X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fkernel%2FNodeHttp.java;h=a9142c9334cdc69aaa00a6da487b6be1b18edfb0;hb=104096c83f55f5afd36e2d4ba578ceed4ed4ae77;hp=db66de2eaa989e75a8bf809635c1c29a4a89e0fc;hpb=0a63088e055dcd5ff397ce4e98d008c62c84dc98;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeHttp.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeHttp.java
index db66de2ea..a9142c933 100644
--- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeHttp.java
+++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeHttp.java
@@ -1,12 +1,14 @@
 package org.argeo.cms.internal.kernel;
 
 import java.io.IOException;
+import java.util.Enumeration;
 import java.util.Properties;
 import java.util.StringTokenizer;
 
 import javax.servlet.FilterChain;
 import javax.servlet.Servlet;
 import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
@@ -20,6 +22,7 @@ import org.argeo.jackrabbit.servlet.RemotingServlet;
 import org.argeo.jackrabbit.servlet.WebdavServlet;
 import org.argeo.jcr.ArgeoJcrConstants;
 import org.eclipse.equinox.http.servlet.ExtendedHttpService;
+import org.eclipse.jetty.servlets.DoSFilter;
 import org.osgi.framework.BundleContext;
 import org.osgi.service.http.NamespaceException;
 import org.osgi.util.tracker.ServiceTracker;
@@ -40,8 +43,6 @@ class NodeHttp implements KernelConstants, ArgeoJcrConstants {
 	private final static String HEADER_AUTHORIZATION = "Authorization";
 	private final static String HEADER_WWW_AUTHENTICATE = "WWW-Authenticate";
 
-	static final String SPRING_SECURITY_CONTEXT_KEY = "SPRING_SECURITY_CONTEXT";
-
 	private final AuthenticationManager authenticationManager;
 	private final BundleContext bundleContext;
 	private ExtendedHttpService httpService;
@@ -50,7 +51,9 @@ class NodeHttp implements KernelConstants, ArgeoJcrConstants {
 	private String httpAuthRealm = "Argeo";
 
 	// Filters
-	// private final RootFilter rootFilter;
+	private final RootFilter rootFilter;
+	// private final DoSFilter dosFilter;
+	// private final QoSFilter qosFilter;
 
 	// remoting
 	private OpenInViewSessionProvider sessionProvider;
@@ -79,7 +82,9 @@ class NodeHttp implements KernelConstants, ArgeoJcrConstants {
 					+ ExtendedHttpService.class + " service.");
 
 		// Filters
-		// rootFilter = new RootFilter();
+		rootFilter = new RootFilter();
+		// dosFilter = new CustomDosFilter();
+		// qosFilter = new QoSFilter();
 
 		// DAV
 		sessionProvider = new OpenInViewSessionProvider();
@@ -100,7 +105,9 @@ class NodeHttp implements KernelConstants, ArgeoJcrConstants {
 			registerRemotingServlet(PATH_REMOTING_PRIVATE, ALIAS_NODE, false,
 					privateRemotingServlet);
 
-			// httpService.registerFilter("/", rootFilter, null, null);
+			// httpService.registerFilter("/", dosFilter, null, null);
+			httpService.registerFilter("/", rootFilter, null, null);
+			// httpService.registerFilter("/", qosFilter, null, null);
 		} catch (Exception e) {
 			throw new CmsException("Cannot publish HTTP services to OSGi", e);
 		}
@@ -166,7 +173,7 @@ class NodeHttp implements KernelConstants, ArgeoJcrConstants {
 					try {
 						String credentials = new String(Base64.decodeBase64(st
 								.nextToken()), "UTF-8");
-						log.debug("Credentials: " + credentials);
+						// log.debug("Credentials: " + credentials);
 						int p = credentials.indexOf(":");
 						if (p != -1) {
 							String login = credentials.substring(0, p).trim();
@@ -174,7 +181,7 @@ class NodeHttp implements KernelConstants, ArgeoJcrConstants {
 									.trim();
 
