1 package org
.argeo
.cms
.servlet
;
3 import javax
.security
.auth
.login
.LoginContext
;
4 import javax
.servlet
.http
.HttpServletRequest
;
5 import javax
.servlet
.http
.HttpServletResponse
;
7 import org
.argeo
.cms
.internal
.http
.HttpUtils
;
9 /** Servlet context forcing authentication. */
10 public class PrivateWwwAuthServletContext
extends CmsServletContext
{
11 // TODO make it configurable
12 private final String httpAuthRealm
= "Argeo";
13 private final boolean forceBasic
= false;
16 protected LoginContext
processUnauthorized(HttpServletRequest request
, HttpServletResponse response
) {
17 askForWwwAuth(request
, response
);
21 protected void askForWwwAuth(HttpServletRequest request
, HttpServletResponse response
) {
22 // response.setHeader(HttpUtils.HEADER_WWW_AUTHENTICATE, "basic
23 // realm=\"" + httpAuthRealm + "\"");
24 if (org
.argeo
.cms
.internal
.kernel
.Activator
.getAcceptorCredentials() != null && !forceBasic
)// SPNEGO
25 response
.setHeader(HttpUtils
.HEADER_WWW_AUTHENTICATE
, "Negotiate");
27 response
.setHeader(HttpUtils
.HEADER_WWW_AUTHENTICATE
, "Basic realm=\"" + httpAuthRealm
+ "\"");
29 // response.setDateHeader("Date", System.currentTimeMillis());
30 // response.setDateHeader("Expires", System.currentTimeMillis() + (24 *
32 // response.setHeader("Accept-Ranges", "bytes");
33 // response.setHeader("Connection", "Keep-Alive");
34 // response.setHeader("Keep-Alive", "timeout=5, max=97");
35 // response.setContentType("text/html; charset=UTF-8");
36 response
.setStatus(401);