Exemplo n.º 1
0
 /**
  * Gets the http servlet response from the context.
  *
  * @param context the context
  * @return the http servlet response
  */
 public static HttpServletResponse getHttpServletResponse(final RequestContext context) {
   Assert.isInstanceOf(
       ServletExternalContext.class,
       context.getExternalContext(),
       "Cannot obtain HttpServletResponse from event of type: "
           + context.getExternalContext().getClass().getName());
   return (HttpServletResponse) context.getExternalContext().getNativeResponse();
 }
  @Override
  protected Event doExecute(final RequestContext context) {
    final HttpServletRequest request = WebUtils.getHttpServletRequest(context);
    final HttpServletResponse response = WebUtils.getHttpServletResponse(context);

    final String authorizationHeader = request.getHeader(SpnegoConstants.HEADER_AUTHORIZATION);
    final String userAgent = WebUtils.getHttpServletRequestUserAgent(request);

    LOGGER.debug(
        "Authorization header [{}], User Agent header [{}]", authorizationHeader, userAgent);

    if (!StringUtils.hasText(userAgent) || this.supportedBrowser.isEmpty()) {
      LOGGER.debug("User Agent header [{}] is empty, or no browsers are supported", userAgent);
      return success();
    }

    if (!isSupportedBrowser(userAgent)) {
      LOGGER.debug(
          "User Agent header [{}] is not supported in the list of supported browsers [{}]",
          userAgent,
          this.supportedBrowser);
      return success();
    }

    if (!StringUtils.hasText(authorizationHeader)
        || !authorizationHeader.startsWith(this.messageBeginPrefix)
        || authorizationHeader.length() <= this.messageBeginPrefix.length()) {

      final String wwwHeader = this.ntlm ? SpnegoConstants.NTLM : SpnegoConstants.NEGOTIATE;
      LOGGER.debug(
          "Authorization header not found or does not match the message prefix [{}]. Sending [{}] header [{}]",
          this.messageBeginPrefix,
          SpnegoConstants.HEADER_AUTHENTICATE,
          wwwHeader);
      response.setHeader(SpnegoConstants.HEADER_AUTHENTICATE, wwwHeader);

      response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
      // The responseComplete flag tells the pausing view-state not to render the response
      // because another object has taken care of it. If mixed mode authentication is allowed
      // then responseComplete should not be called so that webflow will display the login page.
      if (!this.mixedModeAuthentication) {
        LOGGER.debug("Mixed-mode authentication is disabled. Executing completion of response");
        context.getExternalContext().recordResponseComplete();
      }
    }
    return success();
  }
  /**
   * Get an {@link SPSession} by reference.
   *
   * @param requestContext Spring request context
   * @param sessionKey key identifying the SP session
   * @return the SP session
   * @throws MessageException if an error occurs
   */
  @Nonnull
  private SPSession getSessionByReference(
      @Nonnull final RequestContext requestContext, @Nonnull final String sessionKey)
      throws MessageException {
    final LogoutContext logoutCtx =
        requestContext
            .getExternalContext()
            .getSessionMap()
            .get(SaveLogoutContext.LOGOUT_CONTEXT_KEY, LogoutContext.class);
    if (logoutCtx == null) {
      throw new MessageException("LogoutContext not found in HTTP session.");
    }

    final SPSession s = logoutCtx.getKeyedSessionMap().get(sessionKey);
    if (s == null) {
      throw new MessageException("Session not found for key: " + sessionKey);
    }

    return s;
  }
Exemplo n.º 4
0
 protected void doRender(Map<String, ?> model) throws Exception {
   RequestContext context = getRequestContext();
   ExternalContext externalContext = context.getExternalContext();
   View view = getView();
   PortletContext portletContext = (PortletContext) externalContext.getNativeContext();
   PortletRequest request = (PortletRequest) externalContext.getNativeRequest();
   MimeResponse response = (MimeResponse) externalContext.getNativeResponse();
   if (response.getContentType() == null) {
     // No Portlet content type specified yet -> use the view-determined type.
     // (The Portlet spec requires the content type to be set on the RenderResponse)
     String contentType = view.getContentType();
     if (contentType != null) {
       response.setContentType(contentType);
     }
   }
   request.setAttribute(ViewRendererServlet.VIEW_ATTRIBUTE, view);
   request.setAttribute(ViewRendererServlet.MODEL_ATTRIBUTE, model);
   request.setAttribute(
       org.springframework.web.servlet.support.RequestContext.WEB_APPLICATION_CONTEXT_ATTRIBUTE,
       context.getActiveFlow().getApplicationContext());
   portletContext
       .getRequestDispatcher(DispatcherPortlet.DEFAULT_VIEW_RENDERER_URL)
       .include(request, response);
 }