import javax.security.auth.login.CredentialNotFoundException;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
-import javax.servlet.Servlet;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.jackrabbit.webdav.simple.SimpleWebdavServlet;
import org.argeo.cms.CmsException;
import org.argeo.cms.auth.AuthConstants;
+import org.argeo.cms.auth.CurrentUser;
import org.argeo.cms.auth.HttpRequestCallback;
import org.argeo.cms.auth.HttpRequestCallbackHandler;
import org.argeo.jcr.ArgeoJcrConstants;
// WebDav / JCR remoting
private OpenInViewSessionProvider sessionProvider;
- DataHttp(HttpService httpService, NodeRepository node) {
+ DataHttp(HttpService httpService) {
this.httpService = httpService;
sessionProvider = new OpenInViewSessionProvider();
- registerRepositoryServlets(ALIAS_NODE, node);
+ // registerRepositoryServlets(ALIAS_NODE, node);
}
public void destroy() {
- unregisterRepositoryServlets(ALIAS_NODE);
+ // unregisterRepositoryServlets(ALIAS_NODE);
}
void registerRepositoryServlets(String alias, Repository repository) {
registerRemotingServlet(alias, repository, true);
registerRemotingServlet(alias, repository, false);
} catch (Exception e) {
- throw new CmsException(
- "Could not register servlets for repository " + alias, e);
+ throw new CmsException("Could not register servlets for repository " + alias, e);
}
}
// FIXME unregister servlets
}
- void registerWebdavServlet(String alias, Repository repository,
- boolean anonymous) throws NamespaceException, ServletException {
- WebdavServlet webdavServlet = new WebdavServlet(repository,
- sessionProvider);
+ void registerWebdavServlet(String alias, Repository repository, boolean anonymous)
+ throws NamespaceException, ServletException {
+ WebdavServlet webdavServlet = new WebdavServlet(repository, sessionProvider);
String pathPrefix = anonymous ? WEBDAV_PUBLIC : WEBDAV_PRIVATE;
String path = pathPrefix + "/" + alias;
Properties ip = new Properties();
ip.setProperty(WebdavServlet.INIT_PARAM_RESOURCE_CONFIG, WEBDAV_CONFIG);
ip.setProperty(WebdavServlet.INIT_PARAM_RESOURCE_PATH_PREFIX, path);
- // httpService.registerFilter(path, anonymous ? new AnonymousFilter()
- // : new DavFilter(), null, null);
- // Cast to servlet because of a weird behaviour in Eclipse
- httpService.registerServlet(path, (Servlet) webdavServlet, ip,
- new DataHttpContext(anonymous));
+ httpService.registerServlet(path, webdavServlet, ip, new DataHttpContext(anonymous));
}
- void registerRemotingServlet(String alias, Repository repository,
- boolean anonymous) throws NamespaceException, ServletException {
+ void registerRemotingServlet(String alias, Repository repository, boolean anonymous)
+ throws NamespaceException, ServletException {
String pathPrefix = anonymous ? REMOTING_PUBLIC : REMOTING_PRIVATE;
- RemotingServlet remotingServlet = new RemotingServlet(repository,
- sessionProvider);
+ RemotingServlet remotingServlet = new RemotingServlet(repository, sessionProvider);
String path = pathPrefix + "/" + alias;
Properties ip = new Properties();
ip.setProperty(JcrRemotingServlet.INIT_PARAM_RESOURCE_PATH_PREFIX, path);
// Looks like a bug in Jackrabbit remoting init
- ip.setProperty(RemotingServlet.INIT_PARAM_HOME,
- KernelUtils.getOsgiInstanceDir() + "/tmp/jackrabbit");
+ ip.setProperty(RemotingServlet.INIT_PARAM_HOME, KernelUtils.getOsgiInstanceDir() + "/tmp/jackrabbit");
ip.setProperty(RemotingServlet.INIT_PARAM_TMP_DIRECTORY, "remoting");
// in order to avoid annoying warning.
