You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jackrabbit.apache.org by ju...@apache.org on 2009/04/08 06:10:59 UTC
svn commit: r762781 - in
/jackrabbit/trunk/jackrabbit-jcr-servlet/src/main/java/org/apache/jackrabbit/servlet/login:
./ AbstractLoginFilter.java BasicLoginFilter.java ContainerLoginFilter.java
NullLoginFilter.java
Author: jukka
Date: Tue Apr 7 14:03:27 2009
New Revision: 762781
URL: http://svn.apache.org/viewvc?rev=762781&view=rev
Log:
JCR-2043: Login filters in jackrabbit-servlet
Some basic login filters. Work in progress.
Added:
jackrabbit/trunk/jackrabbit-jcr-servlet/src/main/java/org/apache/jackrabbit/servlet/login/
jackrabbit/trunk/jackrabbit-jcr-servlet/src/main/java/org/apache/jackrabbit/servlet/login/AbstractLoginFilter.java
jackrabbit/trunk/jackrabbit-jcr-servlet/src/main/java/org/apache/jackrabbit/servlet/login/BasicLoginFilter.java
jackrabbit/trunk/jackrabbit-jcr-servlet/src/main/java/org/apache/jackrabbit/servlet/login/ContainerLoginFilter.java
jackrabbit/trunk/jackrabbit-jcr-servlet/src/main/java/org/apache/jackrabbit/servlet/login/NullLoginFilter.java
Added: jackrabbit/trunk/jackrabbit-jcr-servlet/src/main/java/org/apache/jackrabbit/servlet/login/AbstractLoginFilter.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-jcr-servlet/src/main/java/org/apache/jackrabbit/servlet/login/AbstractLoginFilter.java?rev=762781&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-jcr-servlet/src/main/java/org/apache/jackrabbit/servlet/login/AbstractLoginFilter.java (added)
+++ jackrabbit/trunk/jackrabbit-jcr-servlet/src/main/java/org/apache/jackrabbit/servlet/login/AbstractLoginFilter.java Tue Apr 7 14:03:27 2009
@@ -0,0 +1,113 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.servlet.login;
+
+import java.io.IOException;
+
+import javax.jcr.AccessDeniedException;
+import javax.jcr.Credentials;
+import javax.jcr.LoginException;
+import javax.jcr.NoSuchWorkspaceException;
+import javax.jcr.Node;
+import javax.jcr.Repository;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.jackrabbit.servlet.ServletRepository;
+
+/**
+ *
+ * @since Apache Jackrabbit 1.6
+ */
+public abstract class AbstractLoginFilter implements Filter {
+
+ private Repository repository;
+
+ private String workspace;
+
+ private String sessionAttribute;
+
+ private String nodeAttribute;
+
+ public void init(FilterConfig config) {
+ repository = new ServletRepository(config);
+ workspace = config.getInitParameter("workspace");
+
+ sessionAttribute = config.getInitParameter(Session.class.getName());
+ if (sessionAttribute == null) {
+ sessionAttribute = Session.class.getName();
+ }
+
+ nodeAttribute = config.getInitParameter(Node.class.getName());
+ if (nodeAttribute == null) {
+ nodeAttribute = Node.class.getName();
+ }
+ }
+
+ public void destroy() {
+ }
+
+ public void doFilter(
+ ServletRequest request, ServletResponse response,
+ FilterChain chain) throws IOException, ServletException {
+ HttpServletRequest httpRequest = (HttpServletRequest) request;
+ HttpServletResponse httpResponse = (HttpServletResponse) response;
+ try {
+ Credentials credentials = getCredentials(httpRequest);
+ Session session = repository.login(credentials, workspace);
+ try {
+ request.setAttribute(sessionAttribute, session);
+ request.setAttribute(nodeAttribute, session.getRootNode());
+ chain.doFilter(request, response);
+ if (session.hasPendingChanges()) {
+ session.save();
+ }
+ } finally {
+ session.logout();
+ }
+ } catch (ServletException e) {
+ Throwable cause = e.getRootCause();
+ if (cause instanceof AccessDeniedException) {
+ httpResponse.sendError(
+ HttpServletResponse.SC_FORBIDDEN, cause.getMessage());
+ } else {
+ throw e;
+ }
+ } catch (LoginException e) {
+ httpResponse.sendError(
+ HttpServletResponse.SC_UNAUTHORIZED, e.getMessage());
+ } catch (NoSuchWorkspaceException e) {
+ throw new ServletException(
+ "Workspace " + workspace
+ + " not found in the content repository", e);
+ } catch (RepositoryException e) {
+ throw new ServletException(
+ "Unable to access the content repository", e);
+ }
+ }
+
+ protected abstract Credentials getCredentials(HttpServletRequest request);
+
+}
Added: jackrabbit/trunk/jackrabbit-jcr-servlet/src/main/java/org/apache/jackrabbit/servlet/login/BasicLoginFilter.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-jcr-servlet/src/main/java/org/apache/jackrabbit/servlet/login/BasicLoginFilter.java?rev=762781&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-jcr-servlet/src/main/java/org/apache/jackrabbit/servlet/login/BasicLoginFilter.java (added)
