Skip to content
Browse files

[bugfix] XQueryURLRewrite does not check basic auth header, but alway…

…s executes controller as guest.
  • Loading branch information...
1 parent 6369bf5 commit 2698cf39d5ac18d43c1559b291b2bf95bdceb5ba @wolfgangmm wolfgangmm committed
Showing with 18 additions and 3 deletions.
  1. +18 −3 src/org/exist/http/urlrewrite/XQueryURLRewrite.java
View
21 src/org/exist/http/urlrewrite/XQueryURLRewrite.java
@@ -33,6 +33,8 @@
import org.apache.log4j.Logger;
+import org.exist.http.servlets.Authenticator;
+import org.exist.http.servlets.BasicAuthenticator;
import org.exist.security.internal.web.HttpAccount;
import org.exist.source.Source;
import org.exist.source.DBSource;
@@ -139,7 +141,9 @@
private boolean compiledCache = true;
private RewriteConfig rewriteConfig;
-
+
+ private Authenticator authenticator;
+
@Override
public void init(ServletConfig filterConfig) throws ServletException {
// save FilterConfig for later use
@@ -187,8 +191,18 @@ protected void service(HttpServletRequest servletRequest, HttpServletResponse se
Subject user = defaultUser;
Subject requestUser = HttpAccount.getUserFromServletRequest(request);
- if (requestUser != null)
- {user = requestUser;}
+ if (requestUser != null) {
+ user = requestUser;
+ } else {
+ // Secondly try basic authentication
+ final String auth = request.getHeader("Authorization");
+ if (auth != null) {
+ requestUser = authenticator.authenticate(request, response);
+ if (requestUser != null) {
+ user = requestUser;
+ }
+ }
+ }
try {
configure();
@@ -637,6 +651,7 @@ private void configure() throws ServletException {
LOG.error("User can not be authenticated ("+username+"), using default user.");
}
}
+ authenticator = new BasicAuthenticator(pool);
}
private void logResult(DBBroker broker, Sequence result) throws IOException, SAXException {

0 comments on commit 2698cf3

Please sign in to comment.
Something went wrong with that request. Please try again.