X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms.ee%2Fsrc%2Forg%2Fargeo%2Fcms%2Fservlet%2FCmsServletContext.java;h=d3c0eb5402d45b5e25bb4b0bfe62d4b782f27d5b;hb=54df376a9c2dd458a82eaa09bfbb718fe699dd0d;hp=9cb48b212d38b5db6054c6fefac76dc00a9a00e3;hpb=00753f77ac3f41f7dbfe281eeab886ef4bdc0ce5;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms.ee/src/org/argeo/cms/servlet/CmsServletContext.java b/org.argeo.cms.ee/src/org/argeo/cms/servlet/CmsServletContext.java index 9cb48b212..d3c0eb540 100644 --- a/org.argeo.cms.ee/src/org/argeo/cms/servlet/CmsServletContext.java +++ b/org.argeo.cms.ee/src/org/argeo/cms/servlet/CmsServletContext.java @@ -2,10 +2,8 @@ package org.argeo.cms.servlet; import java.io.IOException; import java.net.URL; -import java.security.PrivilegedAction; import java.util.Map; -import javax.security.auth.Subject; import javax.security.auth.login.LoginContext; import javax.security.auth.login.LoginException; import javax.servlet.http.HttpServletRequest; @@ -14,6 +12,8 @@ import javax.servlet.http.HttpServletResponse; import org.argeo.api.cms.CmsAuth; import org.argeo.api.cms.CmsLog; import org.argeo.cms.auth.RemoteAuthCallbackHandler; +import org.argeo.cms.auth.RemoteAuthRequest; +import org.argeo.cms.auth.RemoteAuthResponse; import org.argeo.cms.auth.RemoteAuthUtils; import org.argeo.cms.servlet.internal.HttpUtils; import org.osgi.framework.Bundle; @@ -29,6 +29,9 @@ public class CmsServletContext extends ServletContextHelper { // use CMS bundle for resources private Bundle bundle = FrameworkUtil.getBundle(getClass()); + private final String httpAuthRealm = "Argeo"; + private final boolean forceBasic = false; + public void init(Map properties) { } @@ -41,61 +44,72 @@ public class CmsServletContext extends ServletContextHelper { public boolean handleSecurity(HttpServletRequest request, HttpServletResponse response) throws IOException { if (log.isTraceEnabled()) HttpUtils.logRequestHeaders(log, request); + RemoteAuthRequest remoteAuthRequest = new ServletHttpRequest(request); + RemoteAuthResponse remoteAuthResponse = new ServletHttpResponse(response); ClassLoader currentThreadContextClassLoader = Thread.currentThread().getContextClassLoader(); Thread.currentThread().setContextClassLoader(CmsServletContext.class.getClassLoader()); LoginContext lc; try { - lc = CmsAuth.USER.newLoginContext( - new RemoteAuthCallbackHandler(new ServletHttpRequest(request), new ServletHttpResponse(response))); + lc = CmsAuth.USER.newLoginContext(new RemoteAuthCallbackHandler(remoteAuthRequest, remoteAuthResponse)); lc.login(); } catch (LoginException e) { - lc = processUnauthorized(request, response); - if (log.isTraceEnabled()) - HttpUtils.logResponseHeaders(log, response); + if (authIsRequired(remoteAuthRequest, remoteAuthResponse)) { + int statusCode = RemoteAuthUtils.askForWwwAuth(remoteAuthRequest, + remoteAuthResponse, httpAuthRealm, + forceBasic); + response.setStatus(statusCode); + return false; + + } else { + lc = RemoteAuthUtils.anonymousLogin(remoteAuthRequest, remoteAuthResponse); + } if (lc == null) return false; } finally { Thread.currentThread().setContextClassLoader(currentThreadContextClassLoader); } - Subject subject = lc.getSubject(); - // log.debug("SERVLET CONTEXT: "+subject); - Subject.doAs(subject, new PrivilegedAction() { - - @Override - public Void run() { - // TODO also set login context in order to log out ? - RemoteAuthUtils.configureRequestSecurity(new ServletHttpRequest(request)); - return null; - } - - }); +// Subject subject = lc.getSubject(); +// Subject.doAs(subject, new PrivilegedAction() { +// +// @Override +// public Void run() { +// // TODO also set login context in order to log out ? +// RemoteAuthUtils.configureRequestSecurity(remoteAuthRequest); +// return null; +// } +// +// }); return true; } - @Override - public void finishSecurity(HttpServletRequest request, HttpServletResponse response) { - RemoteAuthUtils.clearRequestSecurity(new ServletHttpRequest(request)); - } +// @Override +// public void finishSecurity(HttpServletRequest request, HttpServletResponse response) { +// RemoteAuthUtils.clearRequestSecurity(new ServletHttpRequest(request)); +// } - protected LoginContext processUnauthorized(HttpServletRequest request, HttpServletResponse response) { - // anonymous - ClassLoader currentContextClassLoader = Thread.currentThread().getContextClassLoader(); - try { - Thread.currentThread().setContextClassLoader(CmsServletContext.class.getClassLoader()); - LoginContext lc = CmsAuth.ANONYMOUS.newLoginContext( - new RemoteAuthCallbackHandler(new ServletHttpRequest(request), new ServletHttpResponse(response))); - lc.login(); - return lc; - } catch (LoginException e1) { - if (log.isDebugEnabled()) - log.error("Cannot log in as anonymous", e1); - return null; - } finally { - Thread.currentThread().setContextClassLoader(currentContextClassLoader); - } + protected boolean authIsRequired(RemoteAuthRequest remoteAuthRequest, RemoteAuthResponse remoteAuthResponse) { + return false; } +// protected LoginContext processUnauthorized(HttpServletRequest request, HttpServletResponse response) { +// // anonymous +// ClassLoader currentContextClassLoader = Thread.currentThread().getContextClassLoader(); +// try { +// Thread.currentThread().setContextClassLoader(CmsServletContext.class.getClassLoader()); +// LoginContext lc = CmsAuth.ANONYMOUS.newLoginContext( +// new RemoteAuthCallbackHandler(new ServletHttpRequest(request), new ServletHttpResponse(response))); +// lc.login(); +// return lc; +// } catch (LoginException e1) { +// if (log.isDebugEnabled()) +// log.error("Cannot log in as anonymous", e1); +// return null; +// } finally { +// Thread.currentThread().setContextClassLoader(currentContextClassLoader); +// } +// } + @Override public URL getResource(String name) { // TODO make it more robust and versatile