From 92ac99f3ededbcd28def2bf9601bb33c02a351b3 Mon Sep 17 00:00:00 2001 From: Mathieu Baudier Date: Tue, 15 Sep 2015 20:50:12 +0000 Subject: [PATCH] Session authentication working git-svn-id: https://svn.argeo.org/commons/trunk@8405 4cfe0d0a-d680-48aa-b62c-e0a02a3f76cc --- .../argeo/cms/internal/kernel/NodeHttp.java | 87 +++++++++++-------- 1 file changed, 49 insertions(+), 38 deletions(-) diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeHttp.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeHttp.java index 964ada11e..6dc70144b 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeHttp.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeHttp.java @@ -1,6 +1,10 @@ package org.argeo.cms.internal.kernel; +import static org.argeo.cms.KernelHeader.ACCESS_CONTROL_CONTEXT; + import java.io.IOException; +import java.security.AccessControlContext; +import java.security.AccessController; import java.security.PrivilegedActionException; import java.security.PrivilegedExceptionAction; import java.security.cert.X509Certificate; @@ -322,52 +326,59 @@ class NodeHttp implements KernelConstants, ArgeoJcrConstants { private class DavFilter extends HttpFilter { @Override - public void doFilter(HttpSession httpSession, + public void doFilter(final HttpSession httpSession, final HttpServletRequest request, final HttpServletResponse response, final FilterChain filterChain) throws IOException, ServletException { - // Process basic auth - String basicAuth = request.getHeader(HEADER_AUTHORIZATION); - if (basicAuth != null) { - CallbackHandler token = basicAuth(basicAuth); - // FIXME Login - // Authentication auth = - // authenticationManager.authenticate(token); - // SecurityContextHolder.getContext().setAuthentication(auth); - // filterChain.doFilter(request, response); - Subject subject; - try { - LoginContext lc = new LoginContext( - KernelHeader.LOGIN_CONTEXT_USER, token); - lc.login(); - subject = lc.getSubject(); - } catch (LoginException e) { - throw new CmsException("Could not login", e); - } - try { - Subject.doAs(subject, - new PrivilegedExceptionAction() { - public Void run() throws IOException, - ServletException { - filterChain.doFilter(request, response); - return null; - } - }); - } catch (PrivilegedActionException e) { - if (e.getCause() instanceof ServletException) - throw (ServletException) e.getCause(); - else if (e.getCause() instanceof IOException) - throw (IOException) e.getCause(); - else - throw new CmsException("Unexpected exception", - e.getCause()); + AccessControlContext acc = (AccessControlContext) httpSession + .getAttribute(KernelHeader.ACCESS_CONTROL_CONTEXT); + final Subject subject; + if (acc != null) { + subject = Subject.getSubject(acc); + } else { + // Process basic auth + String basicAuth = request.getHeader(HEADER_AUTHORIZATION); + if (basicAuth != null) { + CallbackHandler token = basicAuth(basicAuth); + try { + LoginContext lc = new LoginContext( + KernelHeader.LOGIN_CONTEXT_USER, token); + lc.login(); + subject = lc.getSubject(); + } catch (LoginException e) { + throw new CmsException("Could not login", e); + } + } else { + requestBasicAuth(httpSession, response); + return; } - return; + } + // do filter as subject + try { + Subject.doAs(subject, + new PrivilegedExceptionAction() { + public Void run() throws IOException, + ServletException { + // add security context to session + httpSession.setAttribute( + ACCESS_CONTROL_CONTEXT, + AccessController.getContext()); + filterChain.doFilter(request, response); + return null; + } + }); + } catch (PrivilegedActionException e) { + if (e.getCause() instanceof ServletException) + throw (ServletException) e.getCause(); + else if (e.getCause() instanceof IOException) + throw (IOException) e.getCause(); + else + throw new CmsException("Unexpected exception", + e.getCause()); } - requestBasicAuth(httpSession, response); } } -- 2.30.2