From b62b143dd3589245f088fb260d6d14edf7a87867 Mon Sep 17 00:00:00 2001 From: Mathieu Date: Sat, 3 Dec 2022 09:07:14 +0100 Subject: [PATCH] Support multiple authenticate headers --- .../org/argeo/cms/servlet/ServletHttpResponse.java | 9 +++++++-- .../websocket/server/WebSocketHandshakeResponse.java | 11 +++++++++-- .../src/org/argeo/cms/auth/RemoteAuthResponse.java | 5 ++++- .../src/org/argeo/cms/auth/RemoteAuthUtils.java | 10 +++++++--- .../cms/internal/http/RemoteAuthHttpExchange.java | 11 +++++++++-- 5 files changed, 36 insertions(+), 10 deletions(-) diff --git a/org.argeo.cms.ee/src/org/argeo/cms/servlet/ServletHttpResponse.java b/org.argeo.cms.ee/src/org/argeo/cms/servlet/ServletHttpResponse.java index de47365ca..0c600e54b 100644 --- a/org.argeo.cms.ee/src/org/argeo/cms/servlet/ServletHttpResponse.java +++ b/org.argeo.cms.ee/src/org/argeo/cms/servlet/ServletHttpResponse.java @@ -15,8 +15,13 @@ public class ServletHttpResponse implements RemoteAuthResponse { } @Override - public void setHeader(String keys, String value) { - response.setHeader(keys, value); + public void setHeader(String headerName, String value) { + response.setHeader(headerName, value); + } + + @Override + public void addHeader(String headerName, String value) { + response.addHeader(headerName, value); } } diff --git a/org.argeo.cms.ee/src/org/argeo/cms/websocket/server/WebSocketHandshakeResponse.java b/org.argeo.cms.ee/src/org/argeo/cms/websocket/server/WebSocketHandshakeResponse.java index 3a978c8ae..b003c6372 100644 --- a/org.argeo.cms.ee/src/org/argeo/cms/websocket/server/WebSocketHandshakeResponse.java +++ b/org.argeo.cms.ee/src/org/argeo/cms/websocket/server/WebSocketHandshakeResponse.java @@ -1,6 +1,8 @@ package org.argeo.cms.websocket.server; +import java.util.ArrayList; import java.util.Collections; +import java.util.List; import javax.websocket.HandshakeResponse; @@ -14,9 +16,14 @@ public class WebSocketHandshakeResponse implements RemoteAuthResponse { } @Override - public void setHeader(String key, String value) { - handshakeResponse.getHeaders().put(key, Collections.singletonList(value)); + public void setHeader(String headerName, String value) { + handshakeResponse.getHeaders().put(headerName, Collections.singletonList(value)); + } + @Override + public void addHeader(String headerName, String value) { + List values = handshakeResponse.getHeaders().getOrDefault(headerName, new ArrayList<>()); + values.add(value); } } diff --git a/org.argeo.cms/src/org/argeo/cms/auth/RemoteAuthResponse.java b/org.argeo.cms/src/org/argeo/cms/auth/RemoteAuthResponse.java index f91b6c5de..b815b49d1 100644 --- a/org.argeo.cms/src/org/argeo/cms/auth/RemoteAuthResponse.java +++ b/org.argeo.cms/src/org/argeo/cms/auth/RemoteAuthResponse.java @@ -2,6 +2,9 @@ package org.argeo.cms.auth; /** Transitional interface to decouple from the Servlet API. */ public interface RemoteAuthResponse { - void setHeader(String keys, String value); + /** Set this header to a single value, possibly removing previous values. */ + void setHeader(String headerName, String value); + /** Add a value to this header. */ + void addHeader(String headerName, String value); } diff --git a/org.argeo.cms/src/org/argeo/cms/auth/RemoteAuthUtils.java b/org.argeo.cms/src/org/argeo/cms/auth/RemoteAuthUtils.java index 4a8f18fcd..3c436ba1f 100644 --- a/org.argeo.cms/src/org/argeo/cms/auth/RemoteAuthUtils.java +++ b/org.argeo.cms/src/org/argeo/cms/auth/RemoteAuthUtils.java @@ -161,11 +161,15 @@ public class RemoteAuthUtils { // response.setHeader(HttpUtils.HEADER_WWW_AUTHENTICATE, "basic // realm=\"" + httpAuthRealm + "\""); - if (hasAcceptorCredentials() && !forceBasic && !negotiateFailed)// SPNEGO - remoteAuthResponse.setHeader(HttpHeader.WWW_AUTHENTICATE.getHeaderName(), HttpHeader.NEGOTIATE); - else + if (hasAcceptorCredentials() && !forceBasic && !negotiateFailed) {// SPNEGO + remoteAuthResponse.addHeader(HttpHeader.WWW_AUTHENTICATE.getHeaderName(), HttpHeader.NEGOTIATE); + // TODO make it configurable ? + remoteAuthResponse.addHeader(HttpHeader.WWW_AUTHENTICATE.getHeaderName(), + HttpHeader.BASIC + " " + HttpHeader.REALM + "=\"" + realm + "\""); + } else { remoteAuthResponse.setHeader(HttpHeader.WWW_AUTHENTICATE.getHeaderName(), HttpHeader.BASIC + " " + HttpHeader.REALM + "=\"" + realm + "\""); + } // response.setDateHeader("Date", System.currentTimeMillis()); // response.setDateHeader("Expires", System.currentTimeMillis() + (24 * diff --git a/org.argeo.cms/src/org/argeo/cms/internal/http/RemoteAuthHttpExchange.java b/org.argeo.cms/src/org/argeo/cms/internal/http/RemoteAuthHttpExchange.java index 00f2b8fe1..b7e670c79 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/http/RemoteAuthHttpExchange.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/http/RemoteAuthHttpExchange.java @@ -1,5 +1,6 @@ package org.argeo.cms.internal.http; +import java.util.ArrayList; import java.util.Collections; import java.util.List; import java.util.Locale; @@ -22,8 +23,14 @@ public class RemoteAuthHttpExchange implements RemoteAuthRequest, RemoteAuthResp } @Override - public void setHeader(String keys, String value) { - httpExchange.getResponseHeaders().put(keys, Collections.singletonList(value)); + public void setHeader(String headerName, String value) { + httpExchange.getResponseHeaders().put(headerName, Collections.singletonList(value)); + } + + @Override + public void addHeader(String headerName, String value) { + List values = httpExchange.getResponseHeaders().getOrDefault(headerName, new ArrayList<>()); + values.add(value); } @Override -- 2.30.2