package org.argeo.cms.internal.kernel;
import java.io.IOException;
+import java.util.Enumeration;
import java.util.Properties;
import java.util.StringTokenizer;
import javax.servlet.FilterChain;
import javax.servlet.Servlet;
import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.argeo.cms.CmsException;
-import org.argeo.cms.internal.kernel.NodeHttp.AnonymousFilter;
-import org.argeo.cms.internal.kernel.NodeHttp.DavFilter;
import org.argeo.jackrabbit.servlet.OpenInViewSessionProvider;
import org.argeo.jackrabbit.servlet.RemotingServlet;
import org.argeo.jackrabbit.servlet.WebdavServlet;
import org.argeo.jcr.ArgeoJcrConstants;
import org.eclipse.equinox.http.servlet.ExtendedHttpService;
+import org.eclipse.jetty.servlets.DoSFilter;
import org.osgi.framework.BundleContext;
import org.osgi.service.http.NamespaceException;
import org.osgi.util.tracker.ServiceTracker;
private final static String HEADER_AUTHORIZATION = "Authorization";
private final static String HEADER_WWW_AUTHENTICATE = "WWW-Authenticate";
- static final String SPRING_SECURITY_CONTEXT_KEY = "SPRING_SECURITY_CONTEXT";
-
private final AuthenticationManager authenticationManager;
private final BundleContext bundleContext;
private ExtendedHttpService httpService;
// Filters
private final RootFilter rootFilter;
+ // private final DoSFilter dosFilter;
+ // private final QoSFilter qosFilter;
// remoting
private OpenInViewSessionProvider sessionProvider;
// Filters
rootFilter = new RootFilter();
+ // dosFilter = new CustomDosFilter();
+ // qosFilter = new QoSFilter();
// DAV
sessionProvider = new OpenInViewSessionProvider();
registerRemotingServlet(PATH_REMOTING_PRIVATE, ALIAS_NODE, false,
privateRemotingServlet);
- // httpService.registerFilter("/", rootFilter, null, null);
+ // httpService.registerFilter("/", dosFilter, null, null);
+ httpService.registerFilter("/", rootFilter, null, null);
+ // httpService.registerFilter("/", qosFilter, null, null);
} catch (Exception e) {
throw new CmsException("Cannot publish HTTP services to OSGi", e);
}
try {
String credentials = new String(Base64.decodeBase64(st
.nextToken()), "UTF-8");
- log.debug("Credentials: " + credentials);
+ // log.debug("Credentials: " + credentials);
int p = credentials.indexOf(":");
if (p != -1) {
String login = credentials.substring(0, p).trim();
.trim();
return new UsernamePasswordAuthenticationToken(
- login, password);
+ login, password.toCharArray());
} else {
throw new CmsException(
"Invalid authentication token");
public void doFilter(HttpSession httpSession,
HttpServletRequest request, HttpServletResponse response,
FilterChain filterChain) throws IOException, ServletException {
-
- // Authenticate from session
- if (isSessionAuthenticated(httpSession)) {
- filterChain.doFilter(request, response);
- return;
+ if (log.isTraceEnabled()) {
+ log.debug(request.getContextPath());
+ log.debug(request.getServletPath());
+ log.debug(request.getRequestURI());
+ log.debug(request.getQueryString());
+ StringBuilder buf = new StringBuilder();
+ Enumeration<String> en = request.getHeaderNames();
+ while (en.hasMoreElements()) {
+ String header = en.nextElement();
+ Enumeration<String> values = request.getHeaders(header);
+ while (values.hasMoreElements())
+ buf.append(" " + header + ": " + values.nextElement());
+ buf.append('\n');
+ }
+ log.debug("\n" + buf);
}
- // TODO Kerberos
-
- // TODO Certificate
+ String servletPath = request.getServletPath();
- // Process basic auth
- String basicAuth = request.getHeader(HEADER_AUTHORIZATION);
- if (basicAuth != null) {
- UsernamePasswordAuthenticationToken token = basicAuth(basicAuth);
- Authentication auth = authenticationManager.authenticate(token);
- SecurityContextHolder.getContext().setAuthentication(auth);
- httpSession.setAttribute(SPRING_SECURITY_CONTEXT_KEY,
- SecurityContextHolder.getContext());
- httpSession.setAttribute(ATTR_AUTH, Boolean.FALSE);
+ // skip data
+ if (servletPath.startsWith(PATH_DATA)) {
filterChain.doFilter(request, response);
return;
}
- Boolean doBasicAuth = true;
- if (doBasicAuth) {
- requestBasicAuth(httpSession, response);
- // skip filter chain
+ // redirect long RWT paths to anchor
+ String path = request.getRequestURI()
+ .substring(servletPath.length()).trim();
+ if (!servletPath.endsWith("rwt-resources") && !path.equals("")
+ && !path.equals("/")) {
+ String newLocation = request.getServletPath() + "#" + path;
+ response.setHeader("Location", newLocation);
+ response.setStatus(HttpServletResponse.SC_FOUND);
return;
}
- // TODO Login page
-
- // Anonymous
- KernelUtils.anonymousLogin(authenticationManager);
+ // process normally
filterChain.doFilter(request, response);
}
}
FilterChain filterChain) throws IOException, ServletException {
// Authenticate from session
- if (isSessionAuthenticated(httpSession)) {
- filterChain.doFilter(request, response);
- return;
- }
+ // if (isSessionAuthenticated(httpSession)) {
+ // filterChain.doFilter(request, response);
+ // return;
+ // }
// Process basic auth
String basicAuth = request.getHeader(HEADER_AUTHORIZATION);
}
}
+ class CustomDosFilter extends DoSFilter {
+ @Override
+ protected String extractUserId(ServletRequest request) {
+ HttpSession httpSession = ((HttpServletRequest) request)
+ .getSession();
+ if (isSessionAuthenticated(httpSession)) {
+ String userId = ((SecurityContext) httpSession
+ .getAttribute(SPRING_SECURITY_CONTEXT_KEY))
+ .getAuthentication().getName();
+ return userId;
+ }
+ return super.extractUserId(request);
+
+ }
+ }
}