]> git.argeo.org Git - lgpl/argeo-commons.git/blobdiff - org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeHttp.java
projects / lgpl / argeo-commons.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Rather take the first found image than the last one.
[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / internal / kernel / NodeHttp.java
diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeHttp.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeHttp.java
index 418771d981669295308a51958aa6b979e0a38385..27083aeaba11812fd219ac60ab7e950ee3c01114 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeHttp.java
+++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeHttp.java
@@ -1,37 +1,37 @@
 package org.argeo.cms.internal.kernel;
 
-import static org.argeo.jackrabbit.servlet.WebdavServlet.INIT_PARAM_RESOURCE_CONFIG;
+import static javax.jcr.Property.JCR_DESCRIPTION;
+import static javax.jcr.Property.JCR_LAST_MODIFIED;
+import static javax.jcr.Property.JCR_TITLE;
+import static org.argeo.cms.CmsTypes.CMS_IMAGE;
 
 import java.io.IOException;
+import java.io.PrintWriter;
+import java.security.PrivilegedExceptionAction;
 import java.security.cert.X509Certificate;
+import java.util.Calendar;
 import java.util.Enumeration;
-import java.util.Properties;
-import java.util.StringTokenizer;
 
+import javax.jcr.Node;
+import javax.jcr.NodeIterator;
 import javax.jcr.Repository;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.security.auth.Subject;
 import javax.servlet.FilterChain;
-import javax.servlet.Servlet;
 import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
-import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.argeo.cms.CmsException;
-import org.argeo.jackrabbit.servlet.OpenInViewSessionProvider;
-import org.argeo.jackrabbit.servlet.RemotingServlet;
-import org.argeo.jackrabbit.servlet.WebdavServlet;
+import org.argeo.cms.util.CmsUtils;
 import org.argeo.jcr.ArgeoJcrConstants;
-import org.argeo.security.NodeAuthenticationToken;
+import org.argeo.jcr.JcrUtils;
 import org.eclipse.equinox.http.servlet.ExtendedHttpService;
-import org.osgi.service.http.NamespaceException;
-import org.springframework.security.authentication.AuthenticationManager;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContext;
-import org.springframework.security.core.context.SecurityContextHolder;
 
 /**
  * Intercepts and enriches http access, mainly focusing on security and
@@ -40,133 +40,190 @@ import org.springframework.security.core.context.SecurityContextHolder;
 class NodeHttp implements KernelConstants, ArgeoJcrConstants {
        private final static Log log = LogFactory.getLog(NodeHttp.class);
 
-       private final static String ATTR_AUTH = "auth";
-       private final static String HEADER_AUTHORIZATION = "Authorization";
-       private final static String HEADER_WWW_AUTHENTICATE = "WWW-Authenticate";
-
-       private final AuthenticationManager authenticationManager;
-       private final ExtendedHttpService httpService;
-
-       // FIXME Make it more unique
-       private String httpAuthRealm = "Argeo";
-
        // Filters
-       private final RootFilter rootFilter;
+       // private final RootFilter rootFilter;
+
        // private final DoSFilter dosFilter;
        // private final QoSFilter qosFilter;
 
-       // WebDav / JCR remoting
-       private OpenInViewSessionProvider sessionProvider;
+       private Repository repository;
 
-       NodeHttp(ExtendedHttpService httpService, JackrabbitNode node,
-                       NodeSecurity authenticationManager) {
-               // this.bundleContext = bundleContext;
-               this.authenticationManager = authenticationManager;
-
-               this.httpService = httpService;
-
-               // Filters
-               rootFilter = new RootFilter();
+       NodeHttp(ExtendedHttpService httpService, NodeRepository node) {
+               this.repository = node;
+               // rootFilter = new RootFilter();
                // dosFilter = new CustomDosFilter();
                // qosFilter = new QoSFilter();
 
-               // DAV
-               sessionProvider = new OpenInViewSessionProvider();
-
                try {
-                       registerWebdavServlet(ALIAS_NODE, node, true);
-                       registerWebdavServlet(ALIAS_NODE, node, false);
-                       registerRemotingServlet(ALIAS_NODE, node, true);
-                       registerRemotingServlet(ALIAS_NODE, node, false);
-
-                       httpService.registerFilter("/", rootFilter, null, null);
+                       httpService.registerServlet("/!", new LinkServlet(repository),
+                                       null, null);
+                       httpService.registerServlet("/robots.txt", new RobotServlet(),
+                                       null, null);
                } catch (Exception e) {
-                       throw new CmsException("Could not initialise http", e);
+                       throw new CmsException("Cannot register filters", e);
                }
        }
 
