X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fkernel%2FDataHttp.java;h=2838180869995cde45789cc3c2d58fa485b5afb2;hb=c4d496e7b3c9381e5165728a5b2e07b687880f52;hp=ab9211a5439fc0ab02368107628ffe53d8a18fb8;hpb=86db10fcb2299ebf71d5599a80dc54444b26f893;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/DataHttp.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/DataHttp.java index ab9211a54..283818086 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/DataHttp.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/DataHttp.java @@ -21,7 +21,6 @@ import javax.security.auth.callback.PasswordCallback; import javax.security.auth.login.CredentialNotFoundException; import javax.security.auth.login.LoginContext; import javax.security.auth.login.LoginException; -import javax.servlet.Servlet; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -34,6 +33,7 @@ import org.apache.jackrabbit.server.remoting.davex.JcrRemotingServlet; import org.apache.jackrabbit.webdav.simple.SimpleWebdavServlet; import org.argeo.cms.CmsException; import org.argeo.cms.auth.AuthConstants; +import org.argeo.cms.auth.CurrentUser; import org.argeo.cms.auth.HttpRequestCallback; import org.argeo.cms.auth.HttpRequestCallbackHandler; import org.argeo.jcr.ArgeoJcrConstants; @@ -52,24 +52,24 @@ class DataHttp implements KernelConstants, ArgeoJcrConstants { // private final static String ATTR_AUTH = "auth"; private final static String HEADER_AUTHORIZATION = "Authorization"; - private final static String HEADER_WWW_AUTHENTICATE = "WWW-Authenticate"; + // private final static String HEADER_WWW_AUTHENTICATE = "WWW-Authenticate"; private final HttpService httpService; // FIXME Make it more unique - private String httpAuthRealm = "Argeo"; + // private String httpAuthRealm = "Argeo"; // WebDav / JCR remoting private OpenInViewSessionProvider sessionProvider; - DataHttp(HttpService httpService, NodeRepository node) { + DataHttp(HttpService httpService) { this.httpService = httpService; sessionProvider = new OpenInViewSessionProvider(); - registerRepositoryServlets(ALIAS_NODE, node); + // registerRepositoryServlets(ALIAS_NODE, node); } public void destroy() { - unregisterRepositoryServlets(ALIAS_NODE); + // unregisterRepositoryServlets(ALIAS_NODE); } void registerRepositoryServlets(String alias, Repository repository) { @@ -97,10 +97,7 @@ class DataHttp implements KernelConstants, ArgeoJcrConstants { Properties ip = new Properties(); ip.setProperty(WebdavServlet.INIT_PARAM_RESOURCE_CONFIG, WEBDAV_CONFIG); ip.setProperty(WebdavServlet.INIT_PARAM_RESOURCE_PATH_PREFIX, path); - // httpService.registerFilter(path, anonymous ? new AnonymousFilter() - // : new DavFilter(), null, null); - // Cast to servlet because of a weird behaviour in Eclipse - httpService.registerServlet(path, (Servlet) webdavServlet, ip, + httpService.registerServlet(path, webdavServlet, ip, new DataHttpContext(anonymous)); } @@ -119,22 +116,10 @@ class DataHttp implements KernelConstants, ArgeoJcrConstants { ip.setProperty(RemotingServlet.INIT_PARAM_TMP_DIRECTORY, "remoting"); // in order to avoid annoying warning. ip.setProperty(RemotingServlet.INIT_PARAM_PROTECTED_HANDLERS_CONFIG, ""); - // Cast to servlet because of a weird behaviour in Eclipse - // httpService.registerFilter(path, anonymous ? new AnonymousFilter() - // : new DavFilter(), null, null); - httpService.registerServlet(path, (Servlet) remotingServlet, ip, + httpService.registerServlet(path, remotingServlet, ip, new DataHttpContext(anonymous)); } -// private X509Certificate extractCertificate(HttpServletRequest req) { -// X509Certificate[] certs = (X509Certificate[]) req -// .getAttribute("javax.servlet.request.X509Certificate"); -// if (null != certs && certs.length > 0) { -// return certs[0]; -// } -// return null; -// } - private Subject subjectFromRequest(HttpServletRequest request) { Authorization authorization = (Authorization) request .getAttribute(HttpContext.AUTHORIZATION); @@ -172,7 +157,8 @@ class DataHttp implements KernelConstants, ArgeoJcrConstants { return true; } - KernelUtils.logRequestHeaders(log, request); + if (log.isTraceEnabled()) + KernelUtils.logRequestHeaders(log, request); try { new LoginContext(LOGIN_CONTEXT_USER, new HttpRequestCallbackHandler(request)).login(); @@ -191,7 +177,7 @@ class DataHttp implements KernelConstants, ArgeoJcrConstants { throw new CmsException("Could not login", e1); } } else { - requestBasicAuth(request, response); + // requestBasicAuth(request, response); return false; } } catch (LoginException e) { @@ -209,13 +195,13 @@ class DataHttp implements KernelConstants, ArgeoJcrConstants { return null; } - private void requestBasicAuth(HttpServletRequest request, - HttpServletResponse response) { - response.setStatus(401); - response.setHeader(HEADER_WWW_AUTHENTICATE, "basic realm=\"" - + httpAuthRealm + "\""); - // request.getSession().setAttribute(ATTR_AUTH, Boolean.TRUE); - } + // private void requestBasicAuth(HttpServletRequest request, + // HttpServletResponse response) { + // response.setStatus(401); + // response.setHeader(HEADER_WWW_AUTHENTICATE, "basic realm=\"" + // + httpAuthRealm + "\""); + // // request.getSession().setAttribute(ATTR_AUTH, Boolean.TRUE); + // } private CallbackHandler basicAuth(final HttpServletRequest httpRequest) { String authHeader = httpRequest.getHeader(HEADER_AUTHORIZATION); @@ -318,6 +304,12 @@ class DataHttp implements KernelConstants, ArgeoJcrConstants { IOException { try { Subject subject = subjectFromRequest(request); + if (CurrentUser.isAnonymous(subject) + && request.getMethod().equals("GET")) { + response.setHeader("Cache-Control", + "no-transform, public, max-age=300, s-maxage=900"); + } + Subject.doAs(subject, new PrivilegedExceptionAction() { @Override public Void run() throws Exception {