Java Code Examples for javax.servlet.http.HttpServletRequest#getUserPrincipal()

The following examples show how to use javax.servlet.http.HttpServletRequest#getUserPrincipal() . These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
@Override
protected void handleSuccess(HttpServletRequest request, HttpServletResponse response,
		UpgradeInfo upgradeInfo, TyrusUpgradeResponse upgradeResponse) throws IOException, ServletException {

	response.setStatus(upgradeResponse.getStatus());
	upgradeResponse.getHeaders().forEach((key, value) -> response.addHeader(key, Utils.getHeaderFromList(value)));

	AsyncContext asyncContext = request.startAsync();
	asyncContext.setTimeout(-1L);

	Object nativeRequest = getNativeRequest(request);
	BeanWrapper beanWrapper = new BeanWrapperImpl(nativeRequest);
	Object httpSocket = beanWrapper.getPropertyValue("connection.connectionHandler.rawConnection");
	Object webSocket = webSocketHelper.newInstance(request, httpSocket);
	webSocketHelper.upgrade(webSocket, httpSocket, request.getServletContext());

	response.flushBuffer();

	boolean isProtected = request.getUserPrincipal() != null;
	Writer servletWriter = servletWriterHelper.newInstance(webSocket, isProtected);
	Connection connection = upgradeInfo.createConnection(servletWriter, noOpCloseListener);
	new BeanWrapperImpl(webSocket).setPropertyValue("connection", connection);
	new BeanWrapperImpl(servletWriter).setPropertyValue("connection", connection);
	webSocketHelper.registerForReadEvent(webSocket);
}
 
Example 2
Source Project: ee8-sandbox   File: TestServlet.java    License: Apache License 2.0 6 votes vote down vote up
@Override
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {

    response.getWriter().write("This is a servlet \n");

    String webName = null;
    if (request.getUserPrincipal() != null) {
        webName = request.getUserPrincipal().getName();
    }

    response.getWriter().write("web username: " + webName + "\n");

    response.getWriter().write("web user has role \"foo\": " + request.isUserInRole("foo") + "\n");
    response.getWriter().write("web user has role \"bar\": " + request.isUserInRole("bar") + "\n");
    response.getWriter().write("web user has role \"kaz\": " + request.isUserInRole("kaz") + "\n");
}
 
Example 3
Source Project: sinavi-jfw   File: PrincipalFilter.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * {@inheritDoc}
 * <p>
 * メソッド開始時に {@link PrincipalKeeper#setPrincipal(Principal)} を、
 * メソッド終了時に同メソッドに対して <code>null</code>を設定しています。
 * </p>
 */
@Override
public void doFilter(
        ServletRequest request,
        ServletResponse response,
        FilterChain chain) throws IOException, ServletException {
    HttpServletRequest r = (HttpServletRequest) request;
    Principal principal = r.getUserPrincipal();
    if (principal != null) {
        PrincipalKeeper.setPrincipal(principal);
    }
    try {
        chain.doFilter(request, response);
    } finally {
        PrincipalKeeper.setPrincipal(null);
    }
}
 
Example 4
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
    throws IOException, ServletException {
    HttpServletRequest req = (HttpServletRequest)request;
    HttpServletResponse resp = (HttpServletResponse)response;

    List<String> authorities = (List<String>)request.getAttribute(OAUTH_AUTHORITIES);
    List<GrantedAuthority> grantedAuthorities = new ArrayList<>();

    if (authorities != null) {
        for (String authority : authorities) {
            grantedAuthorities.add(new SimpleGrantedAuthority(authority));
        }

        Authentication auth = new AnonymousAuthenticationToken(UUID.randomUUID().toString(),
            req.getUserPrincipal(), grantedAuthorities);

        SecurityContextHolder.getContext().setAuthentication(auth);
    }


    chain.doFilter(req, resp);
}
 
Example 5
Source Project: lams   File: WebUtil.java    License: GNU General Public License v2.0 6 votes vote down vote up
/**
    * TODO default proper exception at lams level to replace RuntimeException TODO isTesting should be removed when
    * login is done properly.
    *
    * @param req
    *            -
    * @return username from principal object
    */
   public static String getUsername(HttpServletRequest req, boolean isTesting) throws RuntimeException {
if (isTesting) {
    return "test";
}

