1 package org.argeo.cms.internal.http;
2
3 import java.io.IOException;
4 import java.net.URL;
5 import java.util.Map;
6
7 import javax.security.auth.login.LoginContext;
8 import javax.security.auth.login.LoginException;
9 import javax.servlet.http.HttpServletRequest;
10 import javax.servlet.http.HttpServletResponse;
11
12 import org.apache.commons.logging.Log;
13 import org.apache.commons.logging.LogFactory;
14 import org.argeo.api.NodeConstants;
15 import org.argeo.cms.auth.HttpRequestCallbackHandler;
16 import org.osgi.framework.Bundle;
17 import org.osgi.framework.FrameworkUtil;
18 import org.osgi.service.http.context.ServletContextHelper;
19
20
21
22
23
24 public class CmsServletContextHelper extends ServletContextHelper {
25 private final static Log log = LogFactory.getLog(CmsServletContextHelper.class);
26
27 private Bundle bundle = FrameworkUtil.getBundle(getClass());
28
29 public void init(Map<String, String> properties) {
30
31 }
32
33 public void destroy() {
34
35 }
36
37 @Override
38 public boolean handleSecurity(HttpServletRequest request, HttpServletResponse response) throws IOException {
39 if (log.isTraceEnabled())
40 HttpUtils.logRequestHeaders(log, request);
41 LoginContext lc;
42 try {
43 lc = new LoginContext(NodeConstants.LOGIN_CONTEXT_USER, new HttpRequestCallbackHandler(request, response));
44 lc.login();
45 } catch (LoginException e) {
46 lc = processUnauthorized(request, response);
47 if (lc == null)
48 return false;
49 }
50 return true;
51 }
52
53 protected LoginContext processUnauthorized(HttpServletRequest request, HttpServletResponse response) {
54
55 try {
56 LoginContext lc = new LoginContext(NodeConstants.LOGIN_CONTEXT_ANONYMOUS,
57 new HttpRequestCallbackHandler(request, response));
58 lc.login();
59 return lc;
60 } catch (LoginException e1) {
61 if (log.isDebugEnabled())
62 log.error("Cannot log in as anonymous", e1);
63 return null;
64 }
65 }
66
67 @Override
68 public URL getResource(String name) {
69 return bundle.getResource(name);
70 }
71
72 }