com.enonic.cms.server.service.webdav.DavSessionProviderImpl.java Source code

Java tutorial

  1. HOME
  2. Java
  3. com.enonic.cms.server.service.webdav.DavSessionProviderImpl.java

Introduction

Here is the source code for com.enonic.cms.server.service.webdav.DavSessionProviderImpl.java

Source

/*
 * Copyright 2000-2011 Enonic AS
 * http://www.enonic.com/license
 */
package com.enonic.cms.server.service.webdav;

import javax.servlet.http.HttpServletRequest;

import org.apache.commons.codec.binary.Base64;
import org.apache.jackrabbit.webdav.DavConstants;
import org.apache.jackrabbit.webdav.DavException;
import org.apache.jackrabbit.webdav.DavServletResponse;
import org.apache.jackrabbit.webdav.DavSession;
import org.apache.jackrabbit.webdav.DavSessionProvider;
import org.apache.jackrabbit.webdav.WebdavRequest;

import com.enonic.cms.business.core.resource.access.ResourceAccessResolver;
import com.enonic.cms.business.core.security.SecurityService;

import com.enonic.cms.domain.security.user.QualifiedUsername;

/**
 * This class implements the session provider.
 */
public final class DavSessionProviderImpl implements DavSessionProvider {

    /**
     * Security service.
     */
    private final SecurityService securityService;

    private DavAccessResolver accessResolver;

    /**
     * Construct the provier.
     */
    public DavSessionProviderImpl(SecurityService securityService, ResourceAccessResolver resourceAccessResolver) {
        this.securityService = securityService;
        this.accessResolver = new DavAccessResolverImpl(resourceAccessResolver);
    }

    /**
     * {@inheritDoc}
     */
    public boolean attachSession(WebdavRequest request) throws DavException {
        DavSession session = createSession(request);
        if (session != null) {
            request.setDavSession(session);
        }

        return session != null;
    }

    /**
     * {@inheritDoc}
     */
    public void releaseSession(WebdavRequest request) {
        request.setDavSession(null);
    }

    /**
     * Login the user.
     */
    private DavSession createSession(WebdavRequest request) throws DavException {
        String[] auth = getCredentials(request);
        if (auth == null) {
            throw new DavException(DavServletResponse.SC_UNAUTHORIZED);
        }
        if (!login(auth[0], auth[1])) {
            throw new DavException(DavServletResponse.SC_UNAUTHORIZED);
        }

        return new DavSessionImpl();
    }

    /**
     * Return the credentials.
     */
    private String[] getCredentials(WebdavRequest request) throws DavException {
        try {
            String authHeader = request.getHeader(DavConstants.HEADER_AUTHORIZATION);
            if (authHeader != null) {
                String[] authStr = authHeader.split(" ");
                if (authStr.length >= 2 && authStr[0].equalsIgnoreCase(HttpServletRequest.BASIC_AUTH)) {
                    String decAuthStr = new String(Base64.decodeBase64(authStr[1].getBytes()), "ISO-8859-1");
                    int pos = decAuthStr.indexOf(':');
                    String userid = decAuthStr.substring(0, pos);
                    String passwd = decAuthStr.substring(pos + 1);
                    return new String[] { userid, passwd };
                }
            }

            return null;
        } catch (Exception e) {
            throw new DavException(DavServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
        }
    }

    /**
     * Login the user. Returns true if it has access.
     */
    private boolean login(String user, String password) {
        try {
            securityService.loginDavUser(QualifiedUsername.parse(user), password);
            return accessResolver.hasAccess(securityService.getLoggedInPortalUserAsEntity());
        } catch (Exception e) {
            return false;
        }
    }
}