View Javadoc
1   package org.argeo.cms.internal.http;
2   
3   import javax.security.auth.login.LoginContext;
4   import javax.servlet.http.HttpServletRequest;
5   import javax.servlet.http.HttpServletResponse;
6   
7   /** Servlet context forcing authentication. */
8   public class PrivateServletContextHelper extends CmsServletContextHelper {
9   	// TODO make it configurable
10  	private final String httpAuthRealm = "Argeo";
11  	private final boolean forceBasic = false;
12  
13  	@Override
14  	protected LoginContext processUnauthorized(HttpServletRequest request, HttpServletResponse response) {
15  		askForWwwAuth(request, response);
16  		return null;
17  	}
18  
19  	protected void askForWwwAuth(HttpServletRequest request, HttpServletResponse response) {
20  		response.setStatus(401);
21  		// response.setHeader(HttpUtils.HEADER_WWW_AUTHENTICATE, "basic
22  		// realm=\"" + httpAuthRealm + "\"");
23  		if (org.argeo.cms.internal.kernel.Activator.getAcceptorCredentials() != null && !forceBasic)// SPNEGO
24  			response.setHeader(HttpUtils.HEADER_WWW_AUTHENTICATE, "Negotiate");
25  		else
26  			response.setHeader(HttpUtils.HEADER_WWW_AUTHENTICATE, "Basic realm=\"" + httpAuthRealm + "\"");
27  
28  		// response.setDateHeader("Date", System.currentTimeMillis());
29  		// response.setDateHeader("Expires", System.currentTimeMillis() + (24 *
30  		// 60 * 60 * 1000));
31  		// response.setHeader("Accept-Ranges", "bytes");
32  		// response.setHeader("Connection", "Keep-Alive");
33  		// response.setHeader("Keep-Alive", "timeout=5, max=97");
34  		// response.setContentType("text/html; charset=UTF-8");
35  
36  	}
37  }