From b707a615d88b14bab7c75467e0acfcccd8aa3d6e Mon Sep 17 00:00:00 2001
From: Mathieu Baudier <mbaudier@argeo.org>
Date: Mon, 3 Dec 2018 11:23:35 +0100
Subject: [PATCH] Adapt for use with whiteboard OSGi specs

---
 .../core/execution/http/RunnerServlet.java    |  4 ++
 .../http/RunnerServletContextHelper.java      | 56 +++++++++++++++++++
 2 files changed, 60 insertions(+)
 create mode 100644 org.argeo.slc.core/src/org/argeo/slc/core/execution/http/RunnerServletContextHelper.java

diff --git a/org.argeo.slc.core/src/org/argeo/slc/core/execution/http/RunnerServlet.java b/org.argeo.slc.core/src/org/argeo/slc/core/execution/http/RunnerServlet.java
index cbbc04fc9..eb9b43568 100644
--- a/org.argeo.slc.core/src/org/argeo/slc/core/execution/http/RunnerServlet.java
+++ b/org.argeo.slc.core/src/org/argeo/slc/core/execution/http/RunnerServlet.java
@@ -306,4 +306,8 @@ public class RunnerServlet extends HttpServlet {
 
 	}
 
+	protected ExecutorService getExecutor() {
+		return executor;
+	}
+
 }
diff --git a/org.argeo.slc.core/src/org/argeo/slc/core/execution/http/RunnerServletContextHelper.java b/org.argeo.slc.core/src/org/argeo/slc/core/execution/http/RunnerServletContextHelper.java
new file mode 100644
index 000000000..c216d6d59
--- /dev/null
+++ b/org.argeo.slc.core/src/org/argeo/slc/core/execution/http/RunnerServletContextHelper.java
@@ -0,0 +1,56 @@
+package org.argeo.slc.core.execution.http;
+
+import java.io.IOException;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.argeo.cms.auth.HttpRequestCallbackHandler;
+import org.argeo.node.NodeConstants;
+import org.osgi.service.http.context.ServletContextHelper;
+
+public class RunnerServletContextHelper extends ServletContextHelper {
+	final static String HEADER_WWW_AUTHENTICATE = "WWW-Authenticate";
+	private final String httpAuthRealm = "Runner";
+
+	@Override
+	public boolean handleSecurity(final HttpServletRequest request, HttpServletResponse response) throws IOException {
+		LoginContext lc;
+		try {
+			lc = new LoginContext(NodeConstants.LOGIN_CONTEXT_USER, new HttpRequestCallbackHandler(request, response));
+			lc.login();
+		} catch (LoginException e) {
+			lc = processUnauthorized(request, response);
+			if (lc == null)
+				return false;
+		}
+		Subject.doAs(lc.getSubject(), new PrivilegedAction<Void>() {
+
+			@Override
+			public Void run() {
+				request.setAttribute(REMOTE_USER, AccessController.getContext());
+				return null;
+			}
+
+		});
+
+		return true;
+	}
+
+	protected LoginContext processUnauthorized(HttpServletRequest request, HttpServletResponse response) {
+		askForWwwAuth(request, response);
+		return null;
+	}
+
+	protected void askForWwwAuth(HttpServletRequest request, HttpServletResponse response) {
+		response.setStatus(401);
+		response.setHeader(HEADER_WWW_AUTHENTICATE, "Basic realm=\"" + httpAuthRealm + "\"");
+
+	}
+
+}
-- 
2.39.2