Principal prin = req.getUserPrincipal();
if (prin == null) {
    throw new RuntimeException(
	    "Trying to get username but principal object missing. Request is " + req.toString());
}

String username = prin.getName();
if (username == null) {
    throw new RuntimeException("Name missing from principal object. Request is " + req.toString()
	    + " Principal object is " + prin.toString());
}

return username;
   }
 
Example 6
Source Project: codenvy   File: LoginFilterTest.java    License: Eclipse Public License 1.0 6 votes vote down vote up
@Test
public void shouldWrappedPrincipalShouldNotBeTheSameAsInRequest()
    throws IOException, ServletException {
  // given
  HttpServletRequest request =
      new MockHttpServletRequest("http://localhost:8080/ws/ws", null, 0, "GET", null);
  when(tokenExtractor.getToken(eq(request))).thenReturn("t13f");
  when(ssoServerClient.getSubject(eq("t13f"), anyString()))
      .thenReturn(createSubject("[email protected]"));
  when(clientUrlExtractor.getClientUrl(eq(request))).thenReturn("http://localhost:8080/ws/ws");
  SsoClientPrincipal principal =
      new SsoClientPrincipal("t13f", "http://localhost:8080/ws/ws", createSubject("[email protected]"));
  request.getSession().setAttribute("principal", principal);

  // when
  filter.doFilter(request, response, chain);

  // then
  ArgumentCaptor<HttpServletRequest> captor = ArgumentCaptor.forClass(HttpServletRequest.class);
  verify(chain).doFilter(captor.capture(), any(ServletResponse.class));
  HttpServletRequest actual = captor.getValue();

  Principal actualUserPrincipal = actual.getUserPrincipal();
  Assert.assertNotEquals(actualUserPrincipal, principal);
}
 
Example 7
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
	String userId = null;
	HttpServletRequest httpRequest = (HttpServletRequest) request;
	try {
		loadECAPISession(httpRequest.getSession());
		
		Principal userPrincipal = httpRequest.getUserPrincipal();
		if (userPrincipal != null) {
			userId = userPrincipal.getName();
			boolean isAdminUser = httpRequest.isUserInRole(ApplicationRoles.ADMINISTRATOR_ROLE);								
			UserManager.setUserId(userId);
			UserManager.setIsUserAdmin(isAdminUser);
			// pass the request along the filter chain
			chain.doFilter(request, response);
		}
	} finally {
		UserManager.cleanUp();
		storeECAPISession(httpRequest.getSession());
	}
}
 
Example 8
Source Project: ee8-sandbox   File: TestServlet.java    License: Apache License 2.0 6 votes vote down vote up
@Override
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {

    response.getWriter().write("This is a servlet \n");

    String webName = null;
    if (request.getUserPrincipal() != null) {
        webName = request.getUserPrincipal().getName();
    }

    response.getWriter().write("web username: " + webName + "\n");

    response.getWriter().write("web user has role \"foo\": " + request.isUserInRole("foo") + "\n");
    response.getWriter().write("web user has role \"bar\": " + request.isUserInRole("bar") + "\n");
    response.getWriter().write("web user has role \"kaz\": " + request.isUserInRole("kaz") + "\n");
}
 
Example 9
Source Project: keycloak   File: ProtectedServlet.java    License: Apache License 2.0 6 votes vote down vote up
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
    String realm = req.getPathInfo().split("/")[1];
    if (realm.contains("?")) {
        realm = realm.split("\\?")[0];
    }

    if (req.getPathInfo().contains("logout")) {
        req.logout();
        resp.sendRedirect(req.getContextPath() + "/" + realm);
        return;
    }

    KeycloakPrincipal principal = (KeycloakPrincipal) req.getUserPrincipal();

    resp.setContentType("text/html");
    PrintWriter writer = resp.getWriter();

    writer.write("Realm: ");
    writer.write(principal.getKeycloakSecurityContext().getRealm());

    writer.write("<br/>User: ");
    writer.write(principal.getKeycloakSecurityContext().getIdToken().getPreferredUsername());

    writer.write(String.format("<br/><a href=\"/multitenant/%s/logout\">Logout</a>", realm));
}
 
