Пример #1
0
 /**
  * Returns a mountable root containing all entries which will be exposed to the webdav mount.
  *
  * @return
  */
 private VFSContainer getMountableRoot(IdentityEnvironment identityEnv) {
   MergeSource vfsRoot = new MergeSource(null, "webdav");
   for (Map.Entry<String, WebDAVProvider> entry : webdavModule.getWebDAVProviders().entrySet()) {
     WebDAVProvider provider = entry.getValue();
     if (provider.hasAccess(identityEnv)) {
       vfsRoot.addContainer(new WebDAVProviderNamedContainer(identityEnv, provider));
     }
   }
   return vfsRoot;
 }
Пример #2
0
  private UserSession doAuthentication(HttpServletRequest request, HttpServletResponse response) {
    // Get the Authorization header, if one was supplied
    String authHeader = request.getHeader("Authorization");
    if (authHeader != null) {
      // fetch user session from a previous authentication

      UserSession usess = null;

      StringTokenizer st = new StringTokenizer(authHeader);
      if (st.hasMoreTokens()) {
        String basic = st.nextToken();

        // We only handle HTTP Basic authentication
        if (basic.equalsIgnoreCase("Basic")) {
          String credentials = st.nextToken();
          usess = handleBasicAuthentication(credentials, request);
        } else if (basic.equalsIgnoreCase("Digest")) {
          DigestAuthentication digestAuth = DigestAuthentication.parse(authHeader);
          usess = handleDigestAuthentication(digestAuth, request);
        }
      }

      if (usess != null) {
        return usess;
      }
    }

    // If the user was not validated or the browser does not know about the realm yet, fail with a
    // 401 status code (UNAUTHORIZED) and
    // pass back a WWW-Authenticate header for
    // this servlet.
    //
    // Note that this is the normal situation the
    // first time you access the page. The client
    // web browser will prompt for userID and password
    // and cache them so that it doesn't have to
    // prompt you again.

    if (request.isSecure() || Settings.isJUnitTest()) {
      response.addHeader("WWW-Authenticate", "Basic realm=\"" + BASIC_AUTH_REALM + "\"");
    }
    if (webdavModule.isDigestAuthenticationEnabled()) {
      String nonce = UUID.randomUUID().toString().replace("-", "");
      response.addHeader(
          "WWW-Authenticate",
          "Digest realm=\"" + BASIC_AUTH_REALM + "\", qop=\"auth\", nonce=\"" + nonce + "\"");
    }
    response.setStatus(401);
    return null;
  }