+ // private final boolean anonymous;
+
+ DataHttpContext() {
+ // this.anonymous = anonymous;
+ }
+
+ @Override
+ public boolean handleSecurity(final HttpServletRequest request, HttpServletResponse response)
+ throws IOException {
+
+ // optimization
+ HttpSession httpSession = request.getSession();
+ Object remoteUser = httpSession.getAttribute(REMOTE_USER);
+ Object authorization = httpSession.getAttribute(AUTHORIZATION);
+ if (remoteUser != null && authorization != null) {
+ request.setAttribute(REMOTE_USER, remoteUser);
+ request.setAttribute(AUTHORIZATION, authorization);
+ return true;
+ }
+
+ // if (anonymous) {
+ // Subject subject = KernelUtils.anonymousLogin();
+ // Authorization authorization =
+ // subject.getPrivateCredentials(Authorization.class).iterator().next();
+ // request.setAttribute(REMOTE_USER, NodeConstants.ROLE_ANONYMOUS);
+ // request.setAttribute(AUTHORIZATION, authorization);
+ // return true;
+ // }
+
+ // if (log.isTraceEnabled())
+ // KernelUtils.logRequestHeaders(log, request);
+ try {
+ new LoginContext(NodeConstants.LOGIN_CONTEXT_USER, new HttpRequestCallbackHandler(request)).login();
+ return true;
+ } catch (CredentialNotFoundException e) {
+ Subject subject = KernelUtils.anonymousLogin();
+ authorization = subject.getPrivateCredentials(Authorization.class).iterator().next();
+ request.setAttribute(REMOTE_USER, NodeConstants.ROLE_ANONYMOUS);
+ request.setAttribute(AUTHORIZATION, authorization);
+ httpSession.setAttribute(REMOTE_USER, NodeConstants.ROLE_ANONYMOUS);
+ httpSession.setAttribute(AUTHORIZATION, authorization);
+ return true;
+ // CallbackHandler token = basicAuth(request);
+ // if (token != null) {
+ // try {
+ // LoginContext lc = new
+ // LoginContext(NodeConstants.LOGIN_CONTEXT_USER, token);
+ // lc.login();
+ // // Note: this is impossible to reliably clear the
+ // // authorization header when access from a browser.
+ // return true;
+ // } catch (LoginException e1) {
+ // throw new CmsException("Could not login", e1);
+ // }
+ // } else {
+ // String path = request.getServletPath();
+ // if (path.startsWith(REMOTING_PRIVATE))
+ // requestBasicAuth(request, response);
+ // return false;
+ // }
+ } catch (LoginException e) {
+ throw new CmsException("Could not login", e);
+ }
+ }
+
+ @Override
+ public URL getResource(String name) {
+ return KernelUtils.getBundleContext(DataHttp.class).getBundle().getResource(name);
+ }
+
+ @Override
+ public String getMimeType(String name) {
+ return null;
+ }
+
+ }
+
+ private class RemotingHttpContext implements HttpContext {