/**
* Gets the http servlet response from the context.
*
* @param context the context
* @return the http servlet response
*/
public static HttpServletResponse getHttpServletResponse(final RequestContext context) {
Assert.isInstanceOf(
ServletExternalContext.class,
context.getExternalContext(),
"Cannot obtain HttpServletResponse from event of type: "
+ context.getExternalContext().getClass().getName());
return (HttpServletResponse) context.getExternalContext().getNativeResponse();
}
@Override
protected Event doExecute(final RequestContext context) {
final HttpServletRequest request = WebUtils.getHttpServletRequest(context);
final HttpServletResponse response = WebUtils.getHttpServletResponse(context);
final String authorizationHeader = request.getHeader(SpnegoConstants.HEADER_AUTHORIZATION);
final String userAgent = WebUtils.getHttpServletRequestUserAgent(request);
LOGGER.debug(
"Authorization header [{}], User Agent header [{}]", authorizationHeader, userAgent);
if (!StringUtils.hasText(userAgent) || this.supportedBrowser.isEmpty()) {
LOGGER.debug("User Agent header [{}] is empty, or no browsers are supported", userAgent);
return success();
}
if (!isSupportedBrowser(userAgent)) {
LOGGER.debug(
"User Agent header [{}] is not supported in the list of supported browsers [{}]",
userAgent,
this.supportedBrowser);
return success();
}
if (!StringUtils.hasText(authorizationHeader)
|| !authorizationHeader.startsWith(this.messageBeginPrefix)
|| authorizationHeader.length() <= this.messageBeginPrefix.length()) {
final String wwwHeader = this.ntlm ? SpnegoConstants.NTLM : SpnegoConstants.NEGOTIATE;
LOGGER.debug(
"Authorization header not found or does not match the message prefix [{}]. Sending [{}] header [{}]",
this.messageBeginPrefix,
SpnegoConstants.HEADER_AUTHENTICATE,
wwwHeader);
response.setHeader(SpnegoConstants.HEADER_AUTHENTICATE, wwwHeader);
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
// The responseComplete flag tells the pausing view-state not to render the response
// because another object has taken care of it. If mixed mode authentication is allowed
// then responseComplete should not be called so that webflow will display the login page.
if (!this.mixedModeAuthentication) {
LOGGER.debug("Mixed-mode authentication is disabled. Executing completion of response");
context.getExternalContext().recordResponseComplete();
}
}
return success();
}
/**
* Get an {@link SPSession} by reference.
*
* @param requestContext Spring request context
* @param sessionKey key identifying the SP session
* @return the SP session
* @throws MessageException if an error occurs
*/
@Nonnull
private SPSession getSessionByReference(
@Nonnull final RequestContext requestContext, @Nonnull final String sessionKey)
throws MessageException {
final LogoutContext logoutCtx =
requestContext
.getExternalContext()
.getSessionMap()
.get(SaveLogoutContext.LOGOUT_CONTEXT_KEY, LogoutContext.class);
if (logoutCtx == null) {
throw new MessageException("LogoutContext not found in HTTP session.");
}
final SPSession s = logoutCtx.getKeyedSessionMap().get(sessionKey);
if (s == null) {
throw new MessageException("Session not found for key: " + sessionKey);
}
return s;
}
protected void doRender(Map<String, ?> model) throws Exception {
RequestContext context = getRequestContext();
ExternalContext externalContext = context.getExternalContext();
View view = getView();
PortletContext portletContext = (PortletContext) externalContext.getNativeContext();
PortletRequest request = (PortletRequest) externalContext.getNativeRequest();
MimeResponse response = (MimeResponse) externalContext.getNativeResponse();
if (response.getContentType() == null) {
// No Portlet content type specified yet -> use the view-determined type.
// (The Portlet spec requires the content type to be set on the RenderResponse)
String contentType = view.getContentType();
if (contentType != null) {
response.setContentType(contentType);
}
}
request.setAttribute(ViewRendererServlet.VIEW_ATTRIBUTE, view);
request.setAttribute(ViewRendererServlet.MODEL_ATTRIBUTE, model);
request.setAttribute(
org.springframework.web.servlet.support.RequestContext.WEB_APPLICATION_CONTEXT_ATTRIBUTE,
context.getActiveFlow().getApplicationContext());
portletContext
.getRequestDispatcher(DispatcherPortlet.DEFAULT_VIEW_RENDERER_URL)
.include(request, response);
}