X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;ds=sidebyside;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fkernel%2FNodeHttp.java;h=de7561aa04ae0155dd9a9522cf0fa2be68efe8b3;hb=86140b8db15a11cfd942892eface6a4f90329a41;hp=964ada11e52cb523120a842dd34be7e44a866e7a;hpb=a4a78ecbc3cfd119477264534c7d0cab541ae6ad;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeHttp.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeHttp.java
index 964ada11e..de7561aa0 100644
--- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeHttp.java
+++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeHttp.java
@@ -1,6 +1,10 @@
 package org.argeo.cms.internal.kernel;
 
+import static org.argeo.cms.KernelHeader.ACCESS_CONTROL_CONTEXT;
+
 import java.io.IOException;
+import java.security.AccessControlContext;
+import java.security.AccessController;
 import java.security.PrivilegedActionException;
 import java.security.PrivilegedExceptionAction;
 import java.security.cert.X509Certificate;
@@ -131,6 +135,9 @@ class NodeHttp implements KernelConstants, ArgeoJcrConstants {
 		ip.setProperty(RemotingServlet.INIT_PARAM_HOME,
 				KernelUtils.getOsgiInstanceDir() + "/tmp/jackrabbit");
 		ip.setProperty(RemotingServlet.INIT_PARAM_TMP_DIRECTORY, "remoting");
+		// in order to avoid annoying warning.
+		ip.setProperty(RemotingServlet.INIT_PARAM_PROTECTED_HANDLERS_CONFIG,
+				"");
 		// Cast to servlet because of a weird behaviour in Eclipse
 		httpService.registerFilter(path, anonymous ? new AnonymousFilter()
 				: new DavFilter(), null, null);
@@ -236,6 +243,7 @@ class NodeHttp implements KernelConstants, ArgeoJcrConstants {
 			int pathLength = path.length();
 			if (pathLength != 0 && (path.charAt(0) == '/')
 					&& !servletPath.endsWith("rwt-resources")
+					&& !path.startsWith(KernelConstants.PATH_WORKBENCH)
 					&& path.lastIndexOf('/') != 0) {
 				String newLocation = request.getServletPath() + "#" + path;
 				response.setHeader("Location", newLocation);
@@ -322,52 +330,55 @@ class NodeHttp implements KernelConstants, ArgeoJcrConstants {
 	private class DavFilter extends HttpFilter {
 
 		@Override
-		public void doFilter(HttpSession httpSession,
+		public void doFilter(final HttpSession httpSession,
 				final HttpServletRequest request,
 				final HttpServletResponse response,
 				final FilterChain filterChain) throws IOException,
 				ServletException {
 
-			// Process basic auth
-			String basicAuth = request.getHeader(HEADER_AUTHORIZATION);
-			if (basicAuth != null) {
-				CallbackHandler token = basicAuth(basicAuth);
-				// FIXME Login
-				// Authentication auth =
-				// authenticationManager.authenticate(token);
-				// SecurityContextHolder.getContext().setAuthentication(auth);
-				// filterChain.doFilter(request, response);
-				Subject subject;
-				try {
-					LoginContext lc = new LoginContext(
-							KernelHeader.LOGIN_CONTEXT_USER, token);
-					lc.login();
-					subject = lc.getSubject();
-				} catch (LoginException e) {
-					throw new CmsException("Could not login", e);
-				}
-				try {
-					Subject.doAs(subject,
-							new PrivilegedExceptionAction<Void>() {
-								public Void run() throws IOException,
-										ServletException {
-									filterChain.doFilter(request, response);
-									return null;
-								}
-							});
-				} catch (PrivilegedActionException e) {
-					if (e.getCause() instanceof ServletException)
-						throw (ServletException) e.getCause();
-					else if (e.getCause() instanceof IOException)
-						throw (IOException) e.getCause();
-					else
-						throw new CmsException("Unexpected exception",
-								e.getCause());
+			AccessControlContext acc = (AccessControlContext) httpSession
+					.getAttribute(KernelHeader.ACCESS_CONTROL_CONTEXT);
+			final Subject subject;
+			if (acc != null) {
+				subject = Subject.getSubject(acc);
+			} else {
+				// Process basic auth
+				String basicAuth = request.getHeader(HEADER_AUTHORIZATION);
+				if (basicAuth != null) {
+					CallbackHandler token = basicAuth(basicAuth);
+					try {
+						LoginContext lc = new LoginContext(
+								KernelHeader.LOGIN_CONTEXT_USER, token);
+						lc.login();
+						subject = lc.getSubject();
+					} catch (LoginException e) {
+						throw new CmsException("Could not login", e);
+					}
+				} else {
+					requestBasicAuth(httpSession, response);
+					return;
 				}
-				return;
+			}
+			// do filter as subject
+			try {
+				Subject.doAs(subject, new PrivilegedExceptionAction<Void>() {
+					public Void run() throws IOException, ServletException {
+						// add security context to session
+						httpSession.setAttribute(ACCESS_CONTROL_CONTEXT,
+								AccessController.getContext());
+						filterChain.doFilter(request, response);
+						return null;
+					}
+				});
+			} catch (PrivilegedActionException e) {
+				if (e.getCause() instanceof ServletException)
+					throw (ServletException) e.getCause();
+				else if (e.getCause() instanceof IOException)
+					throw (IOException) e.getCause();
+				else
+					throw new CmsException("Unexpected exception", e.getCause());
 			}
 
-			requestBasicAuth(httpSession, response);
 		}
 	}