svn commit: r633853 - in /incubator/sling/trunk/sling/core/src/main/java/org/apache/sling/core/impl: SlingMainServlet.java request/RequestData.java

[cz...@apache.org]

Author: cziegeler
Date: Wed Mar  5 06:20:54 2008
New Revision: 633853

URL: http://svn.apache.org/viewvc?rev=633853&view=rev
Log:
FIXED - issue SLING-309: Improve Authentication Handling 
https://issues.apache.org/jira/browse/SLING-309

Modified:
    incubator/sling/trunk/sling/core/src/main/java/org/apache/sling/core/impl/SlingMainServlet.java
    incubator/sling/trunk/sling/core/src/main/java/org/apache/sling/core/impl/request/RequestData.java

Modified: incubator/sling/trunk/sling/core/src/main/java/org/apache/sling/core/impl/SlingMainServlet.java
URL: http://svn.apache.org/viewvc/incubator/sling/trunk/sling/core/src/main/java/org/apache/sling/core/impl/SlingMainServlet.java?rev=633853&r1=633852&r2=633853&view=diff
==============================================================================
--- incubator/sling/trunk/sling/core/src/main/java/org/apache/sling/core/impl/SlingMainServlet.java (original)
+++ incubator/sling/trunk/sling/core/src/main/java/org/apache/sling/core/impl/SlingMainServlet.java Wed Mar  5 06:20:54 2008
@@ -252,7 +252,27 @@
         try {
 
             // initialize the request data - resolve resource and servlet
-            requestData.init();
+            Resource resource = null;
+            try {
+                resource = requestData.initResource();
+            } catch (AccessControlException ace) {
+                // SLING-309
+                // if this is the anonymous user, send request to authenticate
+                if ( request.getAttribute(HttpContext.AUTHENTICATION_TYPE) == null ) {
+                    getSlingAuthenticator().requestAuthentication(request, response);
+                    return;
+                }
+
+                // if this is not the anonymous user, send 404
+                // try to request authentication fail, if not possible
+                log.info(
+                    "service: Authenticated user {} does not have enough rights to executed requested action",
+                    request.getRemoteUser());
+                getErrorHandler().handleError(HttpServletResponse.SC_NOT_FOUND,
+                        null, request, response);
+                return;
+            }
+            requestData.initServlet(resource);
 
             Filter[] filters = requestFilterChain.getFilters();
             if (filters != null) {
@@ -292,11 +312,12 @@
 
         } catch (AccessControlException ace) {
 
-            // try to request authentication fail, if not possible
+            // SLING-309 if anything goes wrong, send 404
             log.info(
                 "service: Authenticated user {} does not have enough rights to executed requested action",
                 request.getRemoteUser());
-            getSlingAuthenticator().requestAuthentication(request, response);
+            getErrorHandler().handleError(HttpServletResponse.SC_NOT_FOUND,
+                    null, request, response);
 
         } catch (Throwable t) {
 

Modified: incubator/sling/trunk/sling/core/src/main/java/org/apache/sling/core/impl/request/RequestData.java
URL: http://svn.apache.org/viewvc/incubator/sling/trunk/sling/core/src/main/java/org/apache/sling/core/impl/request/RequestData.java?rev=633853&r1=633852&r2=633853&view=diff
==============================================================================
--- incubator/sling/trunk/sling/core/src/main/java/org/apache/sling/core/impl/request/RequestData.java (original)
+++ incubator/sling/trunk/sling/core/src/main/java/org/apache/sling/core/impl/request/RequestData.java Wed Mar  5 06:20:54 2008
@@ -66,6 +66,12 @@
  * on a Servlet Request wide basis such as the repository session, the
  * persistence manager, etc.
  *
+ * The setup order is:
+ * <ol>
+ *   <li>Invoke constructor</li>
+ *   <li>Invoke initResource()</li>
+ *   <li>Invoke initServlet()</li>
+ * </ol>
  * @see ContentData
  */
 public class RequestData implements BufferProvider {
@@ -136,10 +142,14 @@
         this.resourceResolver = resourceResolver;
     }
 
-    public void init() {
-
-        // resolve the resource and the request path info, will never be null
+    public Resource initResource() {
+        // resolve the resource
         Resource resource = resourceResolver.resolve(getServletRequest());
+        return resource;
+    }
+
+    public void initServlet(final Resource resource) {
+        // the resource and the request path info, will never be null
         RequestPathInfo requestPathInfo = new SlingRequestPathInfo(resource,
             getServletRequest().getPathInfo());
         ContentData contentData = pushContent(resource, requestPathInfo);