org.argeo.slc.core/src/org/argeo/slc/core/execution/http/RunnerServletContextHelper.java

   1 package org.argeo.slc.core.execution.http;
   2
   3 import java.io.IOException;
   4 import java.security.AccessController;
   5 import java.security.PrivilegedAction;
   6
   7 import javax.security.auth.Subject;
   8 import javax.security.auth.login.LoginContext;
   9 import javax.security.auth.login.LoginException;
  10 import javax.servlet.http.HttpServletRequest;
  11 import javax.servlet.http.HttpServletResponse;
  12
  13 import org.argeo.cms.auth.HttpRequestCallbackHandler;
  14 import org.argeo.node.NodeConstants;
  15 import org.osgi.service.http.context.ServletContextHelper;
  16
  17 public class RunnerServletContextHelper extends ServletContextHelper {
  18         final static String HEADER_WWW_AUTHENTICATE = "WWW-Authenticate";
  19         private final String httpAuthRealm = "Runner";
  20
  21         @Override
  22         public boolean handleSecurity(final HttpServletRequest request, HttpServletResponse response) throws IOException {
  23                 LoginContext lc;
  24                 try {
  25                         lc = new LoginContext(NodeConstants.LOGIN_CONTEXT_USER, new HttpRequestCallbackHandler(request, response));
  26                         lc.login();
  27                 } catch (LoginException e) {
  28                         // for CORS
  29                         // TODO: make it more robust
  30                         if ("OPTIONS".equals(request.getMethod()))
  31                                 return true;
  32                         lc = processUnauthorized(request, response);
  33                         if (lc == null)
  34                                 return false;
  35                 }
  36                 Subject.doAs(lc.getSubject(), new PrivilegedAction<Void>() {
  37
  38                         @Override
  39                         public Void run() {
  40                                 request.setAttribute(REMOTE_USER, AccessController.getContext());
  41                                 return null;
  42                         }
  43
  44                 });
  45
  46                 return true;
  47         }
  48
  49         protected LoginContext processUnauthorized(HttpServletRequest request, HttpServletResponse response) {
  50                 askForWwwAuth(request, response);
  51                 return null;
  52         }
  53
  54         protected void askForWwwAuth(HttpServletRequest request, HttpServletResponse response) {
  55                 response.setStatus(401);
  56                 response.setHeader(HEADER_WWW_AUTHENTICATE, "Basic realm=\"" + httpAuthRealm + "\"");
  57
  58         }
  59
  60 }