1 package org
.argeo
.cms
.internal
.http
;
3 import javax
.security
.auth
.login
.LoginContext
;
4 import javax
.servlet
.http
.HttpServletRequest
;
5 import javax
.servlet
.http
.HttpServletResponse
;
7 /** Servlet context forcing authentication. */
8 public class PrivateServletContextHelper
extends CmsServletContextHelper
{
9 // TODO make it configurable
10 private final String httpAuthRealm
= "Argeo";
11 private final boolean forceBasic
= false;
14 protected LoginContext
processUnauthorized(HttpServletRequest request
, HttpServletResponse response
) {
15 askForWwwAuth(request
, response
);
19 protected void askForWwwAuth(HttpServletRequest request
, HttpServletResponse response
) {
20 response
.setStatus(401);
21 // response.setHeader(HttpUtils.HEADER_WWW_AUTHENTICATE, "basic
22 // realm=\"" + httpAuthRealm + "\"");
23 if (org
.argeo
.cms
.internal
.kernel
.Activator
.getAcceptorCredentials() != null && !forceBasic
)// SPNEGO
24 response
.setHeader(HttpUtils
.HEADER_WWW_AUTHENTICATE
, "Negotiate");
26 response
.setHeader(HttpUtils
.HEADER_WWW_AUTHENTICATE
, "Basic realm=\"" + httpAuthRealm
+ "\"");
28 // response.setDateHeader("Date", System.currentTimeMillis());
29 // response.setDateHeader("Expires", System.currentTimeMillis() + (24 *
31 // response.setHeader("Accept-Ranges", "bytes");
32 // response.setHeader("Connection", "Keep-Alive");
33 // response.setHeader("Keep-Alive", "timeout=5, max=97");
34 // response.setContentType("text/html; charset=UTF-8");