X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fwebsocket%2FCmsWebSocketConfigurator.java;h=7cfe5748b19a7af3c51bc452f05c53d84f7c6096;hb=862da18b7053df010348b3ed1096afd3b5778c10;hp=cd435aa43a0e5a2b5fb715b417399de590195f09;hpb=33be7f0920e65d7295ea0847d6b39f1657fd14f4;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/websocket/CmsWebSocketConfigurator.java b/org.argeo.cms/src/org/argeo/cms/websocket/CmsWebSocketConfigurator.java index cd435aa43..7cfe5748b 100644 --- a/org.argeo.cms/src/org/argeo/cms/websocket/CmsWebSocketConfigurator.java +++ b/org.argeo.cms/src/org/argeo/cms/websocket/CmsWebSocketConfigurator.java @@ -1,5 +1,6 @@ package org.argeo.cms.websocket; +import java.util.ArrayList; import java.util.List; import javax.security.auth.login.LoginContext; @@ -16,7 +17,7 @@ import org.apache.commons.logging.LogFactory; import org.argeo.cms.auth.HttpRequestCallbackHandler; import org.argeo.node.NodeConstants; -public final class CmsWebSocketConfigurator extends Configurator { +public class CmsWebSocketConfigurator extends Configurator { private final static Log log = LogFactory.getLog(CmsWebSocketConfigurator.class); final static String HEADER_WWW_AUTHENTICATE = "WWW-Authenticate"; @@ -62,6 +63,7 @@ public final class CmsWebSocketConfigurator extends Configurator { if (httpSession == null) { rejectResponse(response); + return; } try { LoginContext lc = new LoginContext(NodeConstants.LOGIN_CONTEXT_USER, @@ -72,20 +74,17 @@ public final class CmsWebSocketConfigurator extends Configurator { sec.getUserProperties().put("subject", lc.getSubject()); } catch (LoginException e) { rejectResponse(response); + return; } - -// List authHeaders = request.getHeaders().get(HEADER_WWW_AUTHENTICATE); -// String authHeader; -// if (authHeaders != null && authHeaders.size() == 1) { -// authHeader = authHeaders.get(0); -// } else { -// return; -// } } - private void rejectResponse(HandshakeResponse response) { + protected void rejectResponse(HandshakeResponse response) { + List lst = new ArrayList(); + lst.add("no"); + response.getHeaders().put(HandshakeResponse.SEC_WEBSOCKET_ACCEPT, lst); + // violent implementation, as suggested in // https://stackoverflow.com/questions/21763829/jsr-356-how-to-abort-a-websocket-connection-during-the-handshake - throw new IllegalStateException("Web socket cannot be authenticated"); + // throw new IllegalStateException("Web socket cannot be authenticated"); } }