1 package org
.argeo
.cms
.websocket
;
5 import javax
.security
.auth
.login
.LoginContext
;
6 import javax
.security
.auth
.login
.LoginException
;
7 import javax
.servlet
.http
.HttpSession
;
8 import javax
.websocket
.Extension
;
9 import javax
.websocket
.HandshakeResponse
;
10 import javax
.websocket
.server
.HandshakeRequest
;
11 import javax
.websocket
.server
.ServerEndpointConfig
;
12 import javax
.websocket
.server
.ServerEndpointConfig
.Configurator
;
14 import org
.apache
.commons
.logging
.Log
;
15 import org
.apache
.commons
.logging
.LogFactory
;
16 import org
.argeo
.cms
.auth
.HttpRequestCallbackHandler
;
17 import org
.argeo
.node
.NodeConstants
;
19 public final class CmsWebSocketConfigurator
extends Configurator
{
20 private final static Log log
= LogFactory
.getLog(CmsWebSocketConfigurator
.class);
21 final static String HEADER_WWW_AUTHENTICATE
= "WWW-Authenticate";
24 public boolean checkOrigin(String originHeaderValue
) {
29 public <T
> T
getEndpointInstance(Class
<T
> endpointClass
) throws InstantiationException
{
31 return endpointClass
.getDeclaredConstructor().newInstance();
32 } catch (Exception e
) {
33 throw new IllegalArgumentException("Cannot get endpoint instance", e
);
38 public List
<Extension
> getNegotiatedExtensions(List
<Extension
> installed
, List
<Extension
> requested
) {
43 public String
getNegotiatedSubprotocol(List
<String
> supported
, List
<String
> requested
) {
44 if ((requested
== null) || (requested
.size() == 0))
46 if ((supported
== null) || (supported
.isEmpty()))
48 for (String possible
: requested
) {
51 if (supported
.contains(possible
))
58 public void modifyHandshake(ServerEndpointConfig sec
, HandshakeRequest request
, HandshakeResponse response
) {
59 HttpSession httpSession
= (HttpSession
) request
.getHttpSession();
60 if (log
.isDebugEnabled() && httpSession
!= null)
61 log
.debug("Web socket HTTP session id: " + httpSession
.getId());
63 if (httpSession
== null) {
64 rejectResponse(response
);
67 LoginContext lc
= new LoginContext(NodeConstants
.LOGIN_CONTEXT_USER
,
68 new HttpRequestCallbackHandler(httpSession
));
70 if (log
.isDebugEnabled())
71 log
.debug("Web socket logged-in as " + lc
.getSubject());
72 sec
.getUserProperties().put("subject", lc
.getSubject());
73 } catch (LoginException e
) {
74 rejectResponse(response
);
77 // List<String> authHeaders = request.getHeaders().get(HEADER_WWW_AUTHENTICATE);
79 // if (authHeaders != null && authHeaders.size() == 1) {
80 // authHeader = authHeaders.get(0);
86 private void rejectResponse(HandshakeResponse response
) {
87 // violent implementation, as suggested in
88 // https://stackoverflow.com/questions/21763829/jsr-356-how-to-abort-a-websocket-connection-during-the-handshake
89 throw new IllegalStateException("Web socket cannot be authenticated");