Improve Jetty integration in order to support consistent HTTP sessions.

[lgpl/argeo-commons.git] / org.argeo.cms.ee / src / org / argeo / cms / servlet / httpserver / HttpContextServlet.java
diff --git a/org.argeo.cms.ee/src/org/argeo/cms/servlet/httpserver/HttpContextServlet.java b/org.argeo.cms.ee/src/org/argeo/cms/servlet/httpserver/HttpContextServlet.java

index c81bad7bc59c049ac31a9577308f913fa2d7fa4b..63d59a88d0510cf9565ccac177bb1608e96ca68e 100644 (file)
--- a/org.argeo.cms.ee/src/org/argeo/cms/servlet/httpserver/HttpContextServlet.java
+++ b/org.argeo.cms.ee/src/org/argeo/cms/servlet/httpserver/HttpContextServlet.java
@@ -7,11 +7,18 @@ import javax.servlet.http.HttpServlet;
  import javax.servlet.http.HttpServletRequest;
  import javax.servlet.http.HttpServletResponse;
  
+import org.argeo.cms.auth.RemoteAuthSession;
+import org.argeo.cms.servlet.ServletHttpSession;
+
  import com.sun.net.httpserver.Authenticator;
  import com.sun.net.httpserver.HttpContext;
  import com.sun.net.httpserver.HttpHandler;
  import com.sun.net.httpserver.HttpPrincipal;
  
+/**
+ * An {@link HttpServlet} which integrates an {@link HttpContext} and its
+ * {@link Authenticator} in a servlet container.
+ */
  public class HttpContextServlet extends HttpServlet {
         private static final long serialVersionUID = 2321612280413662738L;
  
@@ -24,6 +31,8 @@ public class HttpContextServlet extends HttpServlet {
         @Override
         protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
                 try (ServletHttpExchange httpExchange = new ServletHttpExchange(httpContext, req, resp)) {
+                       ServletHttpSession httpSession = new ServletHttpSession(req.getSession());
+                       httpExchange.setAttribute(RemoteAuthSession.class.getName(), httpSession);
                         Authenticator authenticator = httpContext.getAuthenticator();
                         if (authenticator != null) {
                                 Authenticator.Result authenticationResult = authenticator.authenticate(httpExchange);
@@ -31,10 +40,14 @@ public class HttpContextServlet extends HttpServlet {
                                         HttpPrincipal httpPrincipal = ((Authenticator.Success) authenticationResult).getPrincipal();
                                         httpExchange.setPrincipal(httpPrincipal);
                                 } else if (authenticationResult instanceof Authenticator.Retry) {
-                                       resp.setStatus(((Authenticator.Retry) authenticationResult).getResponseCode());
+                                       httpExchange.sendResponseHeaders((((Authenticator.Retry) authenticationResult).getResponseCode()),
+                                                       -1);
+                                       resp.flushBuffer();
                                         return;
                                 } else if (authenticationResult instanceof Authenticator.Failure) {
-                                       resp.setStatus(((Authenticator.Failure) authenticationResult).getResponseCode());
+                                       httpExchange.sendResponseHeaders(((Authenticator.Failure) authenticationResult).getResponseCode(),
+                                                       -1);
+                                       resp.flushBuffer();
                                         return;
                                 } else {
                                         throw new UnsupportedOperationException(
@@ -46,5 +59,4 @@ public class HttpContextServlet extends HttpServlet {
                         httpHandler.handle(httpExchange);
                 }
         }
-
  }