+ public boolean handleSecurity(final HttpServletRequest request, HttpServletResponse response)
+ throws IOException {
+
+ // optimization
+ // HttpSession httpSession = request.getSession();
+ // Object remoteUser = httpSession.getAttribute(REMOTE_USER);
+ // Object authorization = httpSession.getAttribute(AUTHORIZATION);
+ // if (remoteUser != null && authorization != null) {
+ // request.setAttribute(REMOTE_USER, remoteUser);
+ // request.setAttribute(AUTHORIZATION, authorization);
+ // return true;
+ // }
+
+ // if (anonymous) {
+ // Subject subject = KernelUtils.anonymousLogin();
+ // Authorization authorization =
+ // subject.getPrivateCredentials(Authorization.class).iterator().next();
+ // request.setAttribute(REMOTE_USER, NodeConstants.ROLE_ANONYMOUS);
+ // request.setAttribute(AUTHORIZATION, authorization);
+ // return true;
+ // }
+
+ // if (log.isTraceEnabled())
+ KernelUtils.logRequestHeaders(log, request);
+ LoginContext lc;
+ try {
+ lc = new LoginContext(NodeConstants.LOGIN_CONTEXT_USER, new HttpRequestCallbackHandler(request));
+ lc.login();
+ // return true;
+ } catch (CredentialNotFoundException e) {
+ CallbackHandler token = basicAuth(request);
+ if (token != null) {
+ try {
+ lc = new LoginContext(NodeConstants.LOGIN_CONTEXT_USER, token);
+ lc.login();
+ // Note: this is impossible to reliably clear the
+ // authorization header when access from a browser.
+ return true;
+ } catch (LoginException e1) {
+ throw new CmsException("Could not login", e1);
+ }
+ } else {
+ // anonymous
+ try {
+ lc = new LoginContext(NodeConstants.LOGIN_CONTEXT_USER);
+ lc.login();
+ } catch (LoginException e1) {
+ if (log.isDebugEnabled())
+ log.error("Cannot log in anonynous", e1);
+ return false;
+ }
+ }
+ // Subject subject = KernelUtils.anonymousLogin();
+ // authorization =
+ // subject.getPrivateCredentials(Authorization.class).iterator().next();
+ // request.setAttribute(REMOTE_USER,
+ // NodeConstants.ROLE_ANONYMOUS);
+ // request.setAttribute(AUTHORIZATION, authorization);
+ // httpSession.setAttribute(REMOTE_USER,
+ // NodeConstants.ROLE_ANONYMOUS);
+ // httpSession.setAttribute(AUTHORIZATION, authorization);
+ // return true;
+ // CallbackHandler token = basicAuth(request);
+ // if (token != null) {
+ // try {
+ // LoginContext lc = new
+ // LoginContext(NodeConstants.LOGIN_CONTEXT_USER, token);
+ // lc.login();
+ // // Note: this is impossible to reliably clear the
+ // // authorization header when access from a browser.
+ // return true;
+ // } catch (LoginException e1) {
+ // throw new CmsException("Could not login", e1);
+ // }
+ // } else {
+ // String path = request.getServletPath();
+ // if (path.startsWith(REMOTING_PRIVATE))
+ // requestBasicAuth(request, response);
+ // return false;
+ // }
+ } catch (LoginException e) {
+ throw new CmsException("Could not login", e);