From a219162f42b8ede055df14b9a745acf60188b499 Mon Sep 17 00:00:00 2001
From: Lucian Tuca <tzclucian@gmail.com>
Date: Thu, 30 Apr 2020 15:15:16 +0300
Subject: [PATCH] =?UTF-8?q?REPO-4859=20:=20HTTP=5FUNAUTHORIZED=20instead?=
 =?UTF-8?q?=20of=20HTTP=5FFORBIDDEN=20for=20some=20CMIS=E2=80=A6=20(#974)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* REPO-4859 : HTTP_UNAUTHORIZED instead of HTTP_FORBIDDEN for some CMIS apis
    - moved the fix to a more suitable place
    - added explanatory comment
---
 .../opencmis/AlfrescoCmisServiceImpl.java     | 15 +-----
 .../opencmis/PublicApiCallContextHandler.java | 51 +++++++++++--------
 2 files changed, 32 insertions(+), 34 deletions(-)

diff --git a/src/main/java/org/alfresco/opencmis/AlfrescoCmisServiceImpl.java b/src/main/java/org/alfresco/opencmis/AlfrescoCmisServiceImpl.java
index 90fd0f8220..99bdc935b4 100644
--- a/src/main/java/org/alfresco/opencmis/AlfrescoCmisServiceImpl.java
+++ b/src/main/java/org/alfresco/opencmis/AlfrescoCmisServiceImpl.java
@@ -134,7 +134,6 @@ import org.apache.chemistry.opencmis.commons.impl.server.AbstractCmisService;
 import org.apache.chemistry.opencmis.commons.impl.server.ObjectInfoImpl;
 import org.apache.chemistry.opencmis.commons.impl.server.RenditionInfoImpl;
 import org.apache.chemistry.opencmis.commons.server.CallContext;
-import org.apache.chemistry.opencmis.commons.server.MutableCallContext;
 import org.apache.chemistry.opencmis.commons.server.ObjectInfo;
 import org.apache.chemistry.opencmis.commons.server.RenditionInfo;
 import org.apache.chemistry.opencmis.commons.spi.Holder;
@@ -177,19 +176,7 @@ public class AlfrescoCmisServiceImpl extends AbstractCmisService implements Alfr
     @Override
     public void open(CallContext context)
     {
-        if (context instanceof MutableCallContext)
-        {
-            MutableCallContext mutableCallContext = (MutableCallContext) context;
-            if (mutableCallContext.getUsername() == null && AuthenticationUtil.getFullyAuthenticatedUser() != null)
-            {
-                mutableCallContext.put(CallContext.USERNAME, AuthenticationUtil.getFullyAuthenticatedUser());
-            }
-            AlfrescoCmisServiceCall.set(mutableCallContext);
-        }
-        else
-        {
-            AlfrescoCmisServiceCall.set(context);
-        }
+        AlfrescoCmisServiceCall.set(context);
     }
     
     protected CallContext getContext()
diff --git a/src/main/java/org/alfresco/opencmis/PublicApiCallContextHandler.java b/src/main/java/org/alfresco/opencmis/PublicApiCallContextHandler.java
index 74619bc1cc..53db597882 100644
--- a/src/main/java/org/alfresco/opencmis/PublicApiCallContextHandler.java
+++ b/src/main/java/org/alfresco/opencmis/PublicApiCallContextHandler.java
@@ -23,21 +23,23 @@
  * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
  * #L%
  */
-package org.alfresco.opencmis;
-
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.servlet.http.HttpServletRequest;
-
-import org.apache.chemistry.opencmis.server.shared.BasicAuthCallContextHandler;
-
-public class PublicApiCallContextHandler extends BasicAuthCallContextHandler
-{
-    private static final long serialVersionUID = 8877878113507734452L;
-
-    @Override
-	public Map<String, String> getCallContextMap(HttpServletRequest request)
+package org.alfresco.opencmis;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.alfresco.repo.security.authentication.AuthenticationUtil;
+import org.apache.chemistry.opencmis.commons.server.CallContext;
+import org.apache.chemistry.opencmis.server.shared.BasicAuthCallContextHandler;
+
+public class PublicApiCallContextHandler extends BasicAuthCallContextHandler
+{
+    private static final long serialVersionUID = 8877878113507734452L;
+
+    @Override
+	public Map<String, String> getCallContextMap(HttpServletRequest request)
 	{
         Map<String, String> map = new HashMap<String, String>();
         
@@ -46,8 +48,17 @@ public class PublicApiCallContextHandler extends BasicAuthCallContextHandler
         {
             map.putAll(basicAuthMap);
         }
-        
-        map.put("isPublicApi", "true");
-        return map;
-	}
-}
+
+        // Adding the username in the context is needed because of the following reasons:
+        // - CMISServletDispatcher is configured to ALWAYS use this class (PublicApiCallContextHandler)
+        // - this class extends the BasicAuthCallContextHandler class which only puts the username in the context ONLY IF the request is having Basic auth
+        // - therefor in the case of a Bearer auth, the username is never in the context, fact that ultimately leads to bugs when the response should be provided
+        if (map.get(CallContext.USERNAME) == null && AuthenticationUtil.getFullyAuthenticatedUser() != null)
+        {
+            map.put(CallContext.USERNAME, AuthenticationUtil.getFullyAuthenticatedUser());
+        }
+
+        map.put("isPublicApi", "true");
+        return map;
+	}
+}