        public void destroy() {
-               sessionProvider.destroy();
        }
 
-       void registerWebdavServlet(String alias, Repository repository,
-                       boolean anonymous) throws NamespaceException, ServletException {
-               WebdavServlet webdavServlet = new WebdavServlet(repository,
-                               sessionProvider);
-               String pathPrefix = anonymous ? WEBDAV_PUBLIC : WEBDAV_PRIVATE;
-               String path = pathPrefix + "/" + alias;
-               Properties ip = new Properties();
-               ip.setProperty(INIT_PARAM_RESOURCE_CONFIG, WEBDAV_CONFIG);
-               ip.setProperty(WebdavServlet.INIT_PARAM_RESOURCE_PATH_PREFIX, path);
-               httpService.registerFilter(path, anonymous ? new AnonymousFilter()
-                               : new DavFilter(), null, null);
-               // Cast to servlet because of a weird behaviour in Eclipse
-               httpService.registerServlet(path, (Servlet) webdavServlet, ip, null);
-       }
+       static class LinkServlet extends HttpServlet {
+               private static final long serialVersionUID = 3749990143146845708L;
+               private final Repository repository;
 
-       void registerRemotingServlet(String alias, Repository repository,
-                       boolean anonymous) throws NamespaceException, ServletException {
-               String pathPrefix = anonymous ? REMOTING_PUBLIC : REMOTING_PRIVATE;
-               RemotingServlet remotingServlet = new RemotingServlet(repository,
-                               sessionProvider);
-               String path = pathPrefix + "/" + alias;
-               Properties ip = new Properties();
-               ip.setProperty(RemotingServlet.INIT_PARAM_RESOURCE_PATH_PREFIX, path);
-
-               // Looks like a bug in Jackrabbit remoting init
-               ip.setProperty(RemotingServlet.INIT_PARAM_HOME,
-                               KernelUtils.getOsgiInstanceDir() + "/tmp/jackrabbit");
-               ip.setProperty(RemotingServlet.INIT_PARAM_TMP_DIRECTORY, "remoting");
-               // Cast to servlet because of a weird behaviour in Eclipse
-               httpService.registerFilter(path, anonymous ? new AnonymousFilter()
-                               : new DavFilter(), null, null);
-               httpService.registerServlet(path, (Servlet) remotingServlet, ip, null);
-       }
+               public LinkServlet(Repository repository) {
+                       this.repository = repository;
+               }
 
-       private Boolean isSessionAuthenticated(HttpSession httpSession) {
-               SecurityContext contextFromSession = (SecurityContext) httpSession
-                               .getAttribute(SPRING_SECURITY_CONTEXT_KEY);
-               return contextFromSession != null;
-       }
+               @Override
+               protected void service(HttpServletRequest request,
+                               HttpServletResponse response) throws ServletException,
+                               IOException {
+                       String path = request.getPathInfo();
+                       String userAgent = request.getHeader("User-Agent").toLowerCase();
+                       boolean isBot = false;
+                       boolean isCompatibleBrowser = false;
+                       if (userAgent.contains("bot") || userAgent.contains("facebook")
+                                       || userAgent.contains("twitter")) {
+                               isBot = true;
+                       } else if (userAgent.contains("webkit")
+                                       || userAgent.contains("gecko")
+                                       || userAgent.contains("firefox")
+                                       || userAgent.contains("msie")
+                                       || userAgent.contains("chrome")
+                                       || userAgent.contains("chromium")
+                                       || userAgent.contains("opera")
+                                       || userAgent.contains("browser")) {
+                               isCompatibleBrowser = true;
+                       }
 
-       private void requestBasicAuth(HttpSession httpSession,
-                       HttpServletResponse response) {
-               response.setStatus(401);
-               response.setHeader(HEADER_WWW_AUTHENTICATE, "basic realm=\""
-                               + httpAuthRealm + "\"");
-               httpSession.setAttribute(ATTR_AUTH, Boolean.TRUE);
-       }
+                       if (isBot) {
+                               log.warn("# BOT " + request.getHeader("User-Agent"));
+                               canonicalAnswer(request, response, path);
+                               return;
+                       }
+
+                       if (isCompatibleBrowser && log.isTraceEnabled())
+                               log.trace("# BWS " + request.getHeader("User-Agent"));
+                       redirectTo(response, "/#" + path);
+               }
+
+               private void redirectTo(HttpServletResponse response, String location) {
+                       response.setHeader("Location", location);
+                       response.setStatus(HttpServletResponse.SC_FOUND);
+               }
 
