Fix PKI

[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / internal / kernel / DataHttp.java

diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/DataHttp.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/DataHttp.java
index ab9211a5439fc0ab02368107628ffe53d8a18fb8..2838180869995cde45789cc3c2d58fa485b5afb2 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/DataHttp.java
+++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/DataHttp.java
@@ -21,7 +21,6 @@ import javax.security.auth.callback.PasswordCallback;
 import javax.security.auth.login.CredentialNotFoundException;
 import javax.security.auth.login.LoginContext;
 import javax.security.auth.login.LoginException;
-import javax.servlet.Servlet;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -34,6 +33,7 @@ import org.apache.jackrabbit.server.remoting.davex.JcrRemotingServlet;
 import org.apache.jackrabbit.webdav.simple.SimpleWebdavServlet;
 import org.argeo.cms.CmsException;
 import org.argeo.cms.auth.AuthConstants;
+import org.argeo.cms.auth.CurrentUser;
 import org.argeo.cms.auth.HttpRequestCallback;
 import org.argeo.cms.auth.HttpRequestCallbackHandler;
 import org.argeo.jcr.ArgeoJcrConstants;
@@ -52,24 +52,24 @@ class DataHttp implements KernelConstants, ArgeoJcrConstants {
 
        // private final static String ATTR_AUTH = "auth";
        private final static String HEADER_AUTHORIZATION = "Authorization";
-       private final static String HEADER_WWW_AUTHENTICATE = "WWW-Authenticate";
+       // private final static String HEADER_WWW_AUTHENTICATE = "WWW-Authenticate";
 
        private final HttpService httpService;
 
        // FIXME Make it more unique
-       private String httpAuthRealm = "Argeo";
+       // private String httpAuthRealm = "Argeo";
 
        // WebDav / JCR remoting
        private OpenInViewSessionProvider sessionProvider;
 
-       DataHttp(HttpService httpService, NodeRepository node) {
+       DataHttp(HttpService httpService) {
                this.httpService = httpService;
                sessionProvider = new OpenInViewSessionProvider();
-               registerRepositoryServlets(ALIAS_NODE, node);
+               // registerRepositoryServlets(ALIAS_NODE, node);
        }
 
        public void destroy() {
-               unregisterRepositoryServlets(ALIAS_NODE);
+               // unregisterRepositoryServlets(ALIAS_NODE);
        }
 
        void registerRepositoryServlets(String alias, Repository repository) {
@@ -97,10 +97,7 @@ class DataHttp implements KernelConstants, ArgeoJcrConstants {
                Properties ip = new Properties();
                ip.setProperty(WebdavServlet.INIT_PARAM_RESOURCE_CONFIG, WEBDAV_CONFIG);
                ip.setProperty(WebdavServlet.INIT_PARAM_RESOURCE_PATH_PREFIX, path);
-               // httpService.registerFilter(path, anonymous ? new AnonymousFilter()
-               // : new DavFilter(), null, null);
-               // Cast to servlet because of a weird behaviour in Eclipse
-               httpService.registerServlet(path, (Servlet) webdavServlet, ip,
+               httpService.registerServlet(path, webdavServlet, ip,
                                new DataHttpContext(anonymous));
        }
 
@@ -119,22 +116,10 @@ class DataHttp implements KernelConstants, ArgeoJcrConstants {
                ip.setProperty(RemotingServlet.INIT_PARAM_TMP_DIRECTORY, "remoting");
                // in order to avoid annoying warning.
                ip.setProperty(RemotingServlet.INIT_PARAM_PROTECTED_HANDLERS_CONFIG, "");
-               // Cast to servlet because of a weird behaviour in Eclipse
-               // httpService.registerFilter(path, anonymous ? new AnonymousFilter()
-               // : new DavFilter(), null, null);
-               httpService.registerServlet(path, (Servlet) remotingServlet, ip,
+               httpService.registerServlet(path, remotingServlet, ip,
                                new DataHttpContext(anonymous));
        }
 
-//     private X509Certificate extractCertificate(HttpServletRequest req) {
-//             X509Certificate[] certs = (X509Certificate[]) req
-//                             .getAttribute("javax.servlet.request.X509Certificate");
-//             if (null != certs && certs.length > 0) {
-//                     return certs[0];
-//             }
-//             return null;
-//     }
-
        private Subject subjectFromRequest(HttpServletRequest request) {
                Authorization authorization = (Authorization) request
                                .getAttribute(HttpContext.AUTHORIZATION);
@@ -172,7 +157,8 @@ class DataHttp implements KernelConstants, ArgeoJcrConstants {
                                return true;
                        }
 
-                       KernelUtils.logRequestHeaders(log, request);
+                       if (log.isTraceEnabled())
+                               KernelUtils.logRequestHeaders(log, request);
                        try {
                                new LoginContext(LOGIN_CONTEXT_USER,
                                                new HttpRequestCallbackHandler(request)).login();
@@ -191,7 +177,7 @@ class DataHttp implements KernelConstants, ArgeoJcrConstants {
                                                throw new CmsException("Could not login", e1);
                                        }
                                } else {
-                                       requestBasicAuth(request, response);
+                                       // requestBasicAuth(request, response);
                                        return false;
                                }
                        } catch (LoginException e) {
@@ -209,13 +195,13 @@ class DataHttp implements KernelConstants, ArgeoJcrConstants {
                        return null;
                }
 
-               private void requestBasicAuth(HttpServletRequest request,
-                               HttpServletResponse response) {
-                       response.setStatus(401);
-                       response.setHeader(HEADER_WWW_AUTHENTICATE, "basic realm=\""
-                                       + httpAuthRealm + "\"");
-                       // request.getSession().setAttribute(ATTR_AUTH, Boolean.TRUE);
-               }
+               // private void requestBasicAuth(HttpServletRequest request,
+               // HttpServletResponse response) {
+               // response.setStatus(401);
+               // response.setHeader(HEADER_WWW_AUTHENTICATE, "basic realm=\""
+               // + httpAuthRealm + "\"");
+               // // request.getSession().setAttribute(ATTR_AUTH, Boolean.TRUE);
+               // }
 
                private CallbackHandler basicAuth(final HttpServletRequest httpRequest) {
                        String authHeader = httpRequest.getHeader(HEADER_AUTHORIZATION);
@@ -318,6 +304,12 @@ class DataHttp implements KernelConstants, ArgeoJcrConstants {
                                IOException {
                        try {
                                Subject subject = subjectFromRequest(request);
+                               if (CurrentUser.isAnonymous(subject)
+                                               && request.getMethod().equals("GET")) {
+                                       response.setHeader("Cache-Control",
+                                                       "no-transform, public, max-age=300, s-maxage=900");
+                               }
+
                                Subject.doAs(subject, new PrivilegedExceptionAction<Void>() {
                                        @Override
                                        public Void run() throws Exception {