org.argeo.cms/src/org/argeo/cms/internal/http/PrivateServletContextHelper.java

   1 package org.argeo.cms.internal.http;
   2
   3 import javax.security.auth.login.LoginContext;
   4 import javax.servlet.http.HttpServletRequest;
   5 import javax.servlet.http.HttpServletResponse;
   6
   7 /** Servlet context forcing authentication. */
   8 public class PrivateServletContextHelper extends CmsServletContextHelper {
   9         // TODO make it configurable
  10         private final String httpAuthRealm = "Argeo";
  11         private final boolean forceBasic = false;
  12
  13         @Override
  14         protected LoginContext processUnauthorized(HttpServletRequest request, HttpServletResponse response) {
  15                 askForWwwAuth(request, response);
  16                 return null;
  17         }
  18
  19         protected void askForWwwAuth(HttpServletRequest request, HttpServletResponse response) {
  20                 response.setStatus(401);
  21                 // response.setHeader(HttpUtils.HEADER_WWW_AUTHENTICATE, "basic
  22                 // realm=\"" + httpAuthRealm + "\"");
  23                 if (org.argeo.cms.internal.kernel.Activator.getAcceptorCredentials() != null && !forceBasic)// SPNEGO
  24                         response.setHeader(HttpUtils.HEADER_WWW_AUTHENTICATE, "Negotiate");
  25                 else
  26                         response.setHeader(HttpUtils.HEADER_WWW_AUTHENTICATE, "Basic realm=\"" + httpAuthRealm + "\"");
  27
  28                 // response.setDateHeader("Date", System.currentTimeMillis());
  29                 // response.setDateHeader("Expires", System.currentTimeMillis() + (24 *
  30                 // 60 * 60 * 1000));
  31                 // response.setHeader("Accept-Ranges", "bytes");
  32                 // response.setHeader("Connection", "Keep-Alive");
  33                 // response.setHeader("Keep-Alive", "timeout=5, max=97");
  34                 // response.setContentType("text/html; charset=UTF-8");
  35
  36         }
  37 }