X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fkernel%2FNodeHttp.java;h=9a35e279ce28164ba6d53c79367c3b0f1021a2f8;hb=91f477703e7b86048f15c16020f6a6f874b7fc1a;hp=cbad271540f4896e54325756a56d54c33571c170;hpb=9b498d3407a628c8815d13f462962e2dd6c27b46;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeHttp.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeHttp.java index cbad27154..9a35e279c 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeHttp.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeHttp.java @@ -3,6 +3,7 @@ package org.argeo.cms.internal.kernel; import static org.argeo.jackrabbit.servlet.WebdavServlet.INIT_PARAM_RESOURCE_CONFIG; import java.io.IOException; +import java.security.cert.X509Certificate; import java.util.Enumeration; import java.util.Properties; import java.util.StringTokenizer; @@ -29,7 +30,6 @@ import org.osgi.service.http.NamespaceException; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; -import org.springframework.security.core.context.SecurityContext; import org.springframework.security.core.context.SecurityContextHolder; /** @@ -72,20 +72,33 @@ class NodeHttp implements KernelConstants, ArgeoJcrConstants { // DAV sessionProvider = new OpenInViewSessionProvider(); + registerRepositoryServlets(ALIAS_NODE, node); try { - registerWebdavServlet(ALIAS_NODE, node, true); - registerWebdavServlet(ALIAS_NODE, node, false); - registerRemotingServlet(ALIAS_NODE, node, true); - registerRemotingServlet(ALIAS_NODE, node, false); - httpService.registerFilter("/", rootFilter, null, null); } catch (Exception e) { - throw new CmsException("Could not initialise http", e); + throw new CmsException("Could not register root filter", e); } } public void destroy() { sessionProvider.destroy(); + unregisterRepositoryServlets(ALIAS_NODE); + } + + void registerRepositoryServlets(String alias, Repository repository) { + try { + registerWebdavServlet(alias, repository, true); + registerWebdavServlet(alias, repository, false); + registerRemotingServlet(alias, repository, true); + registerRemotingServlet(alias, repository, false); + } catch (Exception e) { + throw new CmsException( + "Could not register servlets for repository " + alias, e); + } + } + + void unregisterRepositoryServlets(String alias) { + // FIXME unregister servlets } void registerWebdavServlet(String alias, Repository repository, @@ -122,11 +135,11 @@ class NodeHttp implements KernelConstants, ArgeoJcrConstants { httpService.registerServlet(path, (Servlet) remotingServlet, ip, null); } - private Boolean isSessionAuthenticated(HttpSession httpSession) { - SecurityContext contextFromSession = (SecurityContext) httpSession - .getAttribute(SPRING_SECURITY_CONTEXT_KEY); - return contextFromSession != null; - } + // private Boolean isSessionAuthenticated(HttpSession httpSession) { + // SecurityContext contextFromSession = (SecurityContext) httpSession + // .getAttribute(SPRING_SECURITY_CONTEXT_KEY); + // return contextFromSession != null; + // } private void requestBasicAuth(HttpSession httpSession, HttpServletResponse response) { @@ -176,24 +189,22 @@ class NodeHttp implements KernelConstants, ArgeoJcrConstants { HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException { if (log.isTraceEnabled()) { - log.debug(request.getContextPath()); - log.debug(request.getServletPath()); - log.debug(request.getRequestURI()); - log.debug(request.getQueryString()); - StringBuilder buf = new StringBuilder(); - Enumeration en = request.getHeaderNames(); - while (en.hasMoreElements()) { - String header = en.nextElement(); - Enumeration values = request.getHeaders(header); - while (values.hasMoreElements()) - buf.append(" " + header + ": " + values.nextElement()); - buf.append('\n'); - } - log.debug("\n" + buf); + log.trace(request.getRequestURL().append( + request.getQueryString() != null ? "?" + + request.getQueryString() : "")); + logRequest(request); } String servletPath = request.getServletPath(); + // client certificate + X509Certificate clientCert = extractCertificate(request); + if (clientCert != null) { + // TODO authenticate + // if (log.isDebugEnabled()) + // log.debug(clientCert.getSubjectX500Principal().getName()); + } + // skip data if (servletPath.startsWith(PATH_DATA)) { filterChain.doFilter(request, response); @@ -212,7 +223,7 @@ class NodeHttp implements KernelConstants, ArgeoJcrConstants { int pathLength = path.length(); if (pathLength != 0 && (path.charAt(0) == '/') && !servletPath.endsWith("rwt-resources") - && !path.equals("/")) { + && path.lastIndexOf('/') != 0) { String newLocation = request.getServletPath() + "#" + path; response.setHeader("Location", newLocation); response.setStatus(HttpServletResponse.SC_FOUND); @@ -224,6 +235,42 @@ class NodeHttp implements KernelConstants, ArgeoJcrConstants { } } + private void logRequest(HttpServletRequest request) { + log.debug("contextPath=" + request.getContextPath()); + log.debug("servletPath=" + request.getServletPath()); + log.debug("requestURI=" + request.getRequestURI()); + log.debug("queryString=" + request.getQueryString()); + StringBuilder buf = new StringBuilder(); + // headers + Enumeration en = request.getHeaderNames(); + while (en.hasMoreElements()) { + String header = en.nextElement(); + Enumeration values = request.getHeaders(header); + while (values.hasMoreElements()) + buf.append(" " + header + ": " + values.nextElement()); + buf.append('\n'); + } + + // attributed + Enumeration an = request.getAttributeNames(); + while (an.hasMoreElements()) { + String attr = an.nextElement(); + Object value = request.getAttribute(attr); + buf.append(" " + attr + ": " + value); + buf.append('\n'); + } + log.debug("\n" + buf); + } + + private X509Certificate extractCertificate(HttpServletRequest req) { + X509Certificate[] certs = (X509Certificate[]) req + .getAttribute("javax.servlet.request.X509Certificate"); + if (null != certs && certs.length > 0) { + return certs[0]; + } + return null; + } + /** Intercepts all requests. Authenticates. */ private class AnonymousFilter extends HttpFilter { @Override @@ -232,10 +279,10 @@ class NodeHttp implements KernelConstants, ArgeoJcrConstants { FilterChain filterChain) throws IOException, ServletException { // Authenticate from session - if (isSessionAuthenticated(httpSession)) { - filterChain.doFilter(request, response); - return; - } + // if (isSessionAuthenticated(httpSession)) { + // filterChain.doFilter(request, response); + // return; + // } KernelUtils.anonymousLogin(authenticationManager); filterChain.doFilter(request, response); @@ -262,9 +309,9 @@ class NodeHttp implements KernelConstants, ArgeoJcrConstants { UsernamePasswordAuthenticationToken token = basicAuth(basicAuth); Authentication auth = authenticationManager.authenticate(token); SecurityContextHolder.getContext().setAuthentication(auth); - httpSession.setAttribute(SPRING_SECURITY_CONTEXT_KEY, - SecurityContextHolder.getContext()); - httpSession.setAttribute(ATTR_AUTH, Boolean.FALSE); + // httpSession.setAttribute(SPRING_SECURITY_CONTEXT_KEY, + // SecurityContextHolder.getContext()); + // httpSession.setAttribute(ATTR_AUTH, Boolean.FALSE); filterChain.doFilter(request, response); return; }