X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FRemoteAuthUtils.java;h=af4b5379c8383712c1e8870b13fc8e2e4c897874;hb=HEAD;hp=e79032c4c38f0603d1d71d323b038254f2fba104;hpb=b8f50d6d8e7b9c9215d156ba33f9dedfcee913a7;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/auth/RemoteAuthUtils.java b/org.argeo.cms/src/org/argeo/cms/auth/RemoteAuthUtils.java index e79032c4c..af4b5379c 100644 --- a/org.argeo.cms/src/org/argeo/cms/auth/RemoteAuthUtils.java +++ b/org.argeo.cms/src/org/argeo/cms/auth/RemoteAuthUtils.java @@ -12,10 +12,10 @@ import javax.security.auth.login.LoginException; import org.argeo.api.cms.CmsAuth; import org.argeo.api.cms.CmsLog; import org.argeo.api.cms.CmsSession; +import org.argeo.cms.http.HttpHeader; +import org.argeo.cms.http.HttpStatus; import org.argeo.cms.internal.runtime.CmsContextImpl; -import org.argeo.util.CurrentSubject; -import org.argeo.util.http.HttpHeader; -import org.argeo.util.http.HttpResponseStatus; +import org.argeo.cms.util.CurrentSubject; import org.ietf.jgss.GSSContext; import org.ietf.jgss.GSSException; import org.ietf.jgss.GSSManager; @@ -46,39 +46,8 @@ public class RemoteAuthUtils { public final static T doAs(Supplier supplier, RemoteAuthRequest req) { CmsSession cmsSession = getCmsSession(req); return CurrentSubject.callAs(cmsSession.getSubject(), () -> supplier.get()); -// ClassLoader currentContextCl = Thread.currentThread().getContextClassLoader(); -// Thread.currentThread().setContextClassLoader(RemoteAuthUtils.class.getClassLoader()); -// try { -// return Subject.doAs( -// Subject.getSubject((AccessControlContext) req.getAttribute(AccessControlContext.class.getName())), -// new PrivilegedAction() { -// -// @Override -// public T run() { -// return supplier.get(); -// } -// -// }); -// } finally { -// Thread.currentThread().setContextClassLoader(currentContextCl); -// } } -// public final static void configureRequestSecurity(RemoteAuthRequest req) { -// if (req.getAttribute(AccessControlContext.class.getName()) != null) -// throw new IllegalStateException("Request already authenticated."); -// AccessControlContext acc = AccessController.getContext(); -// req.setAttribute(REMOTE_USER, CurrentUser.getUsername()); -// req.setAttribute(AccessControlContext.class.getName(), acc); -// } -// -// public final static void clearRequestSecurity(RemoteAuthRequest req) { -// if (req.getAttribute(AccessControlContext.class.getName()) == null) -// throw new IllegalStateException("Cannot clear non-authenticated request."); -// req.setAttribute(REMOTE_USER, null); -// req.setAttribute(AccessControlContext.class.getName(), null); -// } - public static CmsSession getCmsSession(RemoteAuthRequest req) { CmsSession cmsSession = (CmsSession) req.getAttribute(CmsSession.class.getName()); if (cmsSession == null) @@ -155,17 +124,21 @@ public class RemoteAuthUtils { .startsWith(HttpHeader.NEGOTIATE)) { negotiateFailed = true; } else { - return HttpResponseStatus.FORBIDDEN.getCode(); + return HttpStatus.FORBIDDEN.getCode(); } } // response.setHeader(HttpUtils.HEADER_WWW_AUTHENTICATE, "basic // realm=\"" + httpAuthRealm + "\""); - if (hasAcceptorCredentials() && !forceBasic && !negotiateFailed)// SPNEGO - remoteAuthResponse.setHeader(HttpHeader.WWW_AUTHENTICATE.getHeaderName(), HttpHeader.NEGOTIATE); - else + if (hasAcceptorCredentials() && !forceBasic && !negotiateFailed) {// SPNEGO + remoteAuthResponse.addHeader(HttpHeader.WWW_AUTHENTICATE.getHeaderName(), HttpHeader.NEGOTIATE); + // TODO make it configurable ? + remoteAuthResponse.addHeader(HttpHeader.WWW_AUTHENTICATE.getHeaderName(), + HttpHeader.BASIC + " " + HttpHeader.REALM + "=\"" + realm + "\""); + } else { remoteAuthResponse.setHeader(HttpHeader.WWW_AUTHENTICATE.getHeaderName(), HttpHeader.BASIC + " " + HttpHeader.REALM + "=\"" + realm + "\""); + } // response.setDateHeader("Date", System.currentTimeMillis()); // response.setDateHeader("Expires", System.currentTimeMillis() + (24 * @@ -175,7 +148,7 @@ public class RemoteAuthUtils { // response.setHeader("Keep-Alive", "timeout=5, max=97"); // response.setContentType("text/html; charset=UTF-8"); - return HttpResponseStatus.UNAUTHORIZED.getCode(); + return HttpStatus.UNAUTHORIZED.getCode(); } private static boolean hasAcceptorCredentials() {