-       private NodeAuthenticationToken basicAuth(String authHeader) {
-               if (authHeader != null) {
-                       StringTokenizer st = new StringTokenizer(authHeader);
-                       if (st.hasMoreTokens()) {
-                               String basic = st.nextToken();
-                               if (basic.equalsIgnoreCase("Basic")) {
-                                       try {
-                                               String credentials = new String(Base64.decodeBase64(st
-                                                               .nextToken()), "UTF-8");
-                                               // log.debug("Credentials: " + credentials);
-                                               int p = credentials.indexOf(":");
-                                               if (p != -1) {
-                                                       String login = credentials.substring(0, p).trim();
-                                                       String password = credentials.substring(p + 1)
-                                                                       .trim();
-
-                                                       return new NodeAuthenticationToken(login,
-                                                                       password.toCharArray());
-                                               } else {
-                                                       throw new CmsException(
-                                                                       "Invalid authentication token");
-                                               }
-                                       } catch (Exception e) {
-                                               throw new CmsException(
-                                                               "Couldn't retrieve authentication", e);
+               // private boolean canonicalAnswerNeededBy(HttpServletRequest request) {
+               // String userAgent = request.getHeader("User-Agent").toLowerCase();
+               // return userAgent.startsWith("facebookexternalhit/");
+               // }
+
+               /** For bots which don't understand RWT. */
+               private void canonicalAnswer(HttpServletRequest request,
+                               HttpServletResponse response, String path) {
+                       Session session = null;
+                       try {
+                               PrintWriter writer = response.getWriter();
+                               session = Subject.doAs(KernelUtils.anonymousLogin(),
+                                               new PrivilegedExceptionAction<Session>() {
+
+                                                       @Override
+                                                       public Session run() throws Exception {
+                                                               return repository.login();
+                                                       }
+
+                                               });
+                               Node node = session.getNode(path);
+                               String title = node.hasProperty(JCR_TITLE) ? node.getProperty(
+                                               JCR_TITLE).getString() : node.getName();
+                               String desc = node.hasProperty(JCR_DESCRIPTION) ? node
+                                               .getProperty(JCR_DESCRIPTION).getString() : null;
+                               Calendar lastUpdate = node.hasProperty(JCR_LAST_MODIFIED) ? node
+                                               .getProperty(JCR_LAST_MODIFIED).getDate() : null;
+                               String url = CmsUtils.getCanonicalUrl(node, request);
+                               String imgUrl = null;
+                               loop: for (NodeIterator it = node.getNodes(); it.hasNext();) {
+                                       // Takes the first found cms:image
+                                       Node child = it.nextNode();
+                                       if (child.isNodeType(CMS_IMAGE)){
+                                               imgUrl = CmsUtils.getDataUrl(child, request);
+                                               break loop;
                                        }
                                }
+                               StringBuilder buf = new StringBuilder();
+                               buf.append("<html>");
+                               buf.append("<head>");
+                               writeMeta(buf, "og:title", title);
+                               writeMeta(buf, "og:type", "website");
+                               buf.append("<meta name='twitter:card' content='summary' />");
+                               buf.append("<meta name='twitter:site' content='@argeo_org' />");
+                               writeMeta(buf, "og:url", url);
+                               if (desc != null)
+                                       writeMeta(buf, "og:description", desc);
+                               if (imgUrl != null)
+                                       writeMeta(buf, "og:image", imgUrl);
+                               if (lastUpdate != null)
+                                       writeMeta(buf, "og:updated_time",
+                                                       Long.toString(lastUpdate.getTime().getTime()));
+                               buf.append("</head>");
+                               buf.append("<body>");
+                               buf.append(
+                                               "<p><b>!! This page is meant for indexing robots, not for real people,"
+                                                               + " visit <a href='/#").append(path)
+                                               .append("'>").append(title)
+                                               .append("</a> instead.</b></p>");
+                               writeCanonical(buf, node);
+                               buf.append("</body>");
+                               buf.append("</html>");
+                               writer.print(buf.toString());
+
+                               response.setHeader("Content-Type", "text/html");
+                               writer.flush();
+                       } catch (Exception e) {
+                               throw new CmsException("Cannot write canonical answer", e);
+                       } finally {
+                               JcrUtils.logoutQuietly(session);
                        }
                }
-               throw new CmsException("Couldn't retrieve authentication");
+
+               private void writeMeta(StringBuilder buf, String tag, String value) {
+                       buf.append("<meta property='").append(tag).append("' content='")
+                                       .append(value).append("'/>");
+               }
+
+               private void writeCanonical(StringBuilder buf, Node node)
+                               throws RepositoryException {
+                       buf.append("<div>");
+                       if (node.hasProperty(JCR_TITLE))
+                               buf.append("<p>")
+                                               .append(node.getProperty(JCR_TITLE).getString())
+                                               .append("</p>");
+                       if (node.hasProperty(JCR_DESCRIPTION))
+                               buf.append("<p>")
+                                               .append(node.getProperty(JCR_DESCRIPTION).getString())
+                                               .append("</p>");
+                       NodeIterator children = node.getNodes();
+                       while (children.hasNext()) {
+                               writeCanonical(buf, children.nextNode());
+                       }
+                       buf.append("</div>");
+               }
+       }
+
+       class RobotServlet extends HttpServlet {
+               private static final long serialVersionUID = 7935661175336419089L;
+
+               @Override
+               protected void service(HttpServletRequest request,
+                               HttpServletResponse response) throws ServletException,
+                               IOException {
+                       PrintWriter writer = response.getWriter();
+                       writer.append("User-agent: *\n");
+                       writer.append("Disallow:\n");
+                       response.setHeader("Content-Type", "text/plain");
+                       writer.flush();
+               }
+
        }
 
