+++ /dev/null
-package org.argeo.cms.integration;
-
-import java.io.IOException;
-import java.security.AccessControlContext;
-import java.util.Map;
-
-import javax.security.auth.login.LoginContext;
-import javax.security.auth.login.LoginException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.argeo.api.cms.CmsAuth;
-import org.argeo.cms.auth.RemoteAuthCallbackHandler;
-import org.argeo.cms.auth.RemoteAuthUtils;
-import org.argeo.cms.servlet.ServletHttpRequest;
-import org.argeo.cms.servlet.ServletHttpResponse;
-import org.osgi.service.http.context.ServletContextHelper;
-
-/** Manages security access to servlets. */
-public class CmsPrivateServletContext extends ServletContextHelper {
- public final static String LOGIN_PAGE = "argeo.cms.integration.loginPage";
- public final static String LOGIN_SERVLET = "argeo.cms.integration.loginServlet";
- private String loginPage;
- private String loginServlet;
-
- public void init(Map<String, String> properties) {
- loginPage = properties.get(LOGIN_PAGE);
- loginServlet = properties.get(LOGIN_SERVLET);
- }
-
- /**
- * Add the {@link AccessControlContext} as a request attribute, or redirect to
- * the login page.
- */
- @Override
- public boolean handleSecurity(final HttpServletRequest req, HttpServletResponse resp) throws IOException {
- LoginContext lc = null;
- ServletHttpRequest request = new ServletHttpRequest(req);
- ServletHttpResponse response = new ServletHttpResponse(resp);
-
- String pathInfo = req.getPathInfo();
- String servletPath = req.getServletPath();
- if ((pathInfo != null && (servletPath + pathInfo).equals(loginPage)) || servletPath.contentEquals(loginServlet))
- return true;
- try {
- lc = CmsAuth.USER.newLoginContext(new RemoteAuthCallbackHandler(request, response));
- lc.login();
- } catch (LoginException e) {
- lc = processUnauthorized(req, resp);
- if (lc == null)
- return false;
- }
-// Subject.doAs(lc.getSubject(), new PrivilegedAction<Void>() {
-//
-// @Override
-// public Void run() {
-// // TODO also set login context in order to log out ?
-// RemoteAuthUtils.configureRequestSecurity(request);
-// return null;
-// }
-//
-// });
-
- return true;
- }
-
-// @Override
-// public void finishSecurity(HttpServletRequest req, HttpServletResponse resp) {
-// RemoteAuthUtils.clearRequestSecurity(new ServletHttpRequest(req));
-// }
-
- protected LoginContext processUnauthorized(HttpServletRequest request, HttpServletResponse response) {
- try {
- response.sendRedirect(loginPage);
- } catch (IOException e) {
- throw new RuntimeException("Cannot redirect to login page", e);
- }
- return null;
- }
-}