Example 10
Source Project: tomee   File: RunAsServlet.java    License: Apache License 2.0 5 votes vote down vote up
public void invokeGetCallerPrincipal(final HttpServletRequest request) {
    // Servlet environment - running as "user"
    Principal principal = request.getUserPrincipal();
    Assert.assertNotNull(principal);
    Assert.assertEquals("user", principal.getName());

    // EJB environment - running as "runas"
    principal = secureEJBLocal.getCallerPrincipal();
    Assert.assertNotNull(principal);
    Assert.assertEquals("runas", principal.getName());
}
 
Example 11
@Override
public void createForPublicCalls(String page, String action, String log, HttpServletRequest request) {
    // Only log if cerberus_log_publiccalls parameter is equal to Y.

    if (parameterService.getParameterBooleanByKey("cerberus_log_publiccalls", "", false)) { // The parameter cerberus_log_publiccalls is activated so we log all Public API calls.
        String myUser = "";
        if (!(request.getUserPrincipal() == null)) {
            myUser = ParameterParserUtil.parseStringParam(request.getUserPrincipal().getName(), "");
        }
        this.create(factoryLogEvent.create(0, 0, myUser, null, page, action, log, request.getRemoteAddr(), request.getLocalAddr()));
    }
}
 
Example 12
public static boolean checkUserAuthorisation(HttpServletRequest request, HttpServletResponse response)
        throws IOException {
    Principal principal = request.getUserPrincipal();
    if (principal == null) {
        log.error("User is not authenticated");
        String fullUrl = getLoginUrl(request);
        response.sendRedirect(fullUrl);

        return false;
    }
    log.info("principal name = " + principal.getName());
    return true;
}
 
Example 13
@Override
protected void doFilter(FilterChain filterChain, HttpServletRequest request,
    HttpServletResponse response) throws IOException, ServletException {
  final HttpServletRequest lowerCaseRequest = toLowerCase(request);
  String doAsUser = lowerCaseRequest.getParameter(DO_AS);

  if (doAsUser != null && !doAsUser.equals(request.getRemoteUser())) {
    LOG.debug("doAsUser = {}, RemoteUser = {} , RemoteAddress = {} ",
        doAsUser, request.getRemoteUser(), request.getRemoteAddr());
    UserGroupInformation requestUgi = (request.getUserPrincipal() != null) ?
        UserGroupInformation.createRemoteUser(request.getRemoteUser())
        : null;
    if (requestUgi != null) {
      requestUgi = UserGroupInformation.createProxyUser(doAsUser,
          requestUgi);
      try {
        ProxyUsers.authorize(requestUgi, request.getRemoteAddr());

        final UserGroupInformation ugiF = requestUgi;
        request = new HttpServletRequestWrapper(request) {
          @Override
          public String getRemoteUser() {
            return ugiF.getShortUserName();
          }

          @Override
          public Principal getUserPrincipal() {
            return new Principal() {
              @Override
              public String getName() {
                return ugiF.getUserName();
              }
            };
          }
        };
        LOG.debug("Proxy user Authentication successful");
      } catch (AuthorizationException ex) {
        HttpExceptionUtils.createServletExceptionResponse(response,
            HttpServletResponse.SC_FORBIDDEN, ex);
        LOG.warn("Proxy user Authentication exception", ex);
        return;
      }
    }
  }
  super.doFilter(filterChain, request, response);
}
 
Example 14
/**
 * Setup and cleanup around this request.
 * 
 * @param req
 *        HttpServletRequest object with the client request
 * @param res
 *        HttpServletResponse object back to the client
 */
@SuppressWarnings("unchecked")
protected void service(HttpServletRequest req, HttpServletResponse res) throws ServletException, java.io.IOException
{
	SakaidavServletInfo info = newInfo(req);

	// try to authenticate based on a Principal (one of ours) in the req
	Principal prin = req.getUserPrincipal();

	if ((prin != null) && (prin instanceof DavPrincipal))
	{
		String eid = prin.getName();
		String pw = ((DavPrincipal) prin).getPassword();
		Evidence e = new IdPwEvidence(eid, pw, req.getRemoteAddr());

		// in older versions of this code, we didn't authenticate
		// if there was a session for this user. Unfortunately the
		// these are special non-sakai sessions, which do not
		// have real cookies attached. The cookie looks like
		// username-hostname. That means that they're easy to
		// fake. Since the DAV protocol doesn't actually
		// support sessions in the first place, most clients
		// won't use them. So it's a security hole without
		// any real benefit. Thus we check the password for
		// every transaction. The underlying sessions are still
		// a good idea, as they set the context for later
		// operations. But we can't depend upon the cookies for
		// authentication.