        /** Intercepts all requests. Authenticates. */
@@ -176,8 +233,12 @@ class NodeHttp implements KernelConstants, ArgeoJcrConstants {
                public void doFilter(HttpSession httpSession,
                                HttpServletRequest request, HttpServletResponse response,
                                FilterChain filterChain) throws IOException, ServletException {
-                       if (log.isTraceEnabled())
+                       if (log.isTraceEnabled()) {
+                               log.trace(request.getRequestURL().append(
+                                               request.getQueryString() != null ? "?"
+                                                               + request.getQueryString() : ""));
                                logRequest(request);
+                       }
 
                        String servletPath = request.getServletPath();
 
@@ -207,7 +268,8 @@ class NodeHttp implements KernelConstants, ArgeoJcrConstants {
                        int pathLength = path.length();
                        if (pathLength != 0 && (path.charAt(0) == '/')
                                        && !servletPath.endsWith("rwt-resources")
-                                       && !path.equals("/")) {
+                                       && !path.startsWith(KernelConstants.PATH_WORKBENCH)
+                                       && path.lastIndexOf('/') != 0) {
                                String newLocation = request.getServletPath() + "#" + path;
                                response.setHeader("Location", newLocation);
                                response.setStatus(HttpServletResponse.SC_FOUND);
@@ -220,10 +282,10 @@ class NodeHttp implements KernelConstants, ArgeoJcrConstants {
        }
 
        private void logRequest(HttpServletRequest request) {
-               log.debug(request.getContextPath());
-               log.debug(request.getServletPath());
-               log.debug(request.getRequestURI());
-               log.debug(request.getQueryString());
+               log.debug("contextPath=" + request.getContextPath());
+               log.debug("servletPath=" + request.getServletPath());
+               log.debug("requestURI=" + request.getRequestURI());
+               log.debug("queryString=" + request.getQueryString());
                StringBuilder buf = new StringBuilder();
                // headers
                Enumeration<String> en = request.getHeaderNames();
@@ -255,55 +317,6 @@ class NodeHttp implements KernelConstants, ArgeoJcrConstants {
                return null;
        }
 
-       /** Intercepts all requests. Authenticates. */
-       private class AnonymousFilter extends HttpFilter {
-               @Override
-               public void doFilter(HttpSession httpSession,
-                               HttpServletRequest request, HttpServletResponse response,
-                               FilterChain filterChain) throws IOException, ServletException {
-
-                       // Authenticate from session
-                       if (isSessionAuthenticated(httpSession)) {
-                               filterChain.doFilter(request, response);
-                               return;
-                       }
-
-                       KernelUtils.anonymousLogin(authenticationManager);
-                       filterChain.doFilter(request, response);
-               }
-       }
-
-       /** Intercepts all requests. Authenticates. */
-       private class DavFilter extends HttpFilter {
-
-               @Override
-               public void doFilter(HttpSession httpSession,
-                               HttpServletRequest request, HttpServletResponse response,
-                               FilterChain filterChain) throws IOException, ServletException {
-
-                       // Authenticate from session
-                       // if (isSessionAuthenticated(httpSession)) {
-                       // filterChain.doFilter(request, response);
-                       // return;
-                       // }
-
-                       // Process basic auth
-                       String basicAuth = request.getHeader(HEADER_AUTHORIZATION);
-                       if (basicAuth != null) {
-                               UsernamePasswordAuthenticationToken token = basicAuth(basicAuth);
-                               Authentication auth = authenticationManager.authenticate(token);
-                               SecurityContextHolder.getContext().setAuthentication(auth);
-                               httpSession.setAttribute(SPRING_SECURITY_CONTEXT_KEY,
-                                               SecurityContextHolder.getContext());
-                               httpSession.setAttribute(ATTR_AUTH, Boolean.FALSE);
-                               filterChain.doFilter(request, response);
-                               return;
-                       }
-
-                       requestBasicAuth(httpSession, response);
-               }
-       }
-
        // class CustomDosFilter extends DoSFilter {
        // @Override
        // protected String extractUserId(ServletRequest request) {
Argeo Commons - Lightweight integration framework in pure Java/OSGi