]> git.argeo.org Git - lgpl/argeo-commons.git/blob - eclipse/org.argeo.cms.servlet/src/org/argeo/cms/servlet/CmsServletContext.java
projects / lgpl / argeo-commons.git / blob


cc2bc02d1978e46bc34e3149f0779baf2728522a
[lgpl/argeo-commons.git] / eclipse / org.argeo.cms.servlet / src / org / argeo / cms / servlet / CmsServletContext.java
1 package org.argeo.cms.servlet;
2
3 import java.io.IOException;
4 import java.net.URL;
5 import java.security.PrivilegedAction;
6 import java.util.Map;
7
8 import javax.security.auth.Subject;
9 import javax.security.auth.login.LoginContext;
10 import javax.security.auth.login.LoginException;
11 import javax.servlet.http.HttpServletRequest;
12 import javax.servlet.http.HttpServletResponse;
13
14 import org.argeo.api.cms.CmsAuth;
15 import org.argeo.api.cms.CmsLog;
16 import org.argeo.cms.auth.RemoteAuthCallbackHandler;
17 import org.argeo.cms.auth.RemoteAuthUtils;
18 import org.argeo.cms.servlet.internal.HttpUtils;
19 import org.osgi.framework.Bundle;
20 import org.osgi.framework.FrameworkUtil;
21 import org.osgi.service.http.context.ServletContextHelper;
22
23 /**
24 * Default servlet context degrading to anonymous if the the session is not
25 * pre-authenticated.
26 */
27 public class CmsServletContext extends ServletContextHelper {
28 private final static CmsLog log = CmsLog.getLog(CmsServletContext.class);
29 // use CMS bundle for resources
30 private Bundle bundle = FrameworkUtil.getBundle(getClass());
31
32 public void init(Map<String, String> properties) {
33
34 }
35
36 public void destroy() {
37
38 }
39
40 @Override
41 public boolean handleSecurity(HttpServletRequest request, HttpServletResponse response) throws IOException {
42 if (log.isTraceEnabled())
43 HttpUtils.logRequestHeaders(log, request);
44 LoginContext lc;
45 try {
46 lc = CmsAuth.USER.newLoginContext(
47 new RemoteAuthCallbackHandler(new ServletHttpRequest(request), new ServletHttpResponse(response)));
48 lc.login();
49 } catch (LoginException e) {
50 lc = processUnauthorized(request, response);
51 if (log.isTraceEnabled())
52 HttpUtils.logResponseHeaders(log, response);
53 if (lc == null)
54 return false;
55 }
56
57 Subject subject = lc.getSubject();
58 // log.debug("SERVLET CONTEXT: "+subject);
59 Subject.doAs(subject, new PrivilegedAction<Void>() {
60
61 @Override
62 public Void run() {
63 // TODO also set login context in order to log out ?
64 RemoteAuthUtils.configureRequestSecurity(new ServletHttpRequest(request));
65 return null;
66 }
67
68 });
69 return true;
70 }
71
72 @Override
73 public void finishSecurity(HttpServletRequest request, HttpServletResponse response) {
74 RemoteAuthUtils.clearRequestSecurity(new ServletHttpRequest(request));
75 }
76
77 protected LoginContext processUnauthorized(HttpServletRequest request, HttpServletResponse response) {
78 // anonymous
79 ClassLoader currentContextClassLoader = Thread.currentThread().getContextClassLoader();
80 try {
81 Thread.currentThread().setContextClassLoader(CmsServletContext.class.getClassLoader());
82 LoginContext lc = new LoginContext(CmsAuth.LOGIN_CONTEXT_ANONYMOUS,
83 new RemoteAuthCallbackHandler(new ServletHttpRequest(request), new ServletHttpResponse(response)));
84 lc.login();
85 return lc;
86 } catch (LoginException e1) {
87 if (log.isDebugEnabled())
88 log.error("Cannot log in as anonymous", e1);
89 return null;
90 } finally {
91 Thread.currentThread().setContextClassLoader(currentContextClassLoader);
92 }
93 }
94
95 @Override
96 public URL getResource(String name) {
97 // TODO make it more robust and versatile
98 // if used directly it can only load from within this bundle
99 return bundle.getResource(name);
100 }
101
102 }
Argeo Commons - Lightweight integration framework in pure Java/OSGi