+++ jackrabbit/trunk/jackrabbit-jcr-servlet/src/main/java/org/apache/jackrabbit/servlet/login/BasicLoginFilter.java Tue Apr 7 14:03:27 2009
@@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.servlet.login;
+
+import javax.jcr.Credentials;
+import javax.jcr.SimpleCredentials;
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ *
+ * @since Apache Jackrabbit 1.6
+ */
+public class BasicLoginFilter extends AbstractLoginFilter {
+
+ protected Credentials getCredentials(HttpServletRequest request) {
+ String authorization = request.getHeader("Authorization");
+ if (authorization != null) {
+ return new SimpleCredentials("TODO", "TODO".toCharArray());
+ } else {
+ return null;
+ }
+ }
+
+}
Added: jackrabbit/trunk/jackrabbit-jcr-servlet/src/main/java/org/apache/jackrabbit/servlet/login/ContainerLoginFilter.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-jcr-servlet/src/main/java/org/apache/jackrabbit/servlet/login/ContainerLoginFilter.java?rev=762781&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-jcr-servlet/src/main/java/org/apache/jackrabbit/servlet/login/ContainerLoginFilter.java (added)
+++ jackrabbit/trunk/jackrabbit-jcr-servlet/src/main/java/org/apache/jackrabbit/servlet/login/ContainerLoginFilter.java Tue Apr 7 14:03:27 2009
@@ -0,0 +1,64 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.servlet.login;
+
+import javax.jcr.Credentials;
+import javax.jcr.SimpleCredentials;
+import javax.servlet.FilterConfig;
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ * Login filter that relies on container authentication to provide the
+ * authenticated username of a request. This username is associated with
+ * a dummy password (empty by default, configurable through the init
+ * parameter "password") in a {@link SimpleCredentials} object that is
+ * used to log in to the underlying content repository. If no authenticated
+ * user is found, then <code>null</code> credentials are used.
+ * <p>
+ * It is expected that the underlying repository is configured to simply
+ * trust the given username. If the same repository is also made available
+ * for direct logins, then a special secret password that allows logins with
+ * any username could be configured just for this filter.
+ *
+ * @since Apache Jackrabbit 1.6
+ */
+public class ContainerLoginFilter extends AbstractLoginFilter {
+
+ /**
+ * The dummy password used for the repository login. Empty by default.
+ */
+ private char[] password = new char[0];
+
+ public void init(FilterConfig config) {
+ super.init(config);
+
+ String password = config.getInitParameter("password");
+ if (password != null) {
+ this.password = password.toCharArray();
+ }
+ }
+
+ protected Credentials getCredentials(HttpServletRequest request) {
+ String user = request.getRemoteUser();
+ if (user != null) {
+ return new SimpleCredentials(user, password);
+ } else {
+ return null;
+ }
+ }
+
+}
Added: jackrabbit/trunk/jackrabbit-jcr-servlet/src/main/java/org/apache/jackrabbit/servlet/login/NullLoginFilter.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-jcr-servlet/src/main/java/org/apache/jackrabbit/servlet/login/NullLoginFilter.java?rev=762781&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-jcr-servlet/src/main/java/org/apache/jackrabbit/servlet/login/NullLoginFilter.java (added)
+++ jackrabbit/trunk/jackrabbit-jcr-servlet/src/main/java/org/apache/jackrabbit/servlet/login/NullLoginFilter.java Tue Apr 7 14:03:27 2009
@@ -0,0 +1,43 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.servlet.login;
+
+import javax.jcr.Credentials;
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ * Login filter that always uses <code>null</code> credentials for logging in
+ * to the content repository. This is useful for example for public web sites
+ * where all repository access is performed using anonymous sessions. Another
+ * use case for this login filter is when login information is made available
+ * to the content repository through JAAS or some other out-of-band mechanism.
+ *
+ * @since Apache Jackrabbit 1.6
+ */
+public class NullLoginFilter extends AbstractLoginFilter {
+
+ /**
+ * Always returns <code>null</code>.
+ *
+ * @param request ignored
+ * @return <code>null</code> credentials
+ */
+ protected Credentials getCredentials(HttpServletRequest request) {
+ return null;
+ }
+
+}