1 package org
.argeo
.cms
.servlet
;
3 import javax
.security
.auth
.login
.LoginContext
;
4 import javax
.servlet
.http
.HttpServletRequest
;
5 import javax
.servlet
.http
.HttpServletResponse
;
7 import org
.argeo
.cms
.auth
.SpnegoLoginModule
;
8 import org
.argeo
.util
.http
.HttpHeader
;
10 /** Servlet context forcing authentication. */
11 public class PrivateWwwAuthServletContext
extends CmsServletContext
{
12 // TODO make it configurable
13 private final String httpAuthRealm
= "Argeo";
14 private final boolean forceBasic
= false;
17 protected LoginContext
processUnauthorized(HttpServletRequest request
, HttpServletResponse response
) {
18 askForWwwAuth(request
, response
);
22 protected void askForWwwAuth(HttpServletRequest request
, HttpServletResponse response
) {
23 // response.setHeader(HttpUtils.HEADER_WWW_AUTHENTICATE, "basic
24 // realm=\"" + httpAuthRealm + "\"");
25 if (SpnegoLoginModule
.hasAcceptorCredentials() && !forceBasic
)// SPNEGO
26 response
.setHeader(HttpHeader
.WWW_AUTHENTICATE
.getName(), HttpHeader
.NEGOTIATE
);
28 response
.setHeader(HttpHeader
.WWW_AUTHENTICATE
.getName(),
29 HttpHeader
.BASIC
+ " " + HttpHeader
.REALM
+ "=\"" + httpAuthRealm
+ "\"");
31 // response.setDateHeader("Date", System.currentTimeMillis());
32 // response.setDateHeader("Expires", System.currentTimeMillis() + (24 *
34 // response.setHeader("Accept-Ranges", "bytes");
35 // response.setHeader("Connection", "Keep-Alive");
36 // response.setHeader("Keep-Alive", "timeout=5, max=97");
37 // response.setContentType("text/html; charset=UTF-8");
38 response
.setStatus(401);