servlet/CmsServletContext.java

   1 package org.argeo.cms.servlet;
   2
   3 import java.io.IOException;
   4 import java.net.URL;
   5 import java.util.Map;
   6
   7 import javax.security.auth.login.LoginContext;
   8 import javax.security.auth.login.LoginException;
   9 import javax.servlet.http.HttpServletRequest;
  10 import javax.servlet.http.HttpServletResponse;
  11
  12 import org.apache.commons.logging.Log;
  13 import org.apache.commons.logging.LogFactory;
  14 import org.argeo.api.NodeConstants;
  15 import org.argeo.cms.auth.HttpRequestCallbackHandler;
  16 import org.argeo.cms.internal.http.HttpUtils;
  17 import org.osgi.framework.Bundle;
  18 import org.osgi.framework.FrameworkUtil;
  19 import org.osgi.service.http.context.ServletContextHelper;
  20
  21 /**
  22  * Default servlet context degrading to anonymous if the the sesison is not
  23  * pre-authenticated.
  24  */
  25 public class CmsServletContext extends ServletContextHelper {
  26         private final static Log log = LogFactory.getLog(CmsServletContext.class);
  27         // use CMS bundle for resources
  28         private Bundle bundle = FrameworkUtil.getBundle(getClass());
  29
  30         public void init(Map<String, String> properties) {
  31
  32         }
  33
  34         public void destroy() {
  35
  36         }
  37
  38         @Override
  39         public boolean handleSecurity(HttpServletRequest request, HttpServletResponse response) throws IOException {
  40                 if (log.isTraceEnabled())
  41                         HttpUtils.logRequestHeaders(log, request);
  42                 LoginContext lc;
  43                 try {
  44                         lc = new LoginContext(NodeConstants.LOGIN_CONTEXT_USER, new HttpRequestCallbackHandler(request, response));
  45                         lc.login();
  46                 } catch (LoginException e) {
  47                         lc = processUnauthorized(request, response);
  48                         if (log.isTraceEnabled())
  49                                 HttpUtils.logResponseHeaders(log, response);
  50                         if (lc == null)
  51                                 return false;
  52                 }
  53                 return true;
  54         }
  55
  56         protected LoginContext processUnauthorized(HttpServletRequest request, HttpServletResponse response) {
  57                 // anonymous
  58                 try {
  59                         LoginContext lc = new LoginContext(NodeConstants.LOGIN_CONTEXT_ANONYMOUS,
  60                                         new HttpRequestCallbackHandler(request, response));
  61                         lc.login();
  62                         return lc;
  63                 } catch (LoginException e1) {
  64                         if (log.isDebugEnabled())
  65                                 log.error("Cannot log in as anonymous", e1);
  66                         return null;
  67                 }
  68         }
  69
  70         @Override
  71         public URL getResource(String name) {
  72                 return bundle.getResource(name);
  73         }
  74
  75 }