michael-conway
commented
8 years ago this is how it's done in the BasicAuth filter..
/*
* (non-Javadoc)
*
* @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest,
* javax.servlet.ServletResponse, javax.servlet.FilterChain)
*/
@Override
public void doFilter(final ServletRequest request,
final ServletResponse response, final FilterChain chain)
throws IOException, ServletException {
log.debug("doFilter()");
final HttpServletRequest httpRequest = (HttpServletRequest) request;
final HttpServletResponse httpResponse = (HttpServletResponse) response;
String auth = httpRequest.getHeader("Authorization");
if (auth == null || auth.isEmpty()) {
log.error("auth null or empty");
sendAuthError(httpResponse);
return;
}
AuthResponse authResponse = null;
try {
UserAndPassword userAndPassword = WebDavAuthUtils
.getAccountFromBasicAuthValues(auth, webDavConfig);
log.debug("account for auth:{}", userAndPassword.getUserId());
authResponse = irodsAuthService.authenticate(
userAndPassword.getUserId(), userAndPassword.getPassword());
log.debug("authResponse:{}", authResponse);
log.debug("success!");
chain.doFilter(httpRequest, httpResponse);
return;
} catch (JargonException e) {
log.warn("auth exception", e);
sendAuthError(httpResponse);
return;
}
}
One of the remaining issues about jargon-modeshape-webdav adaptor is the authenticate() method of org.irods.jargon.modeshape.connector.IrodsAuthenticationProvider class; your latest version of this method expects two sub-classes of Credentials class:
(1) SimpleCredentials and (2) GuesCredentials;
however, the class of a passed object (credentials) for this web application is actually none of the above, i.e., "ServletCredentials",
http://docs.jboss.org/modeshape/4.2.0.Final/api/org/modeshape/jcr/api/ServletCredentials.html
that does not have any direct methods to recover credentials (user Id and password). The user Id could be obtained by the following steps:
ServletCredentials servletCredentials = (ServletCredentials) credentials;
HttpServletRequest request = ((HttpServletRequest) servletCredentials.getRequest()); String loginName = request.getUserPrincipal().getName();
As for the password, so far I haven't come across a solution; my take on this method is that the objective of getting the password from a Credentials sub-class is nothing more than creating an IRODSAccount instance and thus trying to recover the password from an ServletCredentials instance may not be essential, i.e., we might get the password from another source.
Please let me know if you had worked on this issue before and have a solution that has not been committed to the GitHub.