use of net.sf.acegisecurity.Authentication in project alfresco-remote-api by Alfresco.
the class LocalWebScriptConnectorServiceImpl method executeRequest.
/**
* Executes the specified request, and return the response
*/
public RemoteConnectorResponse executeRequest(RemoteConnectorRequest request) throws IOException, AuthenticationException, RemoteConnectorClientException, RemoteConnectorServerException {
// Convert the request object
RemoteConnectorRequestImpl requestImpl = (RemoteConnectorRequestImpl) request;
Request req = new Request(request.getMethod(), request.getURL());
req.setType(request.getContentType());
if (request.getRequestBody() != null) {
ByteArrayOutputStream baos = new ByteArrayOutputStream();
requestImpl.getRequestBody().writeRequest(baos);
req.setBody(baos.toByteArray());
}
// Log
if (logger.isInfoEnabled())
logger.info("Performing local " + request.getMethod() + " request to " + request.getURL());
// Capture the user details, as they may be changed during the request processing
Authentication fullAuth = AuthenticationUtil.getFullAuthentication();
String runAsUser = AuthenticationUtil.getRunAsUser();
// If they've specified Authentication details in the request, clear our security context
// and switch to that user, to avoid our context confusing the real request
Header authHeader = null;
Map<String, String> headers = new HashMap<String, String>();
for (Header header : request.getRequestHeaders()) {
if (header.getName().equals("Authorization")) {
authHeader = header;
}
headers.put(header.getName(), header.getValue());
}
if (authHeader != null) {
AuthenticationUtil.clearCurrentSecurityContext();
if (logger.isDebugEnabled())
logger.debug("HTTP Authorization found for the request, clearing security context, Auth is " + authHeader);
}
req.setHeaders(headers);
// Execute the request against the WebScript Test Framework
Response resp;
try {
resp = helper.sendRequest(req, -1);
} catch (Exception e) {
throw new AlfrescoRuntimeException("Problem requesting", e);
}
// Reset the user details, now we're done performing the request
AuthenticationUtil.setFullAuthentication(fullAuth);
if (runAsUser != null && !runAsUser.equals(fullAuth.getName())) {
AuthenticationUtil.setRunAsUser(runAsUser);
}
// Log
if (logger.isInfoEnabled())
logger.info("Response to request was " + resp.getStatus() + " - " + resp);
// Check the status for specific typed exceptions
if (resp.getStatus() == Status.STATUS_UNAUTHORIZED) {
throw new AuthenticationException("Not Authorized to access this resource");
}
if (resp.getStatus() == Status.STATUS_FORBIDDEN) {
throw new AuthenticationException("Forbidden to access this resource");
}
// Check for failures where we don't care about the response body
if (resp.getStatus() >= 500 && resp.getStatus() <= 599) {
throw new RemoteConnectorServerException(resp.getStatus(), "(not available)");
}
// Convert the response into our required format
String charset = null;
String contentType = resp.getContentType();
if (contentType != null && contentType.contains("charset=")) {
int splitAt = contentType.indexOf("charset=") + "charset=".length();
charset = contentType.substring(splitAt);
}
InputStream body = new ByteArrayInputStream(resp.getContentAsByteArray());
// TODO Can't easily get the list...
Header[] respHeaders = new Header[0];
RemoteConnectorResponse response = new RemoteConnectorResponseImpl(request, contentType, charset, resp.getStatus(), respHeaders, body);
// If it's a client error, let them know what went wrong
if (resp.getStatus() >= 400 && resp.getStatus() <= 499) {
throw new RemoteConnectorClientException(resp.getStatus(), "(not available)", response);
}
// Otherwise return the response for processing
return response;
}
Aggregations