X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.slc.core%2Fsrc%2Forg%2Fargeo%2Fslc%2Fcore%2Fexecution%2Fhttp%2FRunnerServlet.java;h=5bbf243fb9c77e17ffc524f1bac9e2683c8fafc1;hb=7b83f8fd0c093b7be871e55a1f6d96290bfcb7ec;hp=a97f6dc1bf9e06ad9bbb83d929dbb6f6f4f94cfb;hpb=2601986af20dc935dc37885d77dadfa45e466ec2;p=gpl%2Fargeo-slc.git diff --git a/org.argeo.slc.core/src/org/argeo/slc/core/execution/http/RunnerServlet.java b/org.argeo.slc.core/src/org/argeo/slc/core/execution/http/RunnerServlet.java index a97f6dc1b..5bbf243fb 100644 --- a/org.argeo.slc.core/src/org/argeo/slc/core/execution/http/RunnerServlet.java +++ b/org.argeo.slc.core/src/org/argeo/slc/core/execution/http/RunnerServlet.java @@ -25,7 +25,6 @@ import javax.jcr.Repository; import javax.jcr.RepositoryException; import javax.jcr.Session; import javax.jcr.nodetype.NodeType; -import javax.naming.ldap.LdapName; import javax.security.auth.Subject; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; @@ -103,19 +102,21 @@ public class RunnerServlet extends HttpServlet { String workgroup = tokens[1]; CmsSession cmsSession = getByLocalId(req.getSession().getId()); - - boolean authorized = false; - for (String role : cmsSession.getAuthorization().getRoles()) { - if (role.startsWith("cn=" + workgroup) || role.startsWith("uid=" + workgroup)) { - authorized = true; - break; + // FIXME make it more robust + if (cmsSession != null) {// multiuser + boolean authorized = false; + for (String role : cmsSession.getAuthorization().getRoles()) { + if (role.startsWith("cn=" + workgroup) || role.startsWith("uid=" + workgroup)) { + authorized = true; + break; + } + } + if (!authorized) { + resp.setStatus(403); + return; } } - if (!authorized) { - resp.setStatus(403); - return; - } - LdapName userDn = cmsSession.getUserDn(); + // LdapName userDn = cmsSession.getUserDn(); AccessControlContext acc = (AccessControlContext) req.getAttribute(HttpContext.REMOTE_USER); Subject subject = Subject.getSubject(acc); // flow path @@ -131,11 +132,11 @@ public class RunnerServlet extends HttpServlet { // JCR Repository repository; try { - ServiceReference sr= bc.getServiceReferences( Repository.class,"(cn=home)" ).iterator().next(); - repository = bc.getService(sr); - + ServiceReference sr = bc.getServiceReferences(Repository.class, "(cn=home)").iterator().next(); + repository = bc.getService(sr); + } catch (InvalidSyntaxException e2) { - throw new SlcException("Cannot find home repository",e2); + throw new SlcException("Cannot find home repository", e2); } Session session = Subject.doAs(subject, new PrivilegedAction() { @@ -174,7 +175,7 @@ public class RunnerServlet extends HttpServlet { } if (log.isTraceEnabled()) - log.trace(userDn + " " + workgroup + " " + flowName); + log.trace(session.getUserID() + " " + workgroup + " " + flowName); try { resp.setHeader("Content-Type", "application/json"); @@ -232,6 +233,10 @@ public class RunnerServlet extends HttpServlet { return baseDir; } + protected HttpContext getHttpContext(String httpAuthrealm) { + return null; + } + public static void register(BundleContext bc, String alias, RunnerServlet runnerServlet, String httpAuthrealm) { try { ServiceTracker serviceTracker = new ServiceTracker(bc, @@ -242,7 +247,10 @@ public class RunnerServlet extends HttpServlet { // TODO Auto-generated method stub HttpService httpService = super.addingService(reference); try { - httpService.registerServlet(alias, runnerServlet, null, new RunnerHttpContext(httpAuthrealm)); + HttpContext httpContext = runnerServlet.getHttpContext(httpAuthrealm); + if (httpContext == null) + httpContext = new RunnerHttpContext(httpAuthrealm); + httpService.registerServlet(alias, runnerServlet, null, httpContext); } catch (Exception e) { throw new SlcException("Cannot register servlet", e); }