package org.argeo.cms.internal.kernel;
+import static org.argeo.cms.KernelHeader.ACCESS_CONTROL_CONTEXT;
+
import java.io.IOException;
+import java.security.AccessControlContext;
+import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.cert.X509Certificate;
ip.setProperty(RemotingServlet.INIT_PARAM_HOME,
KernelUtils.getOsgiInstanceDir() + "/tmp/jackrabbit");
ip.setProperty(RemotingServlet.INIT_PARAM_TMP_DIRECTORY, "remoting");
+ // in order to avoid annoying warning.
+ ip.setProperty(RemotingServlet.INIT_PARAM_PROTECTED_HANDLERS_CONFIG,
+ "");
// Cast to servlet because of a weird behaviour in Eclipse
httpService.registerFilter(path, anonymous ? new AnonymousFilter()
: new DavFilter(), null, null);
int pathLength = path.length();
if (pathLength != 0 && (path.charAt(0) == '/')
&& !servletPath.endsWith("rwt-resources")
+ && !path.startsWith(KernelConstants.PATH_WORKBENCH)
&& path.lastIndexOf('/') != 0) {
String newLocation = request.getServletPath() + "#" + path;
response.setHeader("Location", newLocation);
private class DavFilter extends HttpFilter {
@Override
- public void doFilter(HttpSession httpSession,
+ public void doFilter(final HttpSession httpSession,
final HttpServletRequest request,
final HttpServletResponse response,
final FilterChain filterChain) throws IOException,
ServletException {
- // Process basic auth
- String basicAuth = request.getHeader(HEADER_AUTHORIZATION);
- if (basicAuth != null) {
- CallbackHandler token = basicAuth(basicAuth);
- // FIXME Login
- // Authentication auth =
- // authenticationManager.authenticate(token);
- // SecurityContextHolder.getContext().setAuthentication(auth);
- // filterChain.doFilter(request, response);
- Subject subject;
- try {
- LoginContext lc = new LoginContext(
- KernelHeader.LOGIN_CONTEXT_USER, token);
- lc.login();
- subject = lc.getSubject();
- } catch (LoginException e) {
- throw new CmsException("Could not login", e);
- }
- try {
- Subject.doAs(subject,
- new PrivilegedExceptionAction<Void>() {
- public Void run() throws IOException,
- ServletException {
- filterChain.doFilter(request, response);
- return null;
- }
- });
- } catch (PrivilegedActionException e) {
- if (e.getCause() instanceof ServletException)
- throw (ServletException) e.getCause();
- else if (e.getCause() instanceof IOException)
- throw (IOException) e.getCause();
- else
- throw new CmsException("Unexpected exception",
- e.getCause());
+ AccessControlContext acc = (AccessControlContext) httpSession
+ .getAttribute(KernelHeader.ACCESS_CONTROL_CONTEXT);
+ final Subject subject;
+ if (acc != null) {
+ subject = Subject.getSubject(acc);
+ } else {
+ // Process basic auth
+ String basicAuth = request.getHeader(HEADER_AUTHORIZATION);
+ if (basicAuth != null) {
+ CallbackHandler token = basicAuth(basicAuth);
+ try {
+ LoginContext lc = new LoginContext(
+ KernelHeader.LOGIN_CONTEXT_USER, token);
+ lc.login();
+ subject = lc.getSubject();
+ } catch (LoginException e) {
+ throw new CmsException("Could not login", e);
+ }
+ } else {
+ requestBasicAuth(httpSession, response);
+ return;
}
- return;
+ }
+ // do filter as subject
+ try {
+ Subject.doAs(subject, new PrivilegedExceptionAction<Void>() {
+ public Void run() throws IOException, ServletException {
+ // add security context to session
+ httpSession.setAttribute(ACCESS_CONTROL_CONTEXT,
+ AccessController.getContext());
+ filterChain.doFilter(request, response);
+ return null;
+ }
+ });
+ } catch (PrivilegedActionException e) {
+ if (e.getCause() instanceof ServletException)
+ throw (ServletException) e.getCause();
+ else if (e.getCause() instanceof IOException)
+ throw (IOException) e.getCause();
+ else
+ throw new CmsException("Unexpected exception", e.getCause());
}
- requestBasicAuth(httpSession, response);
}
}