X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fkernel%2FDataHttp.java;h=8c57c8cb8e4c45212cfc99daf7b77a3452eec6b5;hb=3cf2ac1853e37c531d3ab402c7a0ad73316e41bd;hp=ebf483a7a24b087bd80bf991301a16a7918ecc6b;hpb=0af549d05ec45b5e31df9026b6627de9038d39eb;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/DataHttp.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/DataHttp.java index ebf483a7a..8c57c8cb8 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/DataHttp.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/DataHttp.java @@ -61,7 +61,7 @@ class DataHttp implements KernelConstants, ArgeoJcrConstants { // WebDav / JCR remoting private OpenInViewSessionProvider sessionProvider; - DataHttp(HttpService httpService, NodeRepository node) { + DataHttp(HttpService httpService) { this.httpService = httpService; sessionProvider = new OpenInViewSessionProvider(); // registerRepositoryServlets(ALIAS_NODE, node); @@ -78,8 +78,7 @@ class DataHttp implements KernelConstants, ArgeoJcrConstants { registerRemotingServlet(alias, repository, true); registerRemotingServlet(alias, repository, false); } catch (Exception e) { - throw new CmsException( - "Could not register servlets for repository " + alias, e); + throw new CmsException("Could not register servlets for repository " + alias, e); } } @@ -87,46 +86,39 @@ class DataHttp implements KernelConstants, ArgeoJcrConstants { // FIXME unregister servlets } - void registerWebdavServlet(String alias, Repository repository, - boolean anonymous) throws NamespaceException, ServletException { - WebdavServlet webdavServlet = new WebdavServlet(repository, - sessionProvider); + void registerWebdavServlet(String alias, Repository repository, boolean anonymous) + throws NamespaceException, ServletException { + WebdavServlet webdavServlet = new WebdavServlet(repository, sessionProvider); String pathPrefix = anonymous ? WEBDAV_PUBLIC : WEBDAV_PRIVATE; String path = pathPrefix + "/" + alias; Properties ip = new Properties(); ip.setProperty(WebdavServlet.INIT_PARAM_RESOURCE_CONFIG, WEBDAV_CONFIG); ip.setProperty(WebdavServlet.INIT_PARAM_RESOURCE_PATH_PREFIX, path); - httpService.registerServlet(path, webdavServlet, ip, - new DataHttpContext(anonymous)); + httpService.registerServlet(path, webdavServlet, ip, new DataHttpContext(anonymous)); } - void registerRemotingServlet(String alias, Repository repository, - boolean anonymous) throws NamespaceException, ServletException { + void registerRemotingServlet(String alias, Repository repository, boolean anonymous) + throws NamespaceException, ServletException { String pathPrefix = anonymous ? REMOTING_PUBLIC : REMOTING_PRIVATE; - RemotingServlet remotingServlet = new RemotingServlet(repository, - sessionProvider); + RemotingServlet remotingServlet = new RemotingServlet(repository, sessionProvider); String path = pathPrefix + "/" + alias; Properties ip = new Properties(); ip.setProperty(JcrRemotingServlet.INIT_PARAM_RESOURCE_PATH_PREFIX, path); // Looks like a bug in Jackrabbit remoting init - ip.setProperty(RemotingServlet.INIT_PARAM_HOME, - KernelUtils.getOsgiInstanceDir() + "/tmp/jackrabbit"); + ip.setProperty(RemotingServlet.INIT_PARAM_HOME, KernelUtils.getOsgiInstanceDir() + "/tmp/jackrabbit"); ip.setProperty(RemotingServlet.INIT_PARAM_TMP_DIRECTORY, "remoting"); // in order to avoid annoying warning. ip.setProperty(RemotingServlet.INIT_PARAM_PROTECTED_HANDLERS_CONFIG, ""); - httpService.registerServlet(path, remotingServlet, ip, - new DataHttpContext(anonymous)); + httpService.registerServlet(path, remotingServlet, ip, new DataHttpContext(anonymous)); } private Subject subjectFromRequest(HttpServletRequest request) { - Authorization authorization = (Authorization) request - .getAttribute(HttpContext.AUTHORIZATION); + Authorization authorization = (Authorization) request.getAttribute(HttpContext.AUTHORIZATION); if (authorization == null) throw new CmsException("Not authenticated"); try { - LoginContext lc = new LoginContext( - AuthConstants.LOGIN_CONTEXT_USER, + LoginContext