+
+ public static LoginContext anonymousLogin(RemoteAuthRequest remoteAuthRequest,
+ RemoteAuthResponse remoteAuthResponse) {
+ // anonymous
+ ClassLoader currentContextClassLoader = Thread.currentThread().getContextClassLoader();
+ try {
+ Thread.currentThread().setContextClassLoader(RemoteAuthUtils.class.getClassLoader());
+ LoginContext lc = CmsAuth.ANONYMOUS
+ .newLoginContext(new RemoteAuthCallbackHandler(remoteAuthRequest, remoteAuthResponse));
+ lc.login();
+ return lc;
+ } catch (LoginException e1) {
+ if (log.isDebugEnabled())
+ log.error("Cannot log in as anonymous", e1);
+ return null;
+ } finally {
+ Thread.currentThread().setContextClassLoader(currentContextClassLoader);
+ }
+ }
+
+ public static int askForWwwAuth(RemoteAuthRequest remoteAuthRequest, RemoteAuthResponse remoteAuthResponse,
+ String realm, boolean forceBasic) {
+ boolean negotiateFailed = false;
+ if (remoteAuthRequest.getHeader(HttpHeader.AUTHORIZATION.getHeaderName()) != null) {
+ // we already tried, so we give up in order not too loop endlessly
+ if (remoteAuthRequest.getHeader(HttpHeader.AUTHORIZATION.getHeaderName())
+ .startsWith(HttpHeader.NEGOTIATE)) {
+ negotiateFailed = true;
+ } else {
+ return HttpStatus.FORBIDDEN.getCode();
+ }
+ }
+
+ // response.setHeader(HttpUtils.HEADER_WWW_AUTHENTICATE, "basic
+ // realm=\"" + httpAuthRealm + "\"");
+ if (hasAcceptorCredentials() && !forceBasic && !negotiateFailed) {// SPNEGO
+ remoteAuthResponse.addHeader(HttpHeader.WWW_AUTHENTICATE.getHeaderName(), HttpHeader.NEGOTIATE);
+ // TODO make it configurable ?
+ remoteAuthResponse.addHeader(HttpHeader.WWW_AUTHENTICATE.getHeaderName(),
+ HttpHeader.BASIC + " " + HttpHeader.REALM + "=\"" + realm + "\"");
+ } else {
+ remoteAuthResponse.setHeader(HttpHeader.WWW_AUTHENTICATE.getHeaderName(),
+ HttpHeader.BASIC + " " + HttpHeader.REALM + "=\"" + realm + "\"");
+ }
+
+ // response.setDateHeader("Date", System.currentTimeMillis());
+ // response.setDateHeader("Expires", System.currentTimeMillis() + (24 *
+ // 60 * 60 * 1000));
+ // response.setHeader("Accept-Ranges", "bytes");
+ // response.setHeader("Connection", "Keep-Alive");
+ // response.setHeader("Keep-Alive", "timeout=5, max=97");
+ // response.setContentType("text/html; charset=UTF-8");
+
+ return HttpStatus.UNAUTHORIZED.getCode();
+ }
+
+ private static boolean hasAcceptorCredentials() {
+ return CmsContextImpl.getCmsContext().getAcceptorCredentials() != null;
+ }
+