DavSessionProviderImpl.java example

Explorer
cms-ce-master
- modules
/*
 * Copyright 2000-2013 Enonic AS
 * http://www.enonic.com/license
 */
package com.enonic.cms.web.webdav;

import javax.servlet.http.HttpServletRequest;

import org.apache.commons.codec.binary.Base64;
import org.apache.jackrabbit.webdav.DavConstants;
import org.apache.jackrabbit.webdav.DavException;
import org.apache.jackrabbit.webdav.DavServletResponse;
import org.apache.jackrabbit.webdav.DavSession;
import org.apache.jackrabbit.webdav.DavSessionProvider;
import org.apache.jackrabbit.webdav.WebdavRequest;

import com.google.common.base.Charsets;

import com.enonic.cms.core.resource.access.ResourceAccessResolver;
import com.enonic.cms.core.security.SecurityService;
import com.enonic.cms.core.security.user.QualifiedUsername;

final class DavSessionProviderImpl
    implements DavSessionProvider
{
    private final SecurityService securityService;

    private final ResourceAccessResolver accessResolver;

    public DavSessionProviderImpl( final DavConfiguration configuration )
    {
        this.securityService = configuration.getSecurityService();
        this.accessResolver = configuration.getResourceAccessResolver();
    }

    @Override
    public boolean attachSession( final WebdavRequest request )
        throws DavException
    {
        final DavSession session = createSession( request );
        if ( session != null )
        {
            request.setDavSession( session );
        }

        return session != null;
    }

    @Override
    public void releaseSession( final WebdavRequest request )
    {
        request.setDavSession( null );
    }

    private DavSession createSession( final WebdavRequest request )
        throws DavException
    {
        final String[] auth = getCredentials( request );
        if ( auth == null )
        {
            throw new DavException( DavServletResponse.SC_UNAUTHORIZED );
        }
        if ( !login( auth[0], auth[1] ) )
        {
            throw new DavException( DavServletResponse.SC_UNAUTHORIZED );
        }

        return new DavSessionImpl();
    }

    private String[] getCredentials( WebdavRequest request )
        throws DavException
    {
        final String authHeader = request.getHeader( DavConstants.HEADER_AUTHORIZATION );
        if ( authHeader == null )
        {
            return null;
        }

        final String[] authStr = authHeader.split( " " );
        if ( authStr.length < 2 )
        {
            return null;
        }

        if ( !authStr[0].equalsIgnoreCase( HttpServletRequest.BASIC_AUTH ) )
        {
            return null;
        }

        final String decAuthStr = new String( Base64.decodeBase64( authStr[1].getBytes() ), Charsets.ISO_8859_1 );
        final int pos = decAuthStr.indexOf( ':' );
        final String userName = decAuthStr.substring( 0, pos );
        final String password = decAuthStr.substring( pos + 1 );

        return new String[]{userName, password};
    }

    private boolean login( final String user, final String password )
    {
        try
        {
            this.securityService.loginDavUser( QualifiedUsername.parse( user ), password );
            return this.accessResolver.hasAccessToResourceTree( this.securityService.getLoggedInPortalUserAsEntity() );
        }
        catch ( Exception e )
        {
            return false;
        }
    }
}