X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fwebsocket%2FCmsWebSocketConfigurator.java;h=f72527af18dee1768d926867ccd27e389eb11113;hb=48cae516376b12ea619a359450c62479d3e16584;hp=7cfe5748b19a7af3c51bc452f05c53d84f7c6096;hpb=862da18b7053df010348b3ed1096afd3b5778c10;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/websocket/CmsWebSocketConfigurator.java b/org.argeo.cms/src/org/argeo/cms/websocket/CmsWebSocketConfigurator.java index 7cfe5748b..f72527af1 100644 --- a/org.argeo.cms/src/org/argeo/cms/websocket/CmsWebSocketConfigurator.java +++ b/org.argeo.cms/src/org/argeo/cms/websocket/CmsWebSocketConfigurator.java @@ -1,10 +1,11 @@ package org.argeo.cms.websocket; -import java.util.ArrayList; +import java.security.AccessController; +import java.security.PrivilegedAction; import java.util.List; +import javax.security.auth.Subject; import javax.security.auth.login.LoginContext; -import javax.security.auth.login.LoginException; import javax.servlet.http.HttpSession; import javax.websocket.Extension; import javax.websocket.HandshakeResponse; @@ -16,8 +17,12 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.argeo.cms.auth.HttpRequestCallbackHandler; import org.argeo.node.NodeConstants; +import org.osgi.service.http.context.ServletContextHelper; +/** Customises the initialisation of a new web socket. */ public class CmsWebSocketConfigurator extends Configurator { + public final static String WEBSOCKET_SUBJECT = "org.argeo.cms.websocket.subject"; + private final static Log log = LogFactory.getLog(CmsWebSocketConfigurator.class); final static String HEADER_WWW_AUTHENTICATE = "WWW-Authenticate"; @@ -62,8 +67,7 @@ public class CmsWebSocketConfigurator extends Configurator { log.debug("Web socket HTTP session id: " + httpSession.getId()); if (httpSession == null) { - rejectResponse(response); - return; + rejectResponse(response, null); } try { LoginContext lc = new LoginContext(NodeConstants.LOGIN_CONTEXT_USER, @@ -71,20 +75,29 @@ public class CmsWebSocketConfigurator extends Configurator { lc.login(); if (log.isDebugEnabled()) log.debug("Web socket logged-in as " + lc.getSubject()); - sec.getUserProperties().put("subject", lc.getSubject()); - } catch (LoginException e) { - rejectResponse(response); - return; + Subject.doAs(lc.getSubject(), new PrivilegedAction() { + + @Override + public Void run() { + sec.getUserProperties().put(ServletContextHelper.REMOTE_USER, AccessController.getContext()); + return null; + } + + }); + } catch (Exception e) { + rejectResponse(response, e); } } - protected void rejectResponse(HandshakeResponse response) { - List lst = new ArrayList(); - lst.add("no"); - response.getHeaders().put(HandshakeResponse.SEC_WEBSOCKET_ACCEPT, lst); - + /** + * Behaviour when the web socket could not be authenticated. Throws an + * {@link IllegalStateException} by default. + * + * @param e can be null + */ + protected void rejectResponse(HandshakeResponse response, Exception e) { // violent implementation, as suggested in // https://stackoverflow.com/questions/21763829/jsr-356-how-to-abort-a-websocket-connection-during-the-handshake - // throw new IllegalStateException("Web socket cannot be authenticated"); +// throw new IllegalStateException("Web socket cannot be authenticated"); } }