Support multiple authenticate headers

diff --git a/org.argeo.cms.ee/src/org/argeo/cms/servlet/ServletHttpResponse.java b/org.argeo.cms.ee/src/org/argeo/cms/servlet/ServletHttpResponse.java
index de47365cac754ff411272f257be217f0e895fb0a..0c600e54b13b2f1db19a13c31af1cc8aab515c72 100644 (file)
--- a/org.argeo.cms.ee/src/org/argeo/cms/servlet/ServletHttpResponse.java
+++ b/org.argeo.cms.ee/src/org/argeo/cms/servlet/ServletHttpResponse.java
@@ -15,8 +15,13 @@ public class ServletHttpResponse implements RemoteAuthResponse {
        }
 
        @Override
-       public void setHeader(String keys, String value) {
-               response.setHeader(keys, value);
+       public void setHeader(String headerName, String value) {
+               response.setHeader(headerName, value);
+       }
+
+       @Override
+       public void addHeader(String headerName, String value) {
+               response.addHeader(headerName, value);
        }
 
 }

diff --git a/org.argeo.cms.ee/src/org/argeo/cms/websocket/server/WebSocketHandshakeResponse.java b/org.argeo.cms.ee/src/org/argeo/cms/websocket/server/WebSocketHandshakeResponse.java
index 3a978c8ae0f1cb5ec4f3a343ccea2e5f2221a40e..b003c63729c58be246aaa9c5b455e11c9c30d1da 100644 (file)
--- a/org.argeo.cms.ee/src/org/argeo/cms/websocket/server/WebSocketHandshakeResponse.java
+++ b/org.argeo.cms.ee/src/org/argeo/cms/websocket/server/WebSocketHandshakeResponse.java
@@ -1,6 +1,8 @@
 package org.argeo.cms.websocket.server;
 
+import java.util.ArrayList;
 import java.util.Collections;
+import java.util.List;
 
 import javax.websocket.HandshakeResponse;
 
@@ -14,9 +16,14 @@ public class WebSocketHandshakeResponse implements RemoteAuthResponse {
        }
 
        @Override
-       public void setHeader(String key, String value) {
-               handshakeResponse.getHeaders().put(key, Collections.singletonList(value));
+       public void setHeader(String headerName, String value) {
+               handshakeResponse.getHeaders().put(headerName, Collections.singletonList(value));
+       }
 
+       @Override
+       public void addHeader(String headerName, String value) {
+               List<String> values = handshakeResponse.getHeaders().getOrDefault(headerName, new ArrayList<>());
+               values.add(value);
        }
 
 }

diff --git a/org.argeo.cms/src/org/argeo/cms/auth/RemoteAuthResponse.java b/org.argeo.cms/src/org/argeo/cms/auth/RemoteAuthResponse.java
index f91b6c5decb6955d5790b218caa9bd6f9f88f594..b815b49d192674df0d1628428d7650005307f55c 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/auth/RemoteAuthResponse.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/RemoteAuthResponse.java
@@ -2,6 +2,9 @@ package org.argeo.cms.auth;
 
 /** Transitional interface to decouple from the Servlet API. */
 public interface RemoteAuthResponse {
-       void setHeader(String keys, String value);
+       /** Set this header to a single value, possibly removing previous values. */
+       void setHeader(String headerName, String value);
 
+       /** Add a value to this header. */
+       void addHeader(String headerName, String value);
 }

diff --git a/org.argeo.cms/src/org/argeo/cms/auth/RemoteAuthUtils.java b/org.argeo.cms/src/org/argeo/cms/auth/RemoteAuthUtils.java
index 4a8f18fcd811a11b516597e827d173542a441c50..3c436ba1fc40edd772e161d65ea1c70bc5f39cea 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/auth/RemoteAuthUtils.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/RemoteAuthUtils.java
@@ -161,11 +161,15 @@ public class RemoteAuthUtils {
 
                // response.setHeader(HttpUtils.HEADER_WWW_AUTHENTICATE, "basic
                // realm=\"" + httpAuthRealm + "\"");
-               if (hasAcceptorCredentials() && !forceBasic && !negotiateFailed)// SPNEGO
-                       remoteAuthResponse.setHeader(HttpHeader.WWW_AUTHENTICATE.getHeaderName(), HttpHeader.NEGOTIATE);
-               else
+               if (hasAcceptorCredentials() && !forceBasic && !negotiateFailed) {// SPNEGO
+                       remoteAuthResponse.addHeader(HttpHeader.WWW_AUTHENTICATE.getHeaderName(), HttpHeader.NEGOTIATE);
+                       // TODO make it configurable ?
+                       remoteAuthResponse.addHeader(HttpHeader.WWW_AUTHENTICATE.getHeaderName(),
+                                       HttpHeader.BASIC + " " + HttpHeader.REALM + "=\"" + realm + "\"");
+               } else {
                        remoteAuthResponse.setHeader(HttpHeader.WWW_AUTHENTICATE.getHeaderName(),
                                        HttpHeader.BASIC + " " + HttpHeader.REALM + "=\"" + realm + "\"");
+               }
 
                // response.setDateHeader("Date", System.currentTimeMillis());
                // response.setDateHeader("Expires", System.currentTimeMillis() + (24 *

diff --git a/org.argeo.cms/src/org/argeo/cms/internal/http/RemoteAuthHttpExchange.java b/org.argeo.cms/src/org/argeo/cms/internal/http/RemoteAuthHttpExchange.java
index 00f2b8fe1646dac38053a2125743c5bed9ac4f90..b7e670c7943899cb085a1601c0485ffd99c243ea 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/internal/http/RemoteAuthHttpExchange.java
+++ b/org.argeo.cms/src/org/argeo/cms/internal/http/RemoteAuthHttpExchange.java
@@ -1,5 +1,6 @@
 package org.argeo.cms.internal.http;
 
+import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
 import java.util.Locale;
@@ -22,8 +23,14 @@ public class RemoteAuthHttpExchange implements RemoteAuthRequest, RemoteAuthResp
        }
 
        @Override
-       public void setHeader(String keys, String value) {
-               httpExchange.getResponseHeaders().put(keys, Collections.singletonList(value));
+       public void setHeader(String headerName, String value) {
+               httpExchange.getResponseHeaders().put(headerName, Collections.singletonList(value));
+       }
+
+       @Override
+       public void addHeader(String headerName, String value) {
+               List<String> values = httpExchange.getResponseHeaders().getOrDefault(headerName, new ArrayList<>());
+               values.add(value);
        }
 
        @Override