1 package org
.argeo
.slc
.core
.execution
.http
;
3 import java
.io
.IOException
;
4 import java
.security
.AccessController
;
5 import java
.security
.PrivilegedAction
;
7 import javax
.security
.auth
.Subject
;
8 import javax
.security
.auth
.login
.LoginContext
;
9 import javax
.security
.auth
.login
.LoginException
;
10 import javax
.servlet
.http
.HttpServletRequest
;
11 import javax
.servlet
.http
.HttpServletResponse
;
13 import org
.argeo
.cms
.auth
.HttpRequestCallbackHandler
;
14 import org
.argeo
.node
.NodeConstants
;
15 import org
.osgi
.service
.http
.context
.ServletContextHelper
;
17 public class RunnerServletContextHelper
extends ServletContextHelper
{
18 final static String HEADER_WWW_AUTHENTICATE
= "WWW-Authenticate";
19 private final String httpAuthRealm
= "Runner";
22 public boolean handleSecurity(final HttpServletRequest request
, HttpServletResponse response
) throws IOException
{
25 lc
= new LoginContext(NodeConstants
.LOGIN_CONTEXT_USER
, new HttpRequestCallbackHandler(request
, response
));
27 } catch (LoginException e
) {
29 // TODO: make it more robust
30 if ("OPTIONS".equals(request
.getMethod()))
32 lc
= processUnauthorized(request
, response
);
36 Subject
.doAs(lc
.getSubject(), new PrivilegedAction
<Void
>() {
40 request
.setAttribute(REMOTE_USER
, AccessController
.getContext());
49 protected LoginContext
processUnauthorized(HttpServletRequest request
, HttpServletResponse response
) {
50 askForWwwAuth(request
, response
);
54 protected void askForWwwAuth(HttpServletRequest request
, HttpServletResponse response
) {
55 response
.setStatus(401);
56 response
.setHeader(HEADER_WWW_AUTHENTICATE
, "Basic realm=\"" + httpAuthRealm
+ "\"");