View Javadoc
1   package org.argeo.cms.internal.http;
2   
3   import java.io.IOException;
4   import java.net.URL;
5   
6   import javax.security.auth.login.LoginContext;
7   import javax.security.auth.login.LoginException;
8   import javax.servlet.http.HttpServletRequest;
9   import javax.servlet.http.HttpServletResponse;
10  
11  import org.apache.commons.logging.Log;
12  import org.apache.commons.logging.LogFactory;
13  import org.argeo.api.NodeConstants;
14  import org.argeo.cms.auth.HttpRequestCallbackHandler;
15  import org.osgi.framework.BundleContext;
16  import org.osgi.framework.FrameworkUtil;
17  import org.osgi.service.http.HttpContext;
18  
19  @Deprecated
20  public class DataHttpContext implements HttpContext {
21  	private final static Log log = LogFactory.getLog(DataHttpContext.class);
22  
23  	private final BundleContext bc = FrameworkUtil.getBundle(getClass()).getBundleContext();
24  
25  	// FIXME Make it more unique
26  	private final String httpAuthRealm;
27  	private final boolean forceBasic;
28  
29  	public DataHttpContext(String httpAuthrealm, boolean forceBasic) {
30  		this.httpAuthRealm = httpAuthrealm;
31  		this.forceBasic = forceBasic;
32  	}
33  
34  	public DataHttpContext(String httpAuthrealm) {
35  		this(httpAuthrealm, false);
36  	}
37  
38  	@Override
39  	public boolean handleSecurity(final HttpServletRequest request, HttpServletResponse response) throws IOException {
40  
41  		if (log.isTraceEnabled())
42  			HttpUtils.logRequestHeaders(log, request);
43  		LoginContext lc;
44  		try {
45  			lc = new LoginContext(NodeConstants.LOGIN_CONTEXT_USER, new HttpRequestCallbackHandler(request, response));
46  			lc.login();
47  		} catch (LoginException e) {
48  			lc = processUnauthorized(request, response);
49  			if (lc == null)
50  				return false;
51  		}
52  		return true;
53  	}
54  
55  	@Override
56  	public URL getResource(String name) {
57  		return bc.getBundle().getResource(name);
58  	}
59  
60  	@Override
61  	public String getMimeType(String name) {
62  		return null;
63  	}
64  
65  	protected LoginContext processUnauthorized(HttpServletRequest request, HttpServletResponse response) {
66  		// anonymous
67  		try {
68  			LoginContext lc = new LoginContext(NodeConstants.LOGIN_CONTEXT_ANONYMOUS, new HttpRequestCallbackHandler(request, response));
69  			lc.login();
70  			return lc;
71  		} catch (LoginException e1) {
72  			if (log.isDebugEnabled())
73  				log.error("Cannot log in as anonymous", e1);
74  			return null;
75  		}
76  	}
77  	protected void askForWwwAuth(HttpServletRequest request, HttpServletResponse response) {
78  		response.setStatus(401);
79  		// response.setHeader(HttpUtils.HEADER_WWW_AUTHENTICATE, "basic
80  		// realm=\"" + httpAuthRealm + "\"");
81  		if (org.argeo.cms.internal.kernel.Activator.getAcceptorCredentials() != null && !forceBasic)// SPNEGO
82  			response.setHeader(HttpUtils.HEADER_WWW_AUTHENTICATE, "Negotiate");
83  		else
84  			response.setHeader(HttpUtils.HEADER_WWW_AUTHENTICATE, "Basic realm=\"" + httpAuthRealm + "\"");
85  
86  		// response.setDateHeader("Date", System.currentTimeMillis());
87  		// response.setDateHeader("Expires", System.currentTimeMillis() + (24 *
88  		// 60 * 60 * 1000));
89  		// response.setHeader("Accept-Ranges", "bytes");
90  		// response.setHeader("Connection", "Keep-Alive");
91  		// response.setHeader("Keep-Alive", "timeout=5, max=97");
92  		// response.setContentType("text/html; charset=UTF-8");
93  
94  	}
95  
96  }