X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fkernel%2FDataHttp.java;h=2838180869995cde45789cc3c2d58fa485b5afb2;hb=0dfcfef53a629cf38bade4f8605c5b7e507c7436;hp=ebf483a7a24b087bd80bf991301a16a7918ecc6b;hpb=0af549d05ec45b5e31df9026b6627de9038d39eb;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/DataHttp.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/DataHttp.java index ebf483a7a..283818086 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/DataHttp.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/DataHttp.java @@ -33,6 +33,7 @@ import org.apache.jackrabbit.server.remoting.davex.JcrRemotingServlet; import org.apache.jackrabbit.webdav.simple.SimpleWebdavServlet; import org.argeo.cms.CmsException; import org.argeo.cms.auth.AuthConstants; +import org.argeo.cms.auth.CurrentUser; import org.argeo.cms.auth.HttpRequestCallback; import org.argeo.cms.auth.HttpRequestCallbackHandler; import org.argeo.jcr.ArgeoJcrConstants; @@ -51,17 +52,17 @@ class DataHttp implements KernelConstants, ArgeoJcrConstants { // private final static String ATTR_AUTH = "auth"; private final static String HEADER_AUTHORIZATION = "Authorization"; - private final static String HEADER_WWW_AUTHENTICATE = "WWW-Authenticate"; + // private final static String HEADER_WWW_AUTHENTICATE = "WWW-Authenticate"; private final HttpService httpService; // FIXME Make it more unique - private String httpAuthRealm = "Argeo"; + // private String httpAuthRealm = "Argeo"; // WebDav / JCR remoting private OpenInViewSessionProvider sessionProvider; - DataHttp(HttpService httpService, NodeRepository node) { + DataHttp(HttpService httpService) { this.httpService = httpService; sessionProvider = new OpenInViewSessionProvider(); // registerRepositoryServlets(ALIAS_NODE, node); @@ -176,7 +177,7 @@ class DataHttp implements KernelConstants, ArgeoJcrConstants { throw new CmsException("Could not login", e1); } } else { - requestBasicAuth(request, response); + // requestBasicAuth(request, response); return false; } } catch (LoginException e) { @@ -194,13 +195,13 @@ class DataHttp implements KernelConstants, ArgeoJcrConstants { return null; } - private void requestBasicAuth(HttpServletRequest request, - HttpServletResponse response) { - response.setStatus(401); - response.setHeader(HEADER_WWW_AUTHENTICATE, "basic realm=\"" - + httpAuthRealm + "\""); - // request.getSession().setAttribute(ATTR_AUTH, Boolean.TRUE); - } + // private void requestBasicAuth(HttpServletRequest request, + // HttpServletResponse response) { + // response.setStatus(401); + // response.setHeader(HEADER_WWW_AUTHENTICATE, "basic realm=\"" + // + httpAuthRealm + "\""); + // // request.getSession().setAttribute(ATTR_AUTH, Boolean.TRUE); + // } private CallbackHandler basicAuth(final HttpServletRequest httpRequest) { String authHeader = httpRequest.getHeader(HEADER_AUTHORIZATION); @@ -303,6 +304,12 @@ class DataHttp implements KernelConstants, ArgeoJcrConstants { IOException { try { Subject subject = subjectFromRequest(request); + if (CurrentUser.isAnonymous(subject) + && request.getMethod().equals("GET")) { + response.setHeader("Cache-Control", + "no-transform, public, max-age=300, s-maxage=900"); + } + Subject.doAs(subject, new PrivilegedExceptionAction() { @Override public Void run() throws Exception {