ip.setProperty(RemotingServlet.INIT_PARAM_PROTECTED_HANDLERS_CONFIG, "");
- // Cast to servlet because of a weird behaviour in Eclipse
- // httpService.registerFilter(path, anonymous ? new AnonymousFilter()
- // : new DavFilter(), null, null);
- httpService.registerServlet(path, (Servlet) remotingServlet, ip,
- new DataHttpContext(anonymous));
+ httpService.registerServlet(path, remotingServlet, ip, new DataHttpContext(anonymous));
}
-// private X509Certificate extractCertificate(HttpServletRequest req) {
-// X509Certificate[] certs = (X509Certificate[]) req
-// .getAttribute("javax.servlet.request.X509Certificate");
-// if (null != certs && certs.length > 0) {
-// return certs[0];
-// }
-// return null;
-// }
-
private Subject subjectFromRequest(HttpServletRequest request) {
- Authorization authorization = (Authorization) request
- .getAttribute(HttpContext.AUTHORIZATION);
+ Authorization authorization = (Authorization) request.getAttribute(HttpContext.AUTHORIZATION);
if (authorization == null)
throw new CmsException("Not authenticated");
try {
- LoginContext lc = new LoginContext(
- AuthConstants.LOGIN_CONTEXT_USER,
+ LoginContext lc = new LoginContext(AuthConstants.LOGIN_CONTEXT_USER,
new HttpRequestCallbackHandler(request));
lc.login();
return lc.getSubject();
}
@Override
- public boolean handleSecurity(final HttpServletRequest request,
- HttpServletResponse response) throws IOException {
+ public boolean handleSecurity(final HttpServletRequest request, HttpServletResponse response)
+ throws IOException {
if (anonymous) {
Subject subject = KernelUtils.anonymousLogin();
- Authorization authorization = subject
- .getPrivateCredentials(Authorization.class).iterator()
- .next();
+ Authorization authorization = subject.getPrivateCredentials(Authorization.class).iterator().next();
request.setAttribute(REMOTE_USER, AuthConstants.ROLE_ANONYMOUS);
request.setAttribute(AUTHORIZATION, authorization);
return true;
}
- KernelUtils.logRequestHeaders(log, request);
+ if (log.isTraceEnabled())
+ KernelUtils.logRequestHeaders(log, request);
try {
- new LoginContext(LOGIN_CONTEXT_USER,
- new HttpRequestCallbackHandler(request)).login();
+ new LoginContext(LOGIN_CONTEXT_USER, new HttpRequestCallbackHandler(request)).login();
return true;
} catch (CredentialNotFoundException e) {
CallbackHandler token = basicAuth(request);
if (token != null) {
try {
- LoginContext lc = new LoginContext(LOGIN_CONTEXT_USER,
- token);
+ LoginContext lc = new LoginContext(LOGIN_CONTEXT_USER, token);
lc.login();
// Note: this is impossible to reliably clear the
// authorization header when access from a browser.
throw new CmsException("Could not login", e1);
}
} else {
- requestBasicAuth(request, response);
+ String path = request.getServletPath();
+ if (path.startsWith(REMOTING_PRIVATE))
+ requestBasicAuth(request, response);
return false;
}
} catch (LoginException e) {
return null;
}
- private void requestBasicAuth(HttpServletRequest request,
- HttpServletResponse response) {
+ private void requestBasicAuth(HttpServletRequest request, HttpServletResponse response) {
response.setStatus(401);
- response.setHeader(HEADER_WWW_AUTHENTICATE, "basic realm=\""
- + httpAuthRealm + "\"");
+ response.setHeader(HEADER_WWW_AUTHENTICATE, "basic realm=\"" + httpAuthRealm + "\"");
// request.getSession().setAttribute(ATTR_AUTH, Boolean.TRUE);
}
if (basic.equalsIgnoreCase("Basic")) {
try {
// TODO manipulate char[]
- String credentials = new String(
- Base64.decodeBase64(st.nextToken()),
- "UTF-8");
+ String credentials = new String(Base64.decodeBase64(st.nextToken()), "UTF-8");
// log.debug("Credentials: " + credentials);
int p = credentials.indexOf(":");
if (p != -1) {
- final String login = credentials
- .substring(0, p).trim();
- final char[] password = credentials
- .substring(p + 1).trim().toCharArray();
+ final String login = credentials.substring(0, p).trim();
+ final char[] password = credentials.substring(p + 1).trim().toCharArray();
return new CallbackHandler() {
public void handle(Callback[] callbacks) {
for (Callback cb : callbacks) {
if (cb instanceof NameCallback)
