X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fkernel%2FDataHttp.java;h=2838180869995cde45789cc3c2d58fa485b5afb2;hb=b155c2b5a08499dcb6860769ac9521224fbf4d5d;hp=e409b65e155bbf5597d55b24c02313e4eb905179;hpb=2aa6004867ed2b2dea8929fb32e1a08ecc0248fb;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/DataHttp.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/DataHttp.java
index e409b65e1..283818086 100644
--- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/DataHttp.java
+++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/DataHttp.java
@@ -33,6 +33,7 @@ import org.apache.jackrabbit.server.remoting.davex.JcrRemotingServlet;
 import org.apache.jackrabbit.webdav.simple.SimpleWebdavServlet;
 import org.argeo.cms.CmsException;
 import org.argeo.cms.auth.AuthConstants;
+import org.argeo.cms.auth.CurrentUser;
 import org.argeo.cms.auth.HttpRequestCallback;
 import org.argeo.cms.auth.HttpRequestCallbackHandler;
 import org.argeo.jcr.ArgeoJcrConstants;
@@ -51,17 +52,17 @@ class DataHttp implements KernelConstants, ArgeoJcrConstants {
 
 	// private final static String ATTR_AUTH = "auth";
 	private final static String HEADER_AUTHORIZATION = "Authorization";
-	private final static String HEADER_WWW_AUTHENTICATE = "WWW-Authenticate";
+	// private final static String HEADER_WWW_AUTHENTICATE = "WWW-Authenticate";
 
 	private final HttpService httpService;
 
 	// FIXME Make it more unique
-	private String httpAuthRealm = "Argeo";
+	// private String httpAuthRealm = "Argeo";
 
 	// WebDav / JCR remoting
 	private OpenInViewSessionProvider sessionProvider;
 
-	DataHttp(HttpService httpService, NodeRepository node) {
+	DataHttp(HttpService httpService) {
 		this.httpService = httpService;
 		sessionProvider = new OpenInViewSessionProvider();
 		// registerRepositoryServlets(ALIAS_NODE, node);
@@ -176,7 +177,7 @@ class DataHttp implements KernelConstants, ArgeoJcrConstants {
 						throw new CmsException("Could not login", e1);
 					}
 				} else {
-					requestBasicAuth(request, response);
+					// requestBasicAuth(request, response);
 					return false;
 				}
 			} catch (LoginException e) {
@@ -194,13 +195,13 @@ class DataHttp implements KernelConstants, ArgeoJcrConstants {
 			return null;
 		}
 
-		private void requestBasicAuth(HttpServletRequest request,
-				HttpServletResponse response) {
-			response.setStatus(401);
-			response.setHeader(HEADER_WWW_AUTHENTICATE, "basic realm=\""
-					+ httpAuthRealm + "\"");
-			// request.getSession().setAttribute(ATTR_AUTH, Boolean.TRUE);
-		}
+		// private void requestBasicAuth(HttpServletRequest request,
+		// HttpServletResponse response) {
+		// response.setStatus(401);
+		// response.setHeader(HEADER_WWW_AUTHENTICATE, "basic realm=\""
+		// + httpAuthRealm + "\"");
+		// // request.getSession().setAttribute(ATTR_AUTH, Boolean.TRUE);
+		// }
 
 		private CallbackHandler basicAuth(final HttpServletRequest httpRequest) {
 			String authHeader = httpRequest.getHeader(HEADER_AUTHORIZATION);
@@ -303,7 +304,8 @@ class DataHttp implements KernelConstants, ArgeoJcrConstants {
 				IOException {
 			try {
 				Subject subject = subjectFromRequest(request);
-				if (request.getMethod().equals("GET")){
+				if (CurrentUser.isAnonymous(subject)
+						&& request.getMethod().equals("GET")) {
 					response.setHeader("Cache-Control",
 							"no-transform, public, max-age=300, s-maxage=900");
 				}