Example 1 with CmisUnauthorizedException
use of org.apache.chemistry.opencmis.commons.exceptions.CmisUnauthorizedException in project copper-cms by PogeyanOSS.
the class AkkaCmisBrowserBindingServlet method service.
@Override
protected void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
try {
final ActorSystem system = (ActorSystem) request.getServletContext().getAttribute("ActorSystem");
// CSRF token check
String method = request.getMethod();
if (!METHOD_GET.equals(method) && !METHOD_HEAD.equals(method)) {
checkCsrfToken(request, response, false, false);
}
// set default headers
response.addHeader("Cache-Control", "private, max-age=0");
response.addHeader("Server", ServerVersion.OPENCMIS_SERVER);
// split path
String[] pathFragments = HttpUtils.splitPath(request);
final AsyncContext ctx = request.startAsync(request, response);
if (Helpers.isPerfMode()) {
MetricsInputs.get().getCounter("counter_requests_total").inc();
}
if (pathFragments != null && pathFragments.length > 0 && StringUtils.isBlank(pathFragments[0])) {
BaseMessage bm = gettingBaseMessage(method, pathFragments, null, request, response);
if (bm != null) {
// create actor on-the-fly
ActorRef servletActor = system.actorOf(Props.create(ServletActor.class, ctx));
servletActor.tell(bm, ActorRef.noSender());
} else {
throw new CmisNotSupportedException("Unsupported method");
}
} else {
this.verifyLogin(request, pathFragments, system, (s) -> {
try {
IUserObject loginSession = (IUserObject) s;
BaseMessage bm = gettingBaseMessage(method, pathFragments, loginSession, request, response);
if (bm != null) {
// create actor on-the-fly
ActorRef servletActor = system.actorOf(Props.create(ServletActor.class, ctx));
servletActor.tell(bm, ActorRef.noSender());
} else {
throw new CmisNotSupportedException("Unsupported method");
}
} catch (Exception e1) {
MetricsInputs.markBindingServletErrorMeter();
LOG.error("Service execution exception: {}, stack: {}", e1.getMessage(), ExceptionUtils.getStackTrace(e1));
ServletHelpers.printError(e1, request, response);
}
}, (err) -> {
HttpServletResponse asyncResponse = (HttpServletResponse) ctx.getResponse();
asyncResponse.setHeader("WWW-Authenticate", "Basic realm=\"CMIS\", charset=\"UTF-8\"");
try {
asyncResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Authorization Required");
} catch (Exception e1) {
MetricsInputs.markBindingServletErrorMeter();
ServletHelpers.printError(e1, (HttpServletRequest) ctx.getRequest(), asyncResponse);
}
ctx.complete();
});
}
} catch (Exception e) {
MetricsInputs.markBindingServletErrorMeter();
if (e instanceof CmisUnauthorizedException) {
response.setHeader("WWW-Authenticate", "Basic realm=\"CMIS\", charset=\"UTF-8\"");
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Authorization Required");
} else if (e instanceof CmisPermissionDeniedException) {
response.setHeader("WWW-Authenticate", "Basic realm=\"CMIS\", charset=\"UTF-8\"");
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Authorization Required");
} else {
ServletHelpers.printError(e, request, response);
}
} finally {
// in any case close the content stream if one has been provided
// if (request instanceof POSTHttpServletRequestWrapper) {
// InputStream stream = ((POSTHttpServletRequestWrapper)
// request).getStream();
// if (stream != null) {
// try {
// stream.close();
// } catch (IOException e) {
// LOG.error("Could not close POST stream: {}", e.toString(), e);
// }
// }
// }
// // we are done.