- ((NameCallback) cb)
- .setName(login);
+ ((NameCallback) cb).setName(login);
else if (cb instanceof PasswordCallback)
- ((PasswordCallback) cb)
- .setPassword(password);
+ ((PasswordCallback) cb).setPassword(password);
else if (cb instanceof HttpRequestCallback)
- ((HttpRequestCallback) cb)
- .setRequest(httpRequest);
+ ((HttpRequestCallback) cb).setRequest(httpRequest);
}
}
};
} else {
- throw new CmsException(
- "Invalid authentication token");
+ throw new CmsException("Invalid authentication token");
}
} catch (Exception e) {
- throw new CmsException(
- "Couldn't retrieve authentication", e);
+ throw new CmsException("Couldn't retrieve authentication", e);
}
}
}
* Implements an open session in view patter: a new JCR session is created
* for each request
*/
- private class OpenInViewSessionProvider implements SessionProvider,
- Serializable {
+ private class OpenInViewSessionProvider implements SessionProvider, Serializable {
private static final long serialVersionUID = 2270957712453841368L;
- public Session getSession(HttpServletRequest request, Repository rep,
- String workspace) throws javax.jcr.LoginException,
- ServletException, RepositoryException {
+ public Session getSession(HttpServletRequest request, Repository rep, String workspace)
+ throws javax.jcr.LoginException, ServletException, RepositoryException {
return login(request, rep, workspace);
}
- protected Session login(HttpServletRequest request,
- Repository repository, String workspace)
+ protected Session login(HttpServletRequest request, Repository repository, String workspace)
throws RepositoryException {
if (log.isTraceEnabled())
- log.trace("Login to workspace "
- + (workspace == null ? "<default>" : workspace)
- + " in web session " + request.getSession().getId());
+ log.trace("Login to workspace " + (workspace == null ? "<default>" : workspace) + " in web session "
+ + request.getSession().getId());
return repository.login(workspace);
}
private static final long serialVersionUID = -4687354117811443881L;
private final Repository repository;
- public WebdavServlet(Repository repository,
- SessionProvider sessionProvider) {
+ public WebdavServlet(Repository repository, SessionProvider sessionProvider) {
this.repository = repository;
setSessionProvider(sessionProvider);
}
}
@Override
- protected void service(final HttpServletRequest request,
- final HttpServletResponse response) throws ServletException,
- IOException {
+ protected void service(final HttpServletRequest request, final HttpServletResponse response)
+ throws ServletException, IOException {
try {
Subject subject = subjectFromRequest(request);
+ if (CurrentUser.isAnonymous(subject) && request.getMethod().equals("GET")) {
+ response.setHeader("Cache-Control", "no-transform, public, max-age=300, s-maxage=900");
+ }
+
Subject.doAs(subject, new PrivilegedExceptionAction<Void>() {
@Override
public Void run() throws Exception {
}
});
} catch (PrivilegedActionException e) {
- throw new CmsException("Cannot process webdav request",
- e.getException());
+ throw new CmsException("Cannot process webdav request", e.getException());
}
}
}
private final Repository repository;
private final SessionProvider sessionProvider;
- public RemotingServlet(Repository repository,
- SessionProvider sessionProvider) {
+ public RemotingServlet(Repository repository, SessionProvider sessionProvider) {
this.repository = repository;
this.sessionProvider = sessionProvider;
}
}
@Override
- protected void service(final HttpServletRequest request,
- final HttpServletResponse response) throws ServletException,
- IOException {
+ protected void service(final HttpServletRequest request, final HttpServletResponse response)
+ throws ServletException, IOException {
try {
Subject subject = subjectFromRequest(request);
Subject.doAs(subject, new PrivilegedExceptionAction<Void>() {
}
});
} catch (PrivilegedActionException e) {
- throw new CmsException("Cannot process JCR remoting request",
- e.getException());
+ throw new CmsException("Cannot process JCR remoting request", e.getException());
}
}
}
projects / lgpl / argeo-commons.git / blobdiff