X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fkernel%2FNodeHttp.java;h=f0fbe461a1dfc8ecc5d5c5be3862c60587d48983;hb=5e7e37a755162573637fbe5a61384896c634dbe5;hp=c0383f5439b897dfaaf4e51ba11f670211969e04;hpb=c322e016196139f7f4fb9192e5b1e773999143d0;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeHttp.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeHttp.java
index c0383f543..f0fbe461a 100644
--- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeHttp.java
+++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeHttp.java
@@ -1,12 +1,14 @@
 package org.argeo.cms.internal.kernel;
 
 import java.io.IOException;
+import java.util.Enumeration;
 import java.util.Properties;
 import java.util.StringTokenizer;
 
 import javax.servlet.FilterChain;
 import javax.servlet.Servlet;
 import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
@@ -15,13 +17,12 @@ import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.argeo.cms.CmsException;
-import org.argeo.cms.internal.kernel.NodeHttp.AnonymousFilter;
-import org.argeo.cms.internal.kernel.NodeHttp.DavFilter;
 import org.argeo.jackrabbit.servlet.OpenInViewSessionProvider;
 import org.argeo.jackrabbit.servlet.RemotingServlet;
 import org.argeo.jackrabbit.servlet.WebdavServlet;
 import org.argeo.jcr.ArgeoJcrConstants;
 import org.eclipse.equinox.http.servlet.ExtendedHttpService;
+import org.eclipse.jetty.servlets.DoSFilter;
 import org.osgi.framework.BundleContext;
 import org.osgi.service.http.NamespaceException;
 import org.osgi.util.tracker.ServiceTracker;
@@ -42,8 +43,6 @@ class NodeHttp implements KernelConstants, ArgeoJcrConstants {
 	private final static String HEADER_AUTHORIZATION = "Authorization";
 	private final static String HEADER_WWW_AUTHENTICATE = "WWW-Authenticate";
 
-	static final String SPRING_SECURITY_CONTEXT_KEY = "SPRING_SECURITY_CONTEXT";
-
 	private final AuthenticationManager authenticationManager;
 	private final BundleContext bundleContext;
 	private ExtendedHttpService httpService;
@@ -53,6 +52,8 @@ class NodeHttp implements KernelConstants, ArgeoJcrConstants {
 
 	// Filters
 	private final RootFilter rootFilter;
+	// private final DoSFilter dosFilter;
+	// private final QoSFilter qosFilter;
 
 	// remoting
 	private OpenInViewSessionProvider sessionProvider;
@@ -82,6 +83,8 @@ class NodeHttp implements KernelConstants, ArgeoJcrConstants {
 
 		// Filters
 		rootFilter = new RootFilter();
+		// dosFilter = new CustomDosFilter();
+		// qosFilter = new QoSFilter();
 
 		// DAV
 		sessionProvider = new OpenInViewSessionProvider();
@@ -102,7 +105,9 @@ class NodeHttp implements KernelConstants, ArgeoJcrConstants {
 			registerRemotingServlet(PATH_REMOTING_PRIVATE, ALIAS_NODE, false,
 					privateRemotingServlet);
 
-			// httpService.registerFilter("/", rootFilter, null, null);
+			// httpService.registerFilter("/", dosFilter, null, null);
+			httpService.registerFilter("/", rootFilter, null, null);
+			// httpService.registerFilter("/", qosFilter, null, null);
 		} catch (Exception e) {
 			throw new CmsException("Cannot publish HTTP services to OSGi", e);
 		}
@@ -168,7 +173,7 @@ class NodeHttp implements KernelConstants, ArgeoJcrConstants {
 					try {
 						String credentials = new String(Base64.decodeBase64(st
 								.nextToken()), "UTF-8");
-						log.debug("Credentials: " + credentials);
+						// log.debug("Credentials: " + credentials);
 						int p = credentials.indexOf(":");
 						if (p != -1) {
 							String login = credentials.substring(0, p).trim();
@@ -176,7 +181,7 @@ class NodeHttp implements KernelConstants, ArgeoJcrConstants {
 									.trim();
 
