- public void doFilter(final HttpSession httpSession,
- final HttpServletRequest request,
- final HttpServletResponse response,
- final FilterChain filterChain) throws IOException,
- ServletException {
-
- AccessControlContext acc = (AccessControlContext) httpSession
- .getAttribute(AuthConstants.ACCESS_CONTROL_CONTEXT);
- final Subject subject;
- if (acc != null) {
- subject = Subject.getSubject(acc);
- } else {
- // Process basic auth
- String basicAuth = request.getHeader(HEADER_AUTHORIZATION);
- if (basicAuth != null) {
- CallbackHandler token = basicAuth(basicAuth);
- try {
- LoginContext lc = new LoginContext(
- AuthConstants.LOGIN_CONTEXT_USER, token);
- lc.login();
- subject = lc.getSubject();
- } catch (LoginException e) {
- throw new CmsException("Could not login", e);
- }
- } else {
- requestBasicAuth(httpSession, response);
- return;
- }
- }
- // do filter as subject
- try {
- Subject.doAs(subject, new PrivilegedExceptionAction<Void>() {
- public Void run() throws IOException, ServletException {
- // add security context to session
- httpSession.setAttribute(ACCESS_CONTROL_CONTEXT,
- AccessController.getContext());
- filterChain.doFilter(request, response);
- return null;
- }
- });
- } catch (PrivilegedActionException e) {
- if (e.getCause() instanceof ServletException)
- throw (ServletException) e.getCause();
- else if (e.getCause() instanceof IOException)
- throw (IOException) e.getCause();
- else
- throw new CmsException("Unexpected exception", e.getCause());
- }