private User authenticate(HttpServletRequest request, HttpServletResponse response)
throws java.io.IOException {
// First try to validate the principial if passed from the servlet engine
Principal principal = request.getUserPrincipal();
if (principal instanceof XmldbPrincipal) {
String username = ((XmldbPrincipal) principal).getName();
String password = ((XmldbPrincipal) principal).getPassword();
LOG.info("Validating Principle: " + principal.getName());
User user = pool.getSecurityManager().getUser(username);
if (user != null) {
if (password.equalsIgnoreCase(user.getPassword())) {
LOG.info("Valid User: "******"Password invalid for user: "******"User not found: " + principal.getName());
}
}
String auth = request.getHeader("Authorization");
if (auth == null && defaultUser != null) {
return defaultUser;
}
return authenticator.authenticate(request, response);
}
@Override
public void updateUser(User user) throws XMLDBException {
final Account account = new UserAider(user.getName());
account.setPassword(user.getPassword());
// TODO: groups
updateAccount(account);
}
protected void service(HttpServletRequest request, HttpServletResponse response)
throws ServletException {
try {
// Get the path
String path = request.getPathInfo();
if (path == null) {
response.sendError(
HttpServletResponse.SC_BAD_REQUEST, "URL has no extra path information specified.");
return;
}
int firstSlash = path.indexOf('/', 1);
if (firstSlash < 0 && path.length() == 1) {
response.sendError(400, "Module not specified.");
return;
}
String moduleName = firstSlash < 0 ? path.substring(1) : path.substring(1, firstSlash);
path = firstSlash < 0 ? "" : path.substring(firstSlash);
AtomModule module = (AtomModule) modules.get(moduleName);
if (module == null) {
response.sendError(400, "Module " + moduleName + " not found.");
return;
}
User user = null;
if (noAuth.get(moduleName) == null) {
// Authenticate
user = authenticate(request, response);
if (user == null) {
// You now get a challenge if there is no user
return;
}
}
final Principal principal = new UserXmldbPrincipal(WebDAV.BASIC_AUTH, user);
HttpServletRequest wrappedRequest =
new HttpServletRequestWrapper(request) {
public Principal getUserPrincipal() {
return principal;
}
};
// Handle the resource
DBBroker broker = null;
try {
broker = pool.get(user);
module.process(
broker,
new HttpRequestMessage(request, path, '/' + moduleName),
new HttpResponseMessage(response));
} catch (NotFoundException ex) {
LOG.info("Resource " + path + " not found by " + moduleName, ex);
response.sendError(404, ex.getMessage());
} catch (PermissionDeniedException ex) {
LOG.info(
"Permission denied to " + path + " by " + moduleName + " for " + user.getName(), ex);
response.sendError(401, ex.getMessage());
} catch (BadRequestException ex) {
LOG.info("Bad request throw from module " + moduleName, ex);
response.sendError(400, ex.getMessage());
} catch (EXistException ex) {
LOG.fatal("Exception getting broker from pool for user " + user.getName(), ex);
response.sendError(500, "Service is not available.");
} finally {
pool.release(broker);
}
} catch (IOException ex) {
LOG.fatal("I/O exception on request.", ex);
try {
response.sendError(500, "Service is not available.");
} catch (IOException finalEx) {
LOG.fatal("Cannot return 500 on exception.", ex);
}
}
}
public String getName() {
return user.getName();
}
@Override
public void lockResource(Resource res, User u) throws XMLDBException {
final Account account = new UserAider(u.getName());
lockResource(res, account);
}
@Override
public void addUser(User user) throws XMLDBException {
final Account account = new UserAider(user.getName());
addAccount(account);
}