]> git.argeo.org Git - lgpl/argeo-commons.git/blob - org.argeo.cms/src/org/argeo/cms/AbstractCmsEntryPoint.java
projects / lgpl / argeo-commons.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Fix issue with session authentication in web.
[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / AbstractCmsEntryPoint.java
1 package org.argeo.cms;
2
3 import java.security.AccessControlContext;
4 import java.security.PrivilegedAction;
5 import java.util.HashMap;
6 import java.util.Locale;
7 import java.util.Map;
8 import java.util.ResourceBundle;
9
10 import javax.jcr.Node;
11 import javax.jcr.Property;
12 import javax.jcr.Repository;
13 import javax.jcr.RepositoryException;
14 import javax.jcr.Session;
15 import javax.jcr.nodetype.NodeType;
16 import javax.security.auth.Subject;
17 import javax.security.auth.login.LoginException;
18 import javax.security.auth.x500.X500Principal;
19 import javax.servlet.http.HttpServletRequest;
20 import javax.servlet.http.HttpSession;
21
22 import org.apache.commons.logging.Log;
23 import org.apache.commons.logging.LogFactory;
24 import org.argeo.ArgeoException;
25 import org.argeo.cms.auth.ArgeoLoginContext;
26 import org.argeo.cms.auth.LoginRequiredException;
27 import org.argeo.cms.i18n.Msg;
28 import org.argeo.jcr.JcrUtils;
29 import org.eclipse.rap.rwt.RWT;
30 import org.eclipse.rap.rwt.application.AbstractEntryPoint;
31 import org.eclipse.rap.rwt.client.WebClient;
32 import org.eclipse.rap.rwt.client.service.BrowserNavigation;
33 import org.eclipse.rap.rwt.client.service.BrowserNavigationEvent;
34 import org.eclipse.rap.rwt.client.service.BrowserNavigationListener;
35 import org.eclipse.rap.rwt.client.service.JavaScriptExecutor;
36 import org.eclipse.swt.widgets.Composite;
37 import org.eclipse.swt.widgets.Display;
38 import org.eclipse.swt.widgets.Shell;
39
40 /** Manages history and navigation */
41 public abstract class AbstractCmsEntryPoint extends AbstractEntryPoint
42 implements CmsView {
43 private final Log log = LogFactory.getLog(AbstractCmsEntryPoint.class);
44
45 private final Subject subject;
46
47 private final Repository repository;
48 private final String workspace;
49 private final String defaultPath;
50 private final Map<String, String> factoryProperties;
51
52 // Current state
53 private Session session;
54 private Node node;
55 private String state;
56 private String page;
57 private Throwable exception;
58
59 // Client services
60 private final JavaScriptExecutor jsExecutor;
61 private final BrowserNavigation browserNavigation;
62
63 public AbstractCmsEntryPoint(Repository repository, String workspace,
64 String defaultPath, Map<String, String> factoryProperties) {
65 this.repository = repository;
66 this.workspace = workspace;
67 this.defaultPath = defaultPath;
68 this.factoryProperties = new HashMap<String, String>(factoryProperties);
69
70 // load context from session
71 HttpServletRequest httpRequest = RWT.getRequest();
72 final HttpSession httpSession = httpRequest.getSession();
73 AccessControlContext acc = (AccessControlContext) httpSession
74 .getAttribute(KernelHeader.ACCESS_CONTROL_CONTEXT);
75 if (acc != null
76 && Subject.getSubject(acc).getPrincipals(X500Principal.class)
77 .size() == 1) {
78 subject = Subject.getSubject(acc);
79 } else {
80 subject = new Subject();
81
82 // Initial login
83 try {
84 new ArgeoLoginContext(KernelHeader.LOGIN_CONTEXT_USER, subject)
85 .login();
86 } catch (LoginException e) {
87 // if (log.isTraceEnabled())
88 // log.trace("Cannot authenticate user", e);
89 try {
90 new ArgeoLoginContext(KernelHeader.LOGIN_CONTEXT_ANONYMOUS,
91 subject).login();
92 } catch (LoginException eAnonymous) {
93 throw new ArgeoException("Cannot initialize subject",
94 eAnonymous);
95 }
96 }
97 }
98 authChange();
99
100 jsExecutor = RWT.getClient().getService(JavaScriptExecutor.class);
101 browserNavigation = RWT.getClient().getService(BrowserNavigation.class);
102 if (browserNavigation != null)
103 browserNavigation
104 .addBrowserNavigationListener(new CmsNavigationListener());
105 }
106
107 @Override
108 protected Shell createShell(Display display) {
109 Shell shell = super.createShell(display);
110 shell.setData(RWT.CUSTOM_VARIANT, CmsStyles.CMS_SHELL);
111 display.disposeExec(new Runnable() {
112
113 @Override
114 public void run() {
115 if (log.isTraceEnabled())
116 log.trace("Logging out " + session);
117 JcrUtils.logoutQuietly(session);
118 }
119 });
120 return shell;
121 }
122
123 @Override
124 protected final void createContents(final Composite parent) {
125 getShell().getDisplay().setData(CmsView.KEY, this);
126 Subject.doAs(subject, new PrivilegedAction<Void>() {
127 @Override
128 public Void run() {
129 try {
130 createUi(parent);
131 } catch (Exception e) {
132 throw new CmsException("Cannot create entrypoint contents",
133 e);
134 }
135 return null;
136 }
137 });
138 }
139
140 /** Create UI */
141 protected abstract void createUi(Composite parent);
142
143 /** Recreate UI after navigation or auth change */
144 protected abstract void refresh();
145
146 /**
