org.argeo.cms/src/org/argeo/cms/internal/http/PrivateServletContextHelper.java

   1 package org.argeo.cms.internal.http;
   2
   3 import java.io.IOException;
   4 import java.net.URL;
   5 import java.util.Map;
   6
   7 import javax.security.auth.login.LoginContext;
   8 import javax.security.auth.login.LoginException;
   9 import javax.servlet.http.HttpServletRequest;
  10 import javax.servlet.http.HttpServletResponse;
  11
  12 import org.apache.commons.logging.Log;
  13 import org.apache.commons.logging.LogFactory;
  14 import org.argeo.api.NodeConstants;
  15 import org.argeo.cms.auth.HttpRequestCallbackHandler;
  16 import org.osgi.framework.Bundle;
  17 import org.osgi.framework.FrameworkUtil;
  18 import org.osgi.service.http.context.ServletContextHelper;
  19
  20 public class PrivateServletContextHelper extends ServletContextHelper {
  21         private final static Log log = LogFactory.getLog(PrivateServletContextHelper.class);
  22
  23         // TODO make it configurable
  24         private final String httpAuthRealm = "Argeo";
  25         private final boolean forceBasic = false;
  26
  27         // use CMS bundle for resources
  28         private Bundle bundle = FrameworkUtil.getBundle(getClass());
  29
  30         public void init(Map<String, String> properties) {
  31
  32         }
  33
  34         public void destroy() {
  35
  36         }
  37
  38         @Override
  39         public boolean handleSecurity(HttpServletRequest request, HttpServletResponse response) throws IOException {
  40                 if (log.isTraceEnabled())
  41                         HttpUtils.logRequestHeaders(log, request);
  42                 LoginContext lc;
  43                 try {
  44                         lc = new LoginContext(NodeConstants.LOGIN_CONTEXT_USER, new HttpRequestCallbackHandler(request, response));
  45                         lc.login();
  46                 } catch (LoginException e) {
  47                         askForWwwAuth(request, response);
  48                         return false;
  49                 }
  50                 return true;
  51         }
  52
  53         protected void askForWwwAuth(HttpServletRequest request, HttpServletResponse response) {
  54                 response.setStatus(401);
  55                 // response.setHeader(HttpUtils.HEADER_WWW_AUTHENTICATE, "basic
  56                 // realm=\"" + httpAuthRealm + "\"");
  57                 if (org.argeo.cms.internal.kernel.Activator.getAcceptorCredentials() != null && !forceBasic)// SPNEGO
  58                         response.setHeader(HttpUtils.HEADER_WWW_AUTHENTICATE, "Negotiate");
  59                 else
  60                         response.setHeader(HttpUtils.HEADER_WWW_AUTHENTICATE, "Basic realm=\"" + httpAuthRealm + "\"");
  61
  62                 // response.setDateHeader("Date", System.currentTimeMillis());
  63                 // response.setDateHeader("Expires", System.currentTimeMillis() + (24 *
  64                 // 60 * 60 * 1000));
  65                 // response.setHeader("Accept-Ranges", "bytes");
  66                 // response.setHeader("Connection", "Keep-Alive");
  67                 // response.setHeader("Keep-Alive", "timeout=5, max=97");
  68                 // response.setContentType("text/html; charset=UTF-8");
  69
  70         }
  71
  72         @Override
  73         public URL getResource(String name) {
  74                 return bundle.getResource(name);
  75         }
  76
  77 }