1 package org
.argeo
.cms
.servlet
;
3 import javax
.security
.auth
.login
.LoginContext
;
4 import javax
.servlet
.http
.HttpServletRequest
;
5 import javax
.servlet
.http
.HttpServletResponse
;
7 import org
.argeo
.cms
.auth
.SpnegoLoginModule
;
8 import org
.argeo
.cms
.servlet
.internal
.HttpUtils
;
10 /** Servlet context forcing authentication. */
11 public class PrivateWwwAuthServletContext
extends CmsServletContext
{
12 // TODO make it configurable
13 private final String httpAuthRealm
= "Argeo";
14 private final boolean forceBasic
= false;
17 protected LoginContext
processUnauthorized(HttpServletRequest request
, HttpServletResponse response
) {
18 askForWwwAuth(request
, response
);
22 protected void askForWwwAuth(HttpServletRequest request
, HttpServletResponse response
) {
23 // response.setHeader(HttpUtils.HEADER_WWW_AUTHENTICATE, "basic
24 // realm=\"" + httpAuthRealm + "\"");
25 if (SpnegoLoginModule
.hasAcceptorCredentials() && !forceBasic
)// SPNEGO
26 response
.setHeader(HttpUtils
.HEADER_WWW_AUTHENTICATE
, "Negotiate");
28 response
.setHeader(HttpUtils
.HEADER_WWW_AUTHENTICATE
, "Basic realm=\"" + httpAuthRealm
+ "\"");
30 // response.setDateHeader("Date", System.currentTimeMillis());
31 // response.setDateHeader("Expires", System.currentTimeMillis() + (24 *
33 // response.setHeader("Accept-Ranges", "bytes");
34 // response.setHeader("Connection", "Keep-Alive");
35 // response.setHeader("Keep-Alive", "timeout=5, max=97");
36 // response.setContentType("text/html; charset=UTF-8");
37 response
.setStatus(401);