import org.apache.jackrabbit.webdav.simple.SimpleWebdavServlet;
import org.argeo.cms.CmsException;
import org.argeo.cms.auth.AuthConstants;
+import org.argeo.cms.auth.CurrentUser;
import org.argeo.cms.auth.HttpRequestCallback;
import org.argeo.cms.auth.HttpRequestCallbackHandler;
import org.argeo.jcr.ArgeoJcrConstants;
// private final static String ATTR_AUTH = "auth";
private final static String HEADER_AUTHORIZATION = "Authorization";
- private final static String HEADER_WWW_AUTHENTICATE = "WWW-Authenticate";
+ // private final static String HEADER_WWW_AUTHENTICATE = "WWW-Authenticate";
private final HttpService httpService;
// FIXME Make it more unique
- private String httpAuthRealm = "Argeo";
+ // private String httpAuthRealm = "Argeo";
// WebDav / JCR remoting
private OpenInViewSessionProvider sessionProvider;
- DataHttp(HttpService httpService, NodeRepository node) {
+ DataHttp(HttpService httpService) {
this.httpService = httpService;
sessionProvider = new OpenInViewSessionProvider();
// registerRepositoryServlets(ALIAS_NODE, node);
throw new CmsException("Could not login", e1);
}
} else {
- requestBasicAuth(request, response);
+ // requestBasicAuth(request, response);
return false;
}
} catch (LoginException e) {
return null;
}
- private void requestBasicAuth(HttpServletRequest request,
- HttpServletResponse response) {
- response.setStatus(401);
- response.setHeader(HEADER_WWW_AUTHENTICATE, "basic realm=\""
- + httpAuthRealm + "\"");
- // request.getSession().setAttribute(ATTR_AUTH, Boolean.TRUE);
- }
+ // private void requestBasicAuth(HttpServletRequest request,
+ // HttpServletResponse response) {
+ // response.setStatus(401);
+ // response.setHeader(HEADER_WWW_AUTHENTICATE, "basic realm=\""
+ // + httpAuthRealm + "\"");
+ // // request.getSession().setAttribute(ATTR_AUTH, Boolean.TRUE);
+ // }
private CallbackHandler basicAuth(final HttpServletRequest httpRequest) {
String authHeader = httpRequest.getHeader(HEADER_AUTHORIZATION);
IOException {
try {
Subject subject = subjectFromRequest(request);
- if (request.getMethod().equals("GET")){
+ if (CurrentUser.isAnonymous(subject)
+ && request.getMethod().equals("GET")) {
response.setHeader("Cache-Control",
"no-transform, public, max-age=300, s-maxage=900");
}