response.setHeader(HttpUtils.HEADER_WWW_AUTHENTICATE, "Negotiate");
83 else
84 response.setHeader(HttpUtils.HEADER_WWW_AUTHENTICATE, "Basic realm=\"" + httpAuthRealm + "\"");
85
86 // response.setDateHeader("Date", System.currentTimeMillis());
87 // response.setDateHeader("Expires", System.currentTimeMillis() + (24 *
88 // 60 * 60 * 1000));
89 // response.setHeader("Accept-Ranges", "bytes");
90 // response.setHeader("Connection", "Keep-Alive");
91 // response.setHeader("Keep-Alive", "timeout=5, max=97");
92 // response.setContentType("text/html; charset=UTF-8");
93
94 }
95
96 }
Argeo Commons - Lightweight integration framework in pure Java/OSGi