001/* 002 * This library is part of OpenCms - 003 * the Open Source Content Management System 004 * 005 * Copyright (c) Alkacon Software GmbH & Co. KG (http://www.alkacon.com) 006 * 007 * This library is free software; you can redistribute it and/or 008 * modify it under the terms of the GNU Lesser General Public 009 * License as published by the Free Software Foundation; either 010 * version 2.1 of the License, or (at your option) any later version. 011 * 012 * This library is distributed in the hope that it will be useful, 013 * but WITHOUT ANY WARRANTY; without even the implied warranty of 014 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 015 * Lesser General Public License for more details. 016 * 017 * For further information about Alkacon Software, please see the 018 * company website: http://www.alkacon.com 019 * 020 * For further information about OpenCms, please see the 021 * project website: http://www.opencms.org 022 * 023 * You should have received a copy of the GNU Lesser General Public 024 * License along with this library; if not, write to the Free Software 025 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 026 */ 027 028package org.opencms.webdav; 029 030import org.opencms.main.CmsException; 031import org.opencms.main.CmsLog; 032import org.opencms.repository.A_CmsRepository; 033import org.opencms.repository.I_CmsRepositorySession; 034 035import javax.servlet.http.HttpServletRequest; 036import javax.servlet.http.HttpServletResponse; 037 038import org.apache.commons.codec.binary.Base64; 039import org.apache.commons.logging.Log; 040import org.apache.jackrabbit.webdav.DavException; 041import org.apache.jackrabbit.webdav.DavSessionProvider; 042import org.apache.jackrabbit.webdav.WebdavRequest; 043 044/** 045 * Session provider implementation. 046 * 047 * <p>Handles the OpenCms authorization. 048 */ 049public class CmsDavSessionProvider implements DavSessionProvider { 050 051 /** Logger instance for this class. */ 052 private static final Log LOG = CmsLog.getLog(CmsDavSessionProvider.class); 053 054 /** The repository implementation. */ 055 private A_CmsRepository m_repository; 056 057 /** 058 * Authorizes the user using HTTP BASIC authentication, and if successful, attaches the created session to the request 059 * 060 * @see org.apache.jackrabbit.webdav.DavSessionProvider#attachSession(org.apache.jackrabbit.webdav.WebdavRequest) 061 */ 062 public boolean attachSession(WebdavRequest request) throws DavException { 063 064 if (m_repository == null) { 065 throw new IllegalStateException("Uninitialized repository"); 066 } 067 String authHeader = request.getHeader("Authorization"); 068 I_CmsRepositorySession repoSession = null; 069 String basic = HttpServletRequest.BASIC_AUTH; 070 if ((authHeader != null) && authHeader.toUpperCase().startsWith(basic)) { 071 String base64Token = authHeader.substring(basic.length() + 1); 072 String token = new String(Base64.decodeBase64(base64Token.getBytes())); 073 String password = null; 074 String username = null; 075 int pos = token.indexOf(":"); 076 if (pos != -1) { 077 username = token.substring(0, pos); 078 password = token.substring(pos + 1); 079 } 080 try { 081 repoSession = m_repository.login(username, password); 082 } catch (CmsException e) { 083 LOG.info(e.getLocalizedMessage(), e); 084 } 085 } 086 if (repoSession == null) { 087 throw new DavException(HttpServletResponse.SC_UNAUTHORIZED); 088 } 089 090 request.setDavSession(new CmsDavSession(repoSession)); 091 092 return true; 093 } 094 095 /** 096 * @see org.apache.jackrabbit.webdav.DavSessionProvider#releaseSession(org.apache.jackrabbit.webdav.WebdavRequest) 097 */ 098 public void releaseSession(WebdavRequest request) { 099 100 // TODO Auto-generated method stub 101 102 } 103 104 /** 105 * Sets the repository. 106 * 107 * @param repository the repository 108 */ 109 public void setRepository(A_CmsRepository repository) { 110 111 m_repository = repository; 112 } 113 114}