com.enonic.cms.web.webdav.DavSessionProviderImpl.java Source code

Java tutorial

Introduction

Here is the source code for com.enonic.cms.web.webdav.DavSessionProviderImpl.java

Source

/*
 * Copyright 2000-2013 Enonic AS
 * http://www.enonic.com/license
 */
package com.enonic.cms.web.webdav;

import javax.servlet.http.HttpServletRequest;

import org.apache.commons.codec.binary.Base64;
import org.apache.jackrabbit.webdav.DavConstants;
import org.apache.jackrabbit.webdav.DavException;
import org.apache.jackrabbit.webdav.DavServletResponse;
import org.apache.jackrabbit.webdav.DavSession;
import org.apache.jackrabbit.webdav.DavSessionProvider;
import org.apache.jackrabbit.webdav.WebdavRequest;

import com.google.common.base.Charsets;

import com.enonic.cms.core.resource.access.ResourceAccessResolver;
import com.enonic.cms.core.security.SecurityService;
import com.enonic.cms.core.security.user.QualifiedUsername;

final class DavSessionProviderImpl implements DavSessionProvider {
    private final SecurityService securityService;

    private final ResourceAccessResolver accessResolver;

    public DavSessionProviderImpl(final DavConfiguration configuration) {
        this.securityService = configuration.getSecurityService();
        this.accessResolver = configuration.getResourceAccessResolver();
    }

    @Override
    public boolean attachSession(final WebdavRequest request) throws DavException {
        final DavSession session = createSession(request);
        if (session != null) {
            request.setDavSession(session);
        }

        return session != null;
    }

    @Override
    public void releaseSession(final WebdavRequest request) {
        request.setDavSession(null);
    }

    private DavSession createSession(final WebdavRequest request) throws DavException {
        final String[] auth = getCredentials(request);
        if (auth == null) {
            throw new DavException(DavServletResponse.SC_UNAUTHORIZED);
        }
        if (!login(auth[0], auth[1])) {
            throw new DavException(DavServletResponse.SC_UNAUTHORIZED);
        }

        return new DavSessionImpl();
    }

    private String[] getCredentials(WebdavRequest request) throws DavException {
        final String authHeader = request.getHeader(DavConstants.HEADER_AUTHORIZATION);
        if (authHeader == null) {
            return null;
        }

        final String[] authStr = authHeader.split(" ");
        if (authStr.length < 2) {
            return null;
        }

        if (!authStr[0].equalsIgnoreCase(HttpServletRequest.BASIC_AUTH)) {
            return null;
        }

        final String decAuthStr = new String(Base64.decodeBase64(authStr[1].getBytes()), Charsets.ISO_8859_1);
        final int pos = decAuthStr.indexOf(':');
        final String userName = decAuthStr.substring(0, pos);
        final String password = decAuthStr.substring(pos + 1);

        return new String[] { userName, password };
    }

    private boolean login(final String user, final String password) {
        try {
            this.securityService.loginDavUser(QualifiedUsername.parse(user), password);
            return this.accessResolver
                    .hasAccessToResourceTree(this.securityService.getLoggedInPortalUserAsEntity());
        } catch (Exception e) {
            return false;
        }
    }
}