// try {
// response.flushBuffer();
// } catch (IOException ioe) {
// LOG.error("Could not flush resposne: {}", ioe.toString(), ioe);
// }
}
}
Also used :
ActorSystem(akka.actor.ActorSystem)
CmisNotSupportedException(org.apache.chemistry.opencmis.commons.exceptions.CmisNotSupportedException)
ActorRef(akka.actor.ActorRef)
IUserObject(com.pogeyan.cmis.api.auth.IUserObject)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
AsyncContext(javax.servlet.AsyncContext)
ServletException(javax.servlet.ServletException)
CmisPermissionDeniedException(org.apache.chemistry.opencmis.commons.exceptions.CmisPermissionDeniedException)
CmisUnauthorizedException(org.apache.chemistry.opencmis.commons.exceptions.CmisUnauthorizedException)
CmisNotSupportedException(org.apache.chemistry.opencmis.commons.exceptions.CmisNotSupportedException)
IOException(java.io.IOException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
BaseMessage(com.pogeyan.cmis.api.BaseMessage)
CmisPermissionDeniedException(org.apache.chemistry.opencmis.commons.exceptions.CmisPermissionDeniedException)
CmisUnauthorizedException(org.apache.chemistry.opencmis.commons.exceptions.CmisUnauthorizedException)
Example 2 with CmisUnauthorizedException
use of org.apache.chemistry.opencmis.commons.exceptions.CmisUnauthorizedException in project structr by structr.
the class StructrCMISServicesFactory method checkAuthentication.
// ----- private methods -----
private SecurityContext checkAuthentication(final CallContext callContext) {
final App app = StructrApp.getInstance();
try (final Tx tx = app.tx()) {
final String username = callContext.getUsername();
final String password = callContext.getPassword();
final Principal principal = AuthHelper.getPrincipalForPassword(Principal.name, username, password);
SecurityContext securityContext = null;
if (principal != null) {
if (principal instanceof SuperUser) {
securityContext = SecurityContext.getSuperUserInstance();
} else {
securityContext = SecurityContext.getInstance(principal, AccessMode.Backend);
}
}
tx.success();
if (securityContext != null) {
return securityContext;
}
} catch (AuthenticationException aex) {
throw new CmisUnauthorizedException(aex.getMessage());
} catch (FrameworkException fex) {
logger.warn("", fex);
}
throw new CmisUnauthorizedException();
}
Also used :
StructrApp(org.structr.core.app.StructrApp)
App(org.structr.core.app.App)
Tx(org.structr.core.graph.Tx)
FrameworkException(org.structr.common.error.FrameworkException)
AuthenticationException(org.structr.core.auth.exception.AuthenticationException)
SecurityContext(org.structr.common.SecurityContext)
CmisUnauthorizedException(org.apache.chemistry.opencmis.commons.exceptions.CmisUnauthorizedException)
SuperUser(org.structr.core.entity.SuperUser)
Principal(org.structr.core.entity.Principal)
Aggregations
CmisUnauthorizedException (org.apache.chemistry.opencmis.commons.exceptions.CmisUnauthorizedException)2
ActorRef (akka.actor.ActorRef)1
ActorSystem (akka.actor.ActorSystem)1
BaseMessage (com.pogeyan.cmis.api.BaseMessage)1
IUserObject (com.pogeyan.cmis.api.auth.IUserObject)1
IOException (java.io.IOException)1
UnsupportedEncodingException (java.io.UnsupportedEncodingException)1
AsyncContext (javax.servlet.AsyncContext)1
ServletException (javax.servlet.ServletException)1
HttpServletRequest (javax.servlet.http.HttpServletRequest)1
HttpServletResponse (javax.servlet.http.HttpServletResponse)1
CmisNotSupportedException (org.apache.chemistry.opencmis.commons.exceptions.CmisNotSupportedException)1
CmisPermissionDeniedException (org.apache.chemistry.opencmis.commons.exceptions.CmisPermissionDeniedException)1
SecurityContext (org.structr.common.SecurityContext)1
FrameworkException (org.structr.common.error.FrameworkException)1
App (org.structr.core.app.App)1
StructrApp (org.structr.core.app.StructrApp)1
AuthenticationException (org.structr.core.auth.exception.AuthenticationException)1
Principal (org.structr.core.entity.Principal)1
SuperUser (org.structr.core.entity.SuperUser)1