 							return new UsernamePasswordAuthenticationToken(
-									login, password);
+									login, password.toCharArray());
 						} else {
 							throw new CmsException(
 									"Invalid authentication token");
@@ -198,41 +203,45 @@ class NodeHttp implements KernelConstants, ArgeoJcrConstants {
 		public void doFilter(HttpSession httpSession,
 				HttpServletRequest request, HttpServletResponse response,
 				FilterChain filterChain) throws IOException, ServletException {
-
-			// Authenticate from session
-			if (isSessionAuthenticated(httpSession)) {
-				filterChain.doFilter(request, response);
-				return;
+			if (log.isTraceEnabled()) {
+				log.debug(request.getContextPath());
+				log.debug(request.getServletPath());
+				log.debug(request.getRequestURI());
+				log.debug(request.getQueryString());
+				StringBuilder buf = new StringBuilder();
+				Enumeration<String> en = request.getHeaderNames();
+				while (en.hasMoreElements()) {
+					String header = en.nextElement();
+					Enumeration<String> values = request.getHeaders(header);
+					while (values.hasMoreElements())
+						buf.append("  " + header + ": " + values.nextElement());
+					buf.append('\n');
+				}
+				log.debug("\n" + buf);
 			}
 
-			// TODO Kerberos
-
-			// TODO Certificate
+			String servletPath = request.getServletPath();
 
-			// Process basic auth
-			String basicAuth = request.getHeader(HEADER_AUTHORIZATION);
-			if (basicAuth != null) {
-				UsernamePasswordAuthenticationToken token = basicAuth(basicAuth);
-				Authentication auth = authenticationManager.authenticate(token);
-				SecurityContextHolder.getContext().setAuthentication(auth);
-				httpSession.setAttribute(SPRING_SECURITY_CONTEXT_KEY,
-						SecurityContextHolder.getContext());
-				httpSession.setAttribute(ATTR_AUTH, Boolean.FALSE);
+			// skip data
+			if (servletPath.startsWith(PATH_DATA)) {
 				filterChain.doFilter(request, response);
 				return;
 			}
 
-			Boolean doBasicAuth = true;
-			if (doBasicAuth) {
-				requestBasicAuth(httpSession, response);
-				// skip filter chain
+			// redirect long RWT paths to anchor
+			String path = request.getRequestURI().substring(
+					servletPath.length());
+			int pathLength = path.length();
+			if (pathLength != 0 && (path.charAt(0) == '/')
+					&& !servletPath.endsWith("rwt-resources")
+					&& !path.equals("/")) {
+				String newLocation = request.getServletPath() + "#" + path;
+				response.setHeader("Location", newLocation);
+				response.setStatus(HttpServletResponse.SC_FOUND);
 				return;
 			}
 
-			// TODO Login page
-
-			// Anonymous
-			KernelUtils.anonymousLogin(authenticationManager);
+			// process normally
 			filterChain.doFilter(request, response);
 		}
 	}
@@ -264,10 +273,10 @@ class NodeHttp implements KernelConstants, ArgeoJcrConstants {
 				FilterChain filterChain) throws IOException, ServletException {
 
 			// Authenticate from session
-			if (isSessionAuthenticated(httpSession)) {
-				filterChain.doFilter(request, response);
-				return;
-			}
+			// if (isSessionAuthenticated(httpSession)) {
+			// filterChain.doFilter(request, response);
+			// return;
+			// }
 
 			// Process basic auth
 			String basicAuth = request.getHeader(HEADER_AUTHORIZATION);
@@ -286,4 +295,19 @@ class NodeHttp implements KernelConstants, ArgeoJcrConstants {
 		}
 	}
 
+	class CustomDosFilter extends DoSFilter {
+		@Override
+		protected String extractUserId(ServletRequest request) {
+			HttpSession httpSession = ((HttpServletRequest) request)
+					.getSession();
+			if (isSessionAuthenticated(httpSession)) {
+				String userId = ((SecurityContext) httpSession
+						.getAttribute(SPRING_SECURITY_CONTEXT_KEY))
+						.getAuthentication().getName();
+				return userId;
+			}
+			return super.extractUserId(request);
+
+		}
+	}
 }