X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms.ee%2Fsrc%2Forg%2Fargeo%2Fcms%2Fwebsocket%2Fserver%2FCmsWebSocketConfigurator.java;h=279b610b6edf8cb9d0ef57943cde4ae73762eafb;hb=c2eb0b8ebd1c9df4923f5fb2298a4ae04237f65d;hp=880eb0ed5b7a8b1b9e381d70e362efb501a28a70;hpb=60aa2e64061a09e938d9f6cba35ee3fd66a19828;p=lgpl%2Fargeo-commons.git
diff --git a/org.argeo.cms.ee/src/org/argeo/cms/websocket/server/CmsWebSocketConfigurator.java b/org.argeo.cms.ee/src/org/argeo/cms/websocket/server/CmsWebSocketConfigurator.java
index 880eb0ed5..279b610b6 100644
--- a/org.argeo.cms.ee/src/org/argeo/cms/websocket/server/CmsWebSocketConfigurator.java
+++ b/org.argeo.cms.ee/src/org/argeo/cms/websocket/server/CmsWebSocketConfigurator.java
@@ -1,11 +1,12 @@
package org.argeo.cms.websocket.server;
-import java.security.AccessController;
import java.security.PrivilegedAction;
+import java.util.ArrayList;
import java.util.List;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
import javax.websocket.Extension;
import javax.websocket.HandshakeResponse;
import javax.websocket.server.HandshakeRequest;
@@ -14,10 +15,12 @@ import javax.websocket.server.ServerEndpointConfig.Configurator;
import org.argeo.api.cms.CmsAuth;
import org.argeo.api.cms.CmsLog;
-import org.argeo.api.cms.CmsState;
import org.argeo.cms.auth.RemoteAuthCallbackHandler;
+import org.argeo.cms.auth.RemoteAuthRequest;
+import org.argeo.cms.auth.RemoteAuthResponse;
import org.argeo.cms.auth.RemoteAuthSession;
-import org.argeo.cms.servlet.ServletHttpSession;
+import org.argeo.cms.auth.RemoteAuthUtils;
+import org.argeo.cms.servlet.CmsServletContext;
/**
* Disabled until third party issues are solved.. Customises
@@ -29,16 +32,6 @@ public class CmsWebSocketConfigurator extends Configurator {
private final static CmsLog log = CmsLog.getLog(CmsWebSocketConfigurator.class);
final static String HEADER_WWW_AUTHENTICATE = "WWW-Authenticate";
-
- private CmsState cmsState;
-
- public void start() {
-
- }
-
- public void stop() {
-
- }
@Override
public boolean checkOrigin(String originHeaderValue) {
@@ -76,34 +69,56 @@ public class CmsWebSocketConfigurator extends Configurator {
@Override
public void modifyHandshake(ServerEndpointConfig sec, HandshakeRequest request, HandshakeResponse response) {
- if (true)
- return;
+// if (true)
+// return;
- RemoteAuthSession httpSession = new ServletHttpSession(
- (javax.servlet.http.HttpSession) request.getHttpSession());
- if (log.isDebugEnabled() && httpSession != null)
- log.debug("Web socket HTTP session id: " + httpSession.getId());
+ WebSocketHandshakeRequest remoteAuthRequest = new WebSocketHandshakeRequest(request);
+ WebSocketHandshakeResponse remoteAuthResponse = new WebSocketHandshakeResponse(response);
+// RemoteAuthSession httpSession = new ServletHttpSession(
+// (javax.servlet.http.HttpSession) request.getHttpSession());
+ RemoteAuthSession remoteAuthSession = remoteAuthRequest.getSession();
+ if (log.isDebugEnabled() && remoteAuthSession != null)
+ log.debug("Web socket HTTP session id: " + remoteAuthSession.getId());
- if (httpSession == null) {
- rejectResponse(response, null);
- }
+// if (remoteAuthSession == null) {
+// rejectResponse(response, null);
+// }
+ ClassLoader currentThreadContextClassLoader = Thread.currentThread().getContextClassLoader();
+ Thread.currentThread().setContextClassLoader(CmsServletContext.class.getClassLoader());
+ LoginContext lc;
try {
- LoginContext lc = new LoginContext(CmsAuth.LOGIN_CONTEXT_USER, new RemoteAuthCallbackHandler(httpSession));
+ lc = CmsAuth.USER.newLoginContext(new RemoteAuthCallbackHandler(remoteAuthRequest, remoteAuthResponse));
lc.login();
- if (log.isDebugEnabled())
- log.debug("Web socket logged-in as " + lc.getSubject());
- Subject.doAs(lc.getSubject(), new PrivilegedAction() {
+ } catch (LoginException e) {
+ // FIXME better analyse failure so as not to try endlessly
+ if (authIsRequired(remoteAuthRequest, remoteAuthResponse)) {
+ int statusCode = RemoteAuthUtils.askForWwwAuth(remoteAuthResponse, "Argeo", true);
+ remoteAuthResponse.setHeader("Status-Code", Integer.toString(statusCode));
+ return;
+ } else {
+ lc = RemoteAuthUtils.anonymousLogin(remoteAuthRequest, remoteAuthResponse);
+ }
+ if (lc == null)
+ rejectResponse(response, e);
+ } finally {
+ Thread.currentThread().setContextClassLoader(currentThreadContextClassLoader);
+ }
- @Override
- public Void run() {
- sec.getUserProperties().put(REMOTE_USER, AccessController.getContext());
- return null;
- }
+ Subject subject = lc.getSubject();
+ Subject.doAs(subject, new PrivilegedAction() {
- });
- } catch (Exception e) {
- rejectResponse(response, e);
- }
+ @Override
+ public Void run() {
+ // TODO also set login context in order to log out ?
+ RemoteAuthUtils.configureRequestSecurity(remoteAuthRequest);
+ return null;
+ }
+
+ });
+ }
+
+ protected boolean authIsRequired(RemoteAuthRequest remoteAuthRequest, RemoteAuthResponse remoteAuthResponse) {
+ return true;
}
/**
@@ -113,6 +128,7 @@ public class CmsWebSocketConfigurator extends Configurator {
* @param e can be null
*/
protected void rejectResponse(HandshakeResponse response, Exception e) {
+ response.getHeaders().put(HandshakeResponse.SEC_WEBSOCKET_ACCEPT, new ArrayList());
// violent implementation, as suggested in
// https://stackoverflow.com/questions/21763829/jsr-356-how-to-abort-a-websocket-connection-during-the-handshake
// throw new IllegalStateException("Web socket cannot be authenticated");