org.argeo.cms/src/org/argeo/cms/internal/http/CmsAuthenticator.java

   1 package org.argeo.cms.internal.http;
   2
   3 import javax.security.auth.Subject;
   4 import javax.security.auth.login.LoginContext;
   5 import javax.security.auth.login.LoginException;
   6
   7 import org.argeo.api.cms.CmsAuth;
   8 import org.argeo.cms.auth.CurrentUser;
   9 import org.argeo.cms.auth.RemoteAuthCallbackHandler;
  10 import org.argeo.cms.auth.RemoteAuthRequest;
  11 import org.argeo.cms.auth.RemoteAuthResponse;
  12 import org.argeo.cms.auth.RemoteAuthUtils;
  13
  14 import com.sun.net.httpserver.Authenticator;
  15 import com.sun.net.httpserver.HttpExchange;
  16 import com.sun.net.httpserver.HttpPrincipal;
  17
  18 public class CmsAuthenticator extends Authenticator {
  19 //      final static String HEADER_AUTHORIZATION = "Authorization";
  20 //      final static String HEADER_WWW_AUTHENTICATE = "WWW-Authenticate";
  21
  22 //      private final static CmsLog log = CmsLog.getLog(CmsAuthenticator.class);
  23
  24         // TODO make it configurable
  25         private final String httpAuthRealm = "Argeo";
  26         private final boolean forceBasic = false;
  27
  28         @Override
  29         public Result authenticate(HttpExchange exch) {
  30 //              if (log.isTraceEnabled())
  31 //                      HttpUtils.logRequestHeaders(log, request);
  32                 RemoteAuthHttpExchange remoteAuthExchange = new RemoteAuthHttpExchange(exch);
  33                 ClassLoader currentThreadContextClassLoader = Thread.currentThread().getContextClassLoader();
  34                 Thread.currentThread().setContextClassLoader(CmsAuthenticator.class.getClassLoader());
  35                 LoginContext lc;
  36                 try {
  37                         lc = CmsAuth.USER.newLoginContext(new RemoteAuthCallbackHandler(remoteAuthExchange, remoteAuthExchange));
  38                         lc.login();
  39                 } catch (LoginException e) {
  40                         if (authIsRequired(remoteAuthExchange, remoteAuthExchange)) {
  41                                 int statusCode = RemoteAuthUtils.askForWwwAuth(remoteAuthExchange, remoteAuthExchange, httpAuthRealm,
  42                                                 forceBasic);
  43                                 return new Authenticator.Retry(statusCode);
  44
  45                         } else {
  46                                 lc = RemoteAuthUtils.anonymousLogin(remoteAuthExchange, remoteAuthExchange);
  47                         }
  48                         if (lc == null)
  49                                 return new Authenticator.Failure(403);
  50                 } finally {
  51                         Thread.currentThread().setContextClassLoader(currentThreadContextClassLoader);
  52                 }
  53
  54                 Subject subject = lc.getSubject();
  55
  56 //              CurrentSubject.callAs(subject, () -> {
  57 //                      RemoteAuthUtils.configureRequestSecurity(remoteAuthExchange);
  58 //                      return null;
  59 //              });
  60 //              Subject.doAs(subject, new PrivilegedAction<Void>() {
  61 //
  62 //                      @Override
  63 //                      public Void run() {
  64 //                              // TODO also set login context in order to log out ?
  65 //                              RemoteAuthUtils.configureRequestSecurity(new ServletHttpRequest(request));
  66 //                              return null;
  67 //                      }
  68 //
  69 //              });
  70                 String username = CurrentUser.getUsername(subject);
  71                 HttpPrincipal httpPrincipal = new HttpPrincipal(username, httpAuthRealm);
  72                 return new Authenticator.Success(httpPrincipal);
  73         }
  74
  75         protected boolean authIsRequired(RemoteAuthRequest remoteAuthRequest, RemoteAuthResponse remoteAuthResponse) {
  76                 return true;
  77         }
  78
  79 }