 							return new UsernamePasswordAuthenticationToken(
-									login, password);
+									login, password.toCharArray());
 						} else {
 							throw new CmsException(
 									"Invalid authentication token");
@@ -196,41 +203,43 @@ class NodeHttp implements KernelConstants, ArgeoJcrConstants {
 		public void doFilter(HttpSession httpSession,
 				HttpServletRequest request, HttpServletResponse response,
 				FilterChain filterChain) throws IOException, ServletException {
-
-			// Authenticate from session
-			if (isSessionAuthenticated(httpSession)) {
-				filterChain.doFilter(request, response);
-				return;
+			if (log.isTraceEnabled()) {
+				log.debug(request.getContextPath());
+				log.debug(request.getServletPath());
+				log.debug(request.getRequestURI());
+				log.debug(request.getQueryString());
+				StringBuilder buf = new StringBuilder();
+				Enumeration<String> en = request.getHeaderNames();
+				while (en.hasMoreElements()) {
+					String header = en.nextElement();
+					Enumeration<String> values = request.getHeaders(header);
+					while (values.hasMoreElements())
+						buf.append("  " + header + ": " + values.nextElement());
+					buf.append('\n');
+				}
+				log.debug("\n" + buf);
 			}
 
-			// TODO Kerberos
-
-			// TODO Certificate
+			String servletPath = request.getServletPath();
 
-			// Process basic auth
-			String basicAuth = request.getHeader(HEADER_AUTHORIZATION);
-			if (basicAuth != null) {
-				UsernamePasswordAuthenticationToken token = basicAuth(basicAuth);
-				Authentication auth = authenticationManager.authenticate(token);
-				SecurityContextHolder.getContext().setAuthentication(auth);
-				httpSession.setAttribute(SPRING_SECURITY_CONTEXT_KEY,
-						SecurityContextHolder.getContext());
-				httpSession.setAttribute(ATTR_AUTH, Boolean.FALSE);
+			// skip data
+			if (servletPath.startsWith(PATH_DATA)) {
 				filterChain.doFilter(request, response);
 				return;
 			}
 
-			Boolean doBasicAuth = true;
-			if (doBasicAuth) {
-				requestBasicAuth(httpSession, response);
-				// skip filter chain
+			// redirect long RWT paths to anchor
+			String path = request.getRequestURI()
+					.substring(servletPath.length()).trim();
+			if (!servletPath.endsWith("rwt-resources") && !path.equals("")
+					&& !path.equals("/")) {
+				String newLocation = request.getServletPath() + "#" + path;
+				response.setHeader("Location", newLocation);
+				response.setStatus(HttpServletResponse.SC_FOUND);
 				return;
 			}
 
-			// TODO Login page
-
-			// Anonymous
-			KernelUtils.anonymousLogin(authenticationManager);
+			// process normally
 			filterChain.doFilter(request, response);
 		}
 	}
@@ -262,10 +271,10 @@ class NodeHttp implements KernelConstants, ArgeoJcrConstants {
 				FilterChain filterChain) throws IOException, ServletException {
 
 			// Authenticate from session
-			if (isSessionAuthenticated(httpSession)) {
-				filterChain.doFilter(request, response);
-				return;
-			}
+			// if (isSessionAuthenticated(httpSession)) {
+			// filterChain.doFilter(request, response);
+			// return;
+			// }
 
 			// Process basic auth
 			String basicAuth = request.getHeader(HEADER_AUTHORIZATION);
@@ -284,4 +293,19 @@ class NodeHttp implements KernelConstants, ArgeoJcrConstants {
 		}
 	}
 
+	class CustomDosFilter extends DoSFilter {
+		@Override
+		protected String extractUserId(ServletRequest request) {
+			HttpSession httpSession = ((HttpServletRequest) request)
+					.getSession();
+			if (isSessionAuthenticated(httpSession)) {
+				String userId = ((SecurityContext) httpSession
+						.getAttribute(SPRING_SECURITY_CONTEXT_KEY))
+						.getAuthentication().getName();
+				return userId;
+			}
+			return super.extractUserId(request);
+
+		}
+	}
 }