1 package org
.argeo
.cms
.internal
.http
;
3 import java
.io
.IOException
;
6 import javax
.security
.auth
.login
.LoginContext
;
7 import javax
.security
.auth
.login
.LoginException
;
8 import javax
.servlet
.http
.HttpServletRequest
;
9 import javax
.servlet
.http
.HttpServletResponse
;
11 import org
.apache
.commons
.logging
.Log
;
12 import org
.apache
.commons
.logging
.LogFactory
;
13 import org
.argeo
.cms
.auth
.HttpRequestCallbackHandler
;
14 import org
.argeo
.node
.NodeConstants
;
15 import org
.osgi
.framework
.BundleContext
;
16 import org
.osgi
.framework
.FrameworkUtil
;
17 import org
.osgi
.service
.http
.HttpContext
;
19 public class DataHttpContext
implements HttpContext
{
20 private final static Log log
= LogFactory
.getLog(DataHttpContext
.class);
22 private final BundleContext bc
= FrameworkUtil
.getBundle(getClass()).getBundleContext();
24 // FIXME Make it more unique
25 private final String httpAuthRealm
;
26 private final boolean forceBasic
;
28 public DataHttpContext(String httpAuthrealm
, boolean forceBasic
) {
29 this.httpAuthRealm
= httpAuthrealm
;
30 this.forceBasic
= forceBasic
;
33 public DataHttpContext(String httpAuthrealm
) {
34 this(httpAuthrealm
, false);
38 public boolean handleSecurity(final HttpServletRequest request
, HttpServletResponse response
) throws IOException
{
40 if (log
.isTraceEnabled())
41 HttpUtils
.logRequestHeaders(log
, request
);
44 lc
= new LoginContext(NodeConstants
.LOGIN_CONTEXT_USER
, new HttpRequestCallbackHandler(request
, response
));
46 } catch (LoginException e
) {
47 lc
= processUnauthorized(request
, response
);
55 public URL
getResource(String name
) {
56 return bc
.getBundle().getResource(name
);
60 public String
getMimeType(String name
) {
64 protected LoginContext
processUnauthorized(HttpServletRequest request
, HttpServletResponse response
) {
67 LoginContext lc
= new LoginContext(NodeConstants
.LOGIN_CONTEXT_ANONYMOUS
, new HttpRequestCallbackHandler(request
, response
));
70 } catch (LoginException e1
) {
71 if (log
.isDebugEnabled())
72 log
.error("Cannot log in as anonymous", e1
);
76 protected void askForWwwAuth(HttpServletRequest request
, HttpServletResponse response
) {
77 response
.setStatus(401);
78 // response.setHeader(HttpUtils.HEADER_WWW_AUTHENTICATE, "basic
79 // realm=\"" + httpAuthRealm + "\"");
80 if (org
.argeo
.cms
.internal
.kernel
.Activator
.getAcceptorCredentials() != null && !forceBasic
)// SPNEGO
81 response
.setHeader(HttpUtils
.HEADER_WWW_AUTHENTICATE
, "Negotiate");
83 response
.setHeader(HttpUtils
.HEADER_WWW_AUTHENTICATE
, "Basic realm=\"" + httpAuthRealm
+ "\"");
85 // response.setDateHeader("Date", System.currentTimeMillis());
86 // response.setDateHeader("Expires", System.currentTimeMillis() + (24 *
88 // response.setHeader("Accept-Ranges", "bytes");
89 // response.setHeader("Connection", "Keep-Alive");
90 // response.setHeader("Keep-Alive", "timeout=5, max=97");
91 // response.setContentType("text/html; charset=UTF-8");