lc = new LoginContext(AuthConstants.LOGIN_CONTEXT_USER, new HttpRequestCallbackHandler(request)); lc.login(); return lc.getSubject(); @@ -143,14 +135,12 @@ class DataHttp implements KernelConstants, ArgeoJcrConstants { } @Override - public boolean handleSecurity(final HttpServletRequest request, - HttpServletResponse response) throws IOException { + public boolean handleSecurity(final HttpServletRequest request, HttpServletResponse response) + throws IOException { if (anonymous) { Subject subject = KernelUtils.anonymousLogin(); - Authorization authorization = subject - .getPrivateCredentials(Authorization.class).iterator() - .next(); + Authorization authorization = subject.getPrivateCredentials(Authorization.class).iterator().next(); request.setAttribute(REMOTE_USER, AuthConstants.ROLE_ANONYMOUS); request.setAttribute(AUTHORIZATION, authorization); return true; @@ -159,15 +149,13 @@ class DataHttp implements KernelConstants, ArgeoJcrConstants { if (log.isTraceEnabled()) KernelUtils.logRequestHeaders(log, request); try { - new LoginContext(LOGIN_CONTEXT_USER, - new HttpRequestCallbackHandler(request)).login(); + new LoginContext(LOGIN_CONTEXT_USER, new HttpRequestCallbackHandler(request)).login(); return true; } catch (CredentialNotFoundException e) { CallbackHandler token = basicAuth(request); if (token != null) { try { - LoginContext lc = new LoginContext(LOGIN_CONTEXT_USER, - token); + LoginContext lc = new LoginContext(LOGIN_CONTEXT_USER, token); lc.login(); // Note: this is impossible to reliably clear the // authorization header when access from a browser. @@ -176,7 +164,9 @@ class DataHttp implements KernelConstants, ArgeoJcrConstants { throw new CmsException("Could not login", e1); } } else { - requestBasicAuth(request, response); + String path = request.getServletPath(); + if (path.startsWith(REMOTING_PRIVATE)) + requestBasicAuth(request, response); return false; } } catch (LoginException e) { @@ -194,11 +184,9 @@ class DataHttp implements KernelConstants, ArgeoJcrConstants { return null; } - private void requestBasicAuth(HttpServletRequest request, - HttpServletResponse response) { + private void requestBasicAuth(HttpServletRequest request, HttpServletResponse response) { response.setStatus(401); - response.setHeader(HEADER_WWW_AUTHENTICATE, "basic realm=\"" - + httpAuthRealm + "\""); + response.setHeader(HEADER_WWW_AUTHENTICATE, "basic realm=\"" + httpAuthRealm + "\""); // request.getSession().setAttribute(ATTR_AUTH, Boolean.TRUE); } @@ -211,38 +199,29 @@ class DataHttp implements KernelConstants, ArgeoJcrConstants { if (basic.equalsIgnoreCase("Basic")) { try { // TODO manipulate char[] - String credentials = new String( - Base64.decodeBase64(st.nextToken()), - "UTF-8"); + String credentials = new String(Base64.decodeBase64(st.nextToken()), "UTF-8"); // log.debug("Credentials: " + credentials); int p = credentials.indexOf(":"); if (p != -1) { - final String login = credentials - .substring(0, p).trim(); - final char[] password = credentials - .substring(p + 1).trim().toCharArray(); + final String login = credentials.substring(0, p).trim(); + final char[] password = credentials.substring(p + 1).trim().toCharArray(); return new CallbackHandler() { public void handle(Callback[] callbacks) { for (Callback cb : callbacks) { if (cb instanceof NameCallback) - ((NameCallback) cb) - .setName(login); + ((NameCallback) cb).setName(login); else if (cb instanceof PasswordCallback) - ((PasswordCallback) cb) - .setPassword(password); + ((PasswordCallback) cb).setPassword(password); else if (cb instanceof HttpRequestCallback) - ((HttpRequestCallback) cb) - .setRequest(httpRequest); + ((HttpRequestCallback) cb).setRequest(httpRequest); } } }; } else { - throw new CmsException( - "Invalid authentication token"); + throw new CmsException("Invalid authentication token"); } } catch (Exception e) { - throw new CmsException( - "Couldn't retrieve authentication", e); + throw new CmsException("Couldn't retrieve authentication", e); } } } @@ -256,23 +235,19 @@ class DataHttp implements KernelConstants, ArgeoJcrConstants { * Implements an open session in view patter: a new JCR session is created * for each request */ - private class OpenInViewSessionProvider implements SessionProvider, - Serializable { + private class OpenInViewSessionProvider implements SessionProvider, Serializable { private static final long serialVersionUID = 2270957712453841368L; - public Session getSession(HttpServletRequest request, Repository rep, - String workspace) throws javax.jcr.LoginException, - ServletException, RepositoryException { + public Session getSession(HttpServletRequest request, Repository rep, String workspace) + throws javax.jcr.LoginException, ServletException, RepositoryException { return login(request, rep, workspace); } - protected Session login(HttpServletRequest request, - Repository repository, String workspace) + protected Session login(HttpServletRequest request, Repository repository, String workspace) throws RepositoryException { if (log.isTraceEnabled()) - log.trace("Login to workspace " - + (workspace == null ? "" : workspace) - + " in web session " + request.getSession().getId()); + log.trace("Login to workspace " + (workspace == null ? "" : workspace) + " in web session " + + request.getSession().getId()); return repository.login(workspace); } @@ -287,8 +262,7 @@ class DataHttp implements KernelConstants, ArgeoJcrConstants { private static final long serialVersionUID = -4687354117811443881L; private final Repository repository; - public WebdavServlet(Repository repository, - SessionProvider sessionProvider) { + public WebdavServlet(Repository repository, SessionProvider sessionProvider) { this.repository = repository; setSessionProvider(sessionProvider); } @@ -298,11 +272,17 @@ class DataHttp implements KernelConstants, ArgeoJcrConstants { } @Override - protected void service(final HttpServletRequest request, - final HttpServletResponse response) throws ServletException, - IOException { + protected void service(final HttpServletRequest request, final HttpServletResponse response) + throws ServletException, IOException { try { Subject subject = subjectFromRequest(request); + // TODO make it stronger, with eTags. + // if (CurrentUser.isAnonymous(subject) && + // request.getMethod().equals("GET")) { + // response.setHeader("Cache-Control", "no-transform, public, + // max-age=300, s-maxage=900"); + // } + Subject.doAs(subject, new PrivilegedExceptionAction() { @Override public Void run() throws Exception { @@ -311,8 +291,7 @@ class DataHttp implements KernelConstants, ArgeoJcrConstants { } }); } catch (PrivilegedActionException e) { - throw new CmsException("Cannot process webdav request", - e.getException()); + throw new CmsException("Cannot process webdav request", e.getException()); } } } @@ -322,8 +301,7 @@ class DataHttp implements KernelConstants, ArgeoJcrConstants { private final Repository repository; private final SessionProvider sessionProvider; - public RemotingServlet(Repository repository, - SessionProvider sessionProvider) { + public RemotingServlet(Repository repository, SessionProvider sessionProvider) { this.repository = repository; this.sessionProvider = sessionProvider; } @@ -339,9 +317,8 @@ class DataHttp implements KernelConstants, ArgeoJcrConstants { } @Override - protected void service(final HttpServletRequest request, - final HttpServletResponse response) throws ServletException, - IOException { + protected void service(final HttpServletRequest request, final HttpServletResponse response) + throws ServletException, IOException { try { Subject subject = subjectFromRequest(request); Subject.doAs(subject, new PrivilegedExceptionAction() { @@ -352,8 +329,7 @@ class DataHttp implements KernelConstants, ArgeoJcrConstants { } }); } catch (PrivilegedActionException e) { - throw new CmsException("Cannot process JCR remoting request", - e.getException()); + throw new CmsException("Cannot process JCR remoting request", e.getException()); } } }