1 package org
.argeo
.cms
.internal
.http
;
3 import javax
.security
.auth
.Subject
;
4 import javax
.security
.auth
.login
.LoginContext
;
5 import javax
.security
.auth
.login
.LoginException
;
7 import org
.argeo
.api
.cms
.CmsAuth
;
8 import org
.argeo
.cms
.auth
.CurrentUser
;
9 import org
.argeo
.cms
.auth
.RemoteAuthCallbackHandler
;
10 import org
.argeo
.cms
.auth
.RemoteAuthRequest
;
11 import org
.argeo
.cms
.auth
.RemoteAuthResponse
;
12 import org
.argeo
.cms
.auth
.RemoteAuthUtils
;
14 import com
.sun
.net
.httpserver
.Authenticator
;
15 import com
.sun
.net
.httpserver
.HttpExchange
;
16 import com
.sun
.net
.httpserver
.HttpPrincipal
;
18 /** An {@link Authenticator} implementation based on CMS authentication. */
19 public class CmsAuthenticator
extends Authenticator
{
20 // TODO make it configurable
21 private final String httpAuthRealm
= "Argeo";
22 private final boolean forceBasic
= false;
25 public Result
authenticate(HttpExchange exch
) {
26 RemoteAuthHttpExchange remoteAuthExchange
= new RemoteAuthHttpExchange(exch
);
27 ClassLoader currentThreadContextClassLoader
= Thread
.currentThread().getContextClassLoader();
28 Thread
.currentThread().setContextClassLoader(CmsAuthenticator
.class.getClassLoader());
31 lc
= CmsAuth
.USER
.newLoginContext(new RemoteAuthCallbackHandler(remoteAuthExchange
, remoteAuthExchange
));
33 } catch (LoginException e
) {
34 if (authIsRequired(remoteAuthExchange
, remoteAuthExchange
)) {
35 int statusCode
= RemoteAuthUtils
.askForWwwAuth(remoteAuthExchange
, remoteAuthExchange
, httpAuthRealm
,
37 return new Authenticator
.Retry(statusCode
);
40 lc
= RemoteAuthUtils
.anonymousLogin(remoteAuthExchange
, remoteAuthExchange
);
43 return new Authenticator
.Failure(403);
45 Thread
.currentThread().setContextClassLoader(currentThreadContextClassLoader
);
48 Subject subject
= lc
.getSubject();
50 String username
= CurrentUser
.getUsername(subject
);
51 HttpPrincipal httpPrincipal
= new HttpPrincipal(username
, httpAuthRealm
);
52 return new Authenticator
.Success(httpPrincipal
);
55 protected boolean authIsRequired(RemoteAuthRequest remoteAuthRequest
, RemoteAuthResponse remoteAuthResponse
) {