package org.argeo.cms.internal.kernel;
import java.io.IOException;
+import java.util.Enumeration;
import java.util.Properties;
import java.util.StringTokenizer;
import javax.servlet.FilterChain;
import javax.servlet.Servlet;
import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.argeo.jackrabbit.servlet.WebdavServlet;
import org.argeo.jcr.ArgeoJcrConstants;
import org.eclipse.equinox.http.servlet.ExtendedHttpService;
+import org.eclipse.jetty.servlets.DoSFilter;
import org.osgi.framework.BundleContext;
import org.osgi.service.http.NamespaceException;
import org.osgi.util.tracker.ServiceTracker;
private String httpAuthRealm = "Argeo";
// Filters
- private final EntryPointFilter entryPointFilter;
+ private final RootFilter rootFilter;
+ // private final DoSFilter dosFilter;
+ // private final QoSFilter qosFilter;
// remoting
private OpenInViewSessionProvider sessionProvider;
+ ExtendedHttpService.class + " service.");
// Filters
- entryPointFilter = new EntryPointFilter();
+ rootFilter = new RootFilter();
+ // dosFilter = new CustomDosFilter();
+ // qosFilter = new QoSFilter();
// DAV
sessionProvider = new OpenInViewSessionProvider();
registerRemotingServlet(PATH_REMOTING_PRIVATE, ALIAS_NODE, false,
privateRemotingServlet);
- httpService.registerFilter("/", entryPointFilter, null, null);
+ // httpService.registerFilter("/", dosFilter, null, null);
+ httpService.registerFilter("/", rootFilter, null, null);
+ // httpService.registerFilter("/", qosFilter, null, null);
} catch (Exception e) {
throw new CmsException("Cannot publish HTTP services to OSGi", e);
}
}
/** Intercepts all requests. Authenticates. */
- class EntryPointFilter extends HttpFilter {
+ class RootFilter extends HttpFilter {
@Override
public void doFilter(HttpSession httpSession,
HttpServletRequest request, HttpServletResponse response,
FilterChain filterChain) throws IOException, ServletException {
+ if (log.isTraceEnabled()) {
+ log.debug(request.getContextPath());
+ log.debug(request.getServletPath());
+ log.debug(request.getRequestURI());
+ log.debug(request.getQueryString());
+ StringBuilder buf = new StringBuilder();
+ Enumeration<String> en = request.getHeaderNames();
+ while (en.hasMoreElements()) {
+ String header = en.nextElement();
+ Enumeration<String> values = request.getHeaders(header);
+ while (values.hasMoreElements())
+ buf.append(" " + header + ": " + values.nextElement());
+ buf.append('\n');
+ }
+ log.debug("\n" + buf);
+ }
+
+ String servletPath = request.getServletPath();
- if (request.getServletPath().startsWith(PATH_DATA)) {
+ // skip data
+ if (servletPath.startsWith(PATH_DATA)) {
filterChain.doFilter(request, response);
return;
}
+ // redirect long RWT paths to anchor
String path = request.getRequestURI().substring(
- request.getServletPath().length());
-
- if (!path.equals("")) {
+ servletPath.length());
+ int pathLength = path.length();
+ if (pathLength != 0 && (path.charAt(0) == '/')
+ && !servletPath.endsWith("rwt-resources")
+ && !path.equals("/")) {
String newLocation = request.getServletPath() + "#" + path;
response.setHeader("Location", newLocation);
response.setStatus(HttpServletResponse.SC_FOUND);
return;
}
- // Authenticate from session
- if (isSessionAuthenticated(httpSession)) {
- filterChain.doFilter(request, response);
- return;
- }
-
- // TODO Kerberos
-
- // TODO Certificate
-
- // Process basic auth
- String basicAuth = request.getHeader(HEADER_AUTHORIZATION);
- if (basicAuth != null) {
- UsernamePasswordAuthenticationToken token = basicAuth(basicAuth);
- Authentication auth = authenticationManager.authenticate(token);
- SecurityContextHolder.getContext().setAuthentication(auth);
- httpSession.setAttribute(SPRING_SECURITY_CONTEXT_KEY,
- SecurityContextHolder.getContext());
- httpSession.setAttribute(ATTR_AUTH, Boolean.FALSE);
- filterChain.doFilter(request, response);
- return;
- }
-
- Boolean doBasicAuth = true;
- if (doBasicAuth) {
- requestBasicAuth(httpSession, response);
- // skip filter chain
- return;
- }
-
- // TODO Login page
-
- // Anonymous
- KernelUtils.anonymousLogin(authenticationManager);
+ // process normally
filterChain.doFilter(request, response);
}
}
}
}
+ class CustomDosFilter extends DoSFilter {
+ @Override
+ protected String extractUserId(ServletRequest request) {
+ HttpSession httpSession = ((HttpServletRequest) request)
+ .getSession();
+ if (isSessionAuthenticated(httpSession)) {
+ String userId = ((SecurityContext) httpSession
+ .getAttribute(SPRING_SECURITY_CONTEXT_KEY))
+ .getAuthentication().getName();
+ return userId;
+ }
+ return super.extractUserId(request);
+
+ }
+ }
}