147 * The node to return when no node was found (for authenticated users and
148 * anonymous)
149 */
150 protected Node getDefaultNode(Session session) throws RepositoryException {
151 if (!session.hasPermission(defaultPath, "read")) {
152 if (session.getUserID().equals("anonymous"))
153 throw new LoginRequiredException();
154 else
155 throw new CmsException("Unauthorized");
156 }
157 return session.getNode(defaultPath);
158 }
159
160 protected String getBaseTitle() {
161 return factoryProperties.get(WebClient.PAGE_TITLE);
162 }
163
164 public void navigateTo(String state) {
165 exception = null;
166 String title = setState(state);
167 doRefresh();
168 if (browserNavigation != null)
169 browserNavigation.pushState(state, title);
170 }
171
172 @Override
173 public Subject getSubject() {
174 return subject;
175 }
176
177 @Override
178 public void authChange() {
179 Subject.doAs(subject, new PrivilegedAction<Void>() {
180
181 @Override
182 public Void run() {
183 try {
184 String currentPath = null;
185 if (node != null)
186 currentPath = node.getPath();
187 JcrUtils.logoutQuietly(session);
188
189 session = repository.login(workspace);
190 if (currentPath != null)
191 try {
192 node = session.getNode(currentPath);
193 } catch (Exception e) {
194 try {
195 // TODO find a less hacky way to log out
196 new ArgeoLoginContext(
197 KernelHeader.LOGIN_CONTEXT_ANONYMOUS,
198 subject).logout();
199 new ArgeoLoginContext(
200 KernelHeader.LOGIN_CONTEXT_ANONYMOUS,
201 subject).login();
202 } catch (LoginException eAnonymous) {
203 throw new ArgeoException(
204 "Cannot reset to anonymous", eAnonymous);
205 }
206 JcrUtils.logoutQuietly(session);
207 session = repository.login(workspace);
208 navigateTo("~");
209 throw e;
210 }
211
212 // refresh UI
213 doRefresh();
214 } catch (RepositoryException e) {
215 throw new CmsException("Cannot perform auth change", e);
216 }
217 return null;
218 }
219
220 });
221
222 }
223
224 @Override
225 public void exception(final Throwable e) {
226 AbstractCmsEntryPoint.this.exception = e;
227 log.error("Unexpected exception in CMS", e);
228 doRefresh();
229 }
230
231 protected void doRefresh() {
232 Subject.doAs(subject, new PrivilegedAction<Void>() {
233 @Override
234 public Void run() {
235 refresh();
236 return null;
237 }
238 });
239 }
240
241 // @Override
242 // public Object local(Msg msg) {
243 // String key = msg.getId();
244 // int lastDot = key.lastIndexOf('.');
245 // String className = key.substring(0, lastDot);
246 // String fieldName = key.substring(lastDot + 1);
247 // Locale locale = RWT.getLocale();
248 // ResourceBundle rb = ResourceBundle.getBundle(className, locale,
249 // msg.getClassLoader());
250 // return rb.getString(fieldName);
251 // }
252
253 /** Sets the state of the entry point and retrieve the related JCR node. */
254 protected synchronized String setState(String newState) {
255 String previousState = this.state;
256
257 node = null;
258 page = null;
259 this.state = newState;
260 if (newState.equals("~"))
261 this.state = "";
262
263 try {
264 int firstSlash = state.indexOf('/');
265 if (firstSlash == 0) {
266 if (session.nodeExists(state))
267 node = session.getNode(state);
268 else
269 throw new CmsException("Data " + state + " does not exist");
270 page = "";
271 } else if (firstSlash > 0) {
272 String prefix = state.substring(0, firstSlash);
273 String path = state.substring(firstSlash);
274 if (session.nodeExists(path))
275 node = session.getNode(path);
276 else
277 throw new CmsException("Data " + path + " does not exist");
278 page = prefix;
279 } else {
280 node = getDefaultNode(session);
281 page = state;
282 }
283
284 // Title
285 String title;
286 if (node.isNodeType(NodeType.MIX_TITLE)
287 && node.hasProperty(Property.JCR_TITLE))
288 title = node.getProperty(Property.JCR_TITLE).getString()
289 + " - " + getBaseTitle();
290 else
291 title = getBaseTitle();
292 jsExecutor.execute("document.title = \"" + title + "\"");
293
294 if (log.isTraceEnabled())
295 log.trace("node=" + node + ", state=" + state + " (page="
296 + page + ", title=" + title + ")");
297
298 return title;
299 } catch (Exception e) {
300 log.error("Cannot set state '" + state + "'", e);
301 if (previousState.equals(""))
302 previousState = "~";
303 navigateTo(previousState);
304 throw new CmsException("Unexpected issue when accessing #"
305 + newState, e);
306 }
307 }
308
309 protected Node getNode() {
310 return node;
311 }
312
313 protected String getState() {
314 return state;
315 }
316
317 protected Throwable getException() {
318 return exception;
319 }
320
321 protected void resetException() {
322 exception = null;
323 }
324
325 protected Session getSession() {
326 return session;
327 }
328
329 private class CmsNavigationListener implements BrowserNavigationListener {
330 private static final long serialVersionUID = -3591018803430389270L;
331
332 @Override
333 public void navigated(BrowserNavigationEvent event) {
334 setState(event.getState());
335 refresh();
336 }
337 }
338 }
Argeo Commons - Lightweight integration framework in pure Java/OSGi