REPO-4859 : HTTP_UNAUTHORIZED instead of HTTP_FORBIDDEN for some CMIS… (#974)

* REPO-4859 : HTTP_UNAUTHORIZED instead of HTTP_FORBIDDEN for some CMIS apis
    - moved the fix to a more suitable place
    - added explanatory comment

src/main/java/org/alfresco/opencmis/AlfrescoCmisServiceImpl.java

@@ -134,7 +134,6 @@ import org.apache.chemistry.opencmis.commons.impl.server.AbstractCmisService;
 import org.apache.chemistry.opencmis.commons.impl.server.ObjectInfoImpl;
 import org.apache.chemistry.opencmis.commons.impl.server.RenditionInfoImpl;
 import org.apache.chemistry.opencmis.commons.server.CallContext;
-import org.apache.chemistry.opencmis.commons.server.MutableCallContext;
 import org.apache.chemistry.opencmis.commons.server.ObjectInfo;
 import org.apache.chemistry.opencmis.commons.server.RenditionInfo;
 import org.apache.chemistry.opencmis.commons.spi.Holder;
@@ -177,19 +176,7 @@ public class AlfrescoCmisServiceImpl extends AbstractCmisService implements Alfr
     @Override
     public void open(CallContext context)
     {
-        if (context instanceof MutableCallContext)
-        {
-            MutableCallContext mutableCallContext = (MutableCallContext) context;
-            if (mutableCallContext.getUsername() == null && AuthenticationUtil.getFullyAuthenticatedUser() != null)
-            {
-                mutableCallContext.put(CallContext.USERNAME, AuthenticationUtil.getFullyAuthenticatedUser());
-            }
-            AlfrescoCmisServiceCall.set(mutableCallContext);
-        }
-        else
-        {
-            AlfrescoCmisServiceCall.set(context);
-        }
+        AlfrescoCmisServiceCall.set(context);
     }
     
     protected CallContext getContext()

src/main/java/org/alfresco/opencmis/PublicApiCallContextHandler.java

@@ -23,21 +23,23 @@
  * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
  * #L%
  */
-package org.alfresco.opencmis;
-
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.servlet.http.HttpServletRequest;
-
-import org.apache.chemistry.opencmis.server.shared.BasicAuthCallContextHandler;
-
-public class PublicApiCallContextHandler extends BasicAuthCallContextHandler
-{
-    private static final long serialVersionUID = 8877878113507734452L;
-
-    @Override
-	public Map<String, String> getCallContextMap(HttpServletRequest request)
+package org.alfresco.opencmis;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.alfresco.repo.security.authentication.AuthenticationUtil;
+import org.apache.chemistry.opencmis.commons.server.CallContext;
+import org.apache.chemistry.opencmis.server.shared.BasicAuthCallContextHandler;
+
+public class PublicApiCallContextHandler extends BasicAuthCallContextHandler
+{
+    private static final long serialVersionUID = 8877878113507734452L;
+
+    @Override
+	public Map<String, String> getCallContextMap(HttpServletRequest request)
 	{
         Map<String, String> map = new HashMap<String, String>();
         
@@ -46,8 +48,17 @@ public class PublicApiCallContextHandler extends BasicAuthCallContextHandler
         {
             map.putAll(basicAuthMap);
         }
-        
-        map.put("isPublicApi", "true");
-        return map;
-	}
-}
+
+        // Adding the username in the context is needed because of the following reasons:
+        // - CMISServletDispatcher is configured to ALWAYS use this class (PublicApiCallContextHandler)
+        // - this class extends the BasicAuthCallContextHandler class which only puts the username in the context ONLY IF the request is having Basic auth
+        // - therefor in the case of a Bearer auth, the username is never in the context, fact that ultimately leads to bugs when the response should be provided
+        if (map.get(CallContext.USERNAME) == null && AuthenticationUtil.getFullyAuthenticatedUser() != null)
+        {
+            map.put(CallContext.USERNAME, AuthenticationUtil.getFullyAuthenticatedUser());
+        }
+
+        map.put("isPublicApi", "true");
+        return map;
+	}
+}