import static org.argeo.jackrabbit.servlet.WebdavServlet.INIT_PARAM_RESOURCE_CONFIG;
import java.io.IOException;
+import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.Properties;
import java.util.StringTokenizer;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
/**
// DAV
sessionProvider = new OpenInViewSessionProvider();
+ registerRepositoryServlets(ALIAS_NODE, node);
try {
- registerWebdavServlet(ALIAS_NODE, node, true);
- registerWebdavServlet(ALIAS_NODE, node, false);
- registerRemotingServlet(ALIAS_NODE, node, true);
- registerRemotingServlet(ALIAS_NODE, node, false);
-
httpService.registerFilter("/", rootFilter, null, null);
} catch (Exception e) {
- throw new CmsException("Could not initialise http", e);
+ throw new CmsException(
+ "Could not register root filter", e);
}
}
public void destroy() {
sessionProvider.destroy();
+ unregisterRepositoryServlets(ALIAS_NODE);
+ }
+
+ void registerRepositoryServlets(String alias, Repository repository) {
+ try {
+ registerWebdavServlet(alias, repository, true);
+ registerWebdavServlet(alias, repository, false);
+ registerRemotingServlet(alias, repository, true);
+ registerRemotingServlet(alias, repository, false);
+ } catch (Exception e) {
+ throw new CmsException(
+ "Could not register servlets for repository " + alias, e);
+ }
+ }
+
+ void unregisterRepositoryServlets(String alias) {
+ // FIXME unregister servlets
}
void registerWebdavServlet(String alias, Repository repository,
httpService.registerServlet(path, (Servlet) remotingServlet, ip, null);
}
- private Boolean isSessionAuthenticated(HttpSession httpSession) {
- SecurityContext contextFromSession = (SecurityContext) httpSession
- .getAttribute(SPRING_SECURITY_CONTEXT_KEY);
- return contextFromSession != null;
- }
+// private Boolean isSessionAuthenticated(HttpSession httpSession) {
+// SecurityContext contextFromSession = (SecurityContext) httpSession
+// .getAttribute(SPRING_SECURITY_CONTEXT_KEY);
+// return contextFromSession != null;
+// }
private void requestBasicAuth(HttpSession httpSession,
HttpServletResponse response) {
public void doFilter(HttpSession httpSession,
HttpServletRequest request, HttpServletResponse response,
FilterChain filterChain) throws IOException, ServletException {
- if (log.isTraceEnabled()) {
- log.debug(request.getContextPath());
- log.debug(request.getServletPath());
- log.debug(request.getRequestURI());
- log.debug(request.getQueryString());
- StringBuilder buf = new StringBuilder();
- Enumeration<String> en = request.getHeaderNames();
- while (en.hasMoreElements()) {
- String header = en.nextElement();
- Enumeration<String> values = request.getHeaders(header);
- while (values.hasMoreElements())
- buf.append(" " + header + ": " + values.nextElement());
- buf.append('\n');
- }
- log.debug("\n" + buf);
- }
+ if (log.isTraceEnabled())
+ logRequest(request);
String servletPath = request.getServletPath();
+ // client certificate
+ X509Certificate clientCert = extractCertificate(request);
+ if (clientCert != null) {
+ // TODO authenticate
+ // if (log.isDebugEnabled())
+ // log.debug(clientCert.getSubjectX500Principal().getName());
+ }
+
// skip data
if (servletPath.startsWith(PATH_DATA)) {
filterChain.doFilter(request, response);
int pathLength = path.length();
if (pathLength != 0 && (path.charAt(0) == '/')
&& !servletPath.endsWith("rwt-resources")
- && !path.equals("/")) {
+ && path.lastIndexOf('/')!=0) {
String newLocation = request.getServletPath() + "#" + path;
response.setHeader("Location", newLocation);
response.setStatus(HttpServletResponse.SC_FOUND);
}
}
+ private void logRequest(HttpServletRequest request) {
+ log.debug(request.getContextPath());
+ log.debug(request.getServletPath());
+ log.debug(request.getRequestURI());
+ log.debug(request.getQueryString());
+ StringBuilder buf = new StringBuilder();
+ // headers
+ Enumeration<String> en = request.getHeaderNames();
+ while (en.hasMoreElements()) {
+ String header = en.nextElement();
+ Enumeration<String> values = request.getHeaders(header);
+ while (values.hasMoreElements())
+ buf.append(" " + header + ": " + values.nextElement());
+ buf.append('\n');
+ }
+
+ // attributed
+ Enumeration<String> an = request.getAttributeNames();
+ while (an.hasMoreElements()) {
+ String attr = an.nextElement();
+ Object value = request.getAttribute(attr);
+ buf.append(" " + attr + ": " + value);
+ buf.append('\n');
+ }
+ log.debug("\n" + buf);
+ }
+
+ private X509Certificate extractCertificate(HttpServletRequest req) {
+ X509Certificate[] certs = (X509Certificate[]) req
+ .getAttribute("javax.servlet.request.X509Certificate");
+ if (null != certs && certs.length > 0) {
+ return certs[0];
+ }
+ return null;
+ }
+
/** Intercepts all requests. Authenticates. */
private class AnonymousFilter extends HttpFilter {
@Override
FilterChain filterChain) throws IOException, ServletException {
// Authenticate from session
- if (isSessionAuthenticated(httpSession)) {
- filterChain.doFilter(request, response);
- return;
- }
+// if (isSessionAuthenticated(httpSession)) {
+// filterChain.doFilter(request, response);
+// return;
+// }
KernelUtils.anonymousLogin(authenticationManager);
filterChain.doFilter(request, response);
UsernamePasswordAuthenticationToken token = basicAuth(basicAuth);
Authentication auth = authenticationManager.authenticate(token);
SecurityContextHolder.getContext().setAuthentication(auth);
- httpSession.setAttribute(SPRING_SECURITY_CONTEXT_KEY,
- SecurityContextHolder.getContext());
- httpSession.setAttribute(ATTR_AUTH, Boolean.FALSE);
+// httpSession.setAttribute(SPRING_SECURITY_CONTEXT_KEY,
+// SecurityContextHolder.getContext());
+// httpSession.setAttribute(ATTR_AUTH, Boolean.FALSE);
filterChain.doFilter(request, response);
return;
}