		// authenticate
		try
		{
			if ((eid.length() == 0) || (pw.length() == 0))
			{
				throw new AuthenticationException("missing required fields");
			}

			Authentication a = AuthenticationManager.authenticate(e);

			// No need to log in again if UsageSession is not null, active, and the eid is the 
			// same as that resulting from the DAV basic auth authentication
			
			if ((UsageSessionService.getSession() == null || UsageSessionService.getSession().isClosed()
					|| !a.getEid().equals(UsageSessionService.getSession().getUserEid()))
					&& !UsageSessionService.login(a, req, UsageSessionService.EVENT_LOGIN_DAV))
			{
				// login failed
				res.addHeader("WWW-Authenticate","Basic realm=\"DAV\"");
				res.sendError(401);
				return;
			}
		}
		catch (AuthenticationException ex)
		{
			// not authenticated
			res.addHeader("WWW-Authenticate","Basic realm=\"DAV\"");
			res.sendError(401);
			return;
		}
	}
	else
	{
		// user name missing, so can't authenticate
		res.addHeader("WWW-Authenticate","Basic realm=\"DAV\"");
		res.sendError(401);
		return;
	}

	// Set the client cookie if enabled as this is not done by the RequestFilter for dav requests.
	// This is not required by DAV clients but may be helpful in some load-balancing
	// configurations for session affinity across app servers. However, some Windows DAV clients
	// share cookies with IE7 which can lead to confusing results in the browser session.
	
	if (useCookies) {
		req.setAttribute(RequestFilter.ATTR_SET_COOKIE, true);
	}
	
	// Setup... ?

	try
	{
		doDispatch(info, req, res);
	}
	finally
	{
		log(req, info);
	}
}
 
Example 15
Source Project: ranger   File: XUserREST.java    License: Apache License 2.0 4 votes vote down vote up
/**
 * Implements the traditional search functionalities for XUsers
 *
 * @param request
 * @return
 */
@GET
@Path("/users")
@Produces({ "application/xml", "application/json" })
@PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.SEARCH_X_USERS + "\")")
public VXUserList searchXUsers(@Context HttpServletRequest request) {
	String UserRoleParamName = RangerConstants.ROLE_USER;
	SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
			request, xUserService.sortFields);
	String userName = null;
	if (request.getUserPrincipal() != null){
		userName = request.getUserPrincipal().getName();
	}
	searchUtil.extractString(request, searchCriteria, "name", "User name",null);
	searchUtil.extractString(request, searchCriteria, "emailAddress", "Email Address",
			null);		
	searchUtil.extractInt(request, searchCriteria, "userSource", "User Source");
	searchUtil.extractInt(request, searchCriteria, "isVisible", "User Visibility");
	searchUtil.extractInt(request, searchCriteria, "status", "User Status");
	List<String> userRolesList = searchUtil.extractStringList(request, searchCriteria, "userRoleList", "User Role List", "userRoleList", null,
			null);
	searchUtil.extractRoleString(request, searchCriteria, "userRole", "Role", null);

	if (CollectionUtils.isNotEmpty(userRolesList) && CollectionUtils.size(userRolesList) == 1 && userRolesList.get(0).equalsIgnoreCase(UserRoleParamName)) {
		if (!(searchCriteria.getParamList().containsKey("name"))) {
			searchCriteria.addParam("name", userName);
		}
		else if ((searchCriteria.getParamList().containsKey("name")) && userName!= null && userName.contains((String) searchCriteria.getParamList().get("name"))) {
			searchCriteria.addParam("name", userName);
		}
	}
	
	
	UserSessionBase userSession = ContextUtil.getCurrentUserSession();
	if (userSession != null && userSession.getLoginId() != null) {
		VXUser loggedInVXUser = xUserService.getXUserByUserName(userSession
				.getLoginId());
		if (loggedInVXUser != null) {
			if (loggedInVXUser.getUserRoleList().size() == 1
					&& loggedInVXUser.getUserRoleList().contains(
							RangerConstants.ROLE_USER)) {
				logger.info("Logged-In user having user role will be able to fetch his own user details.");
				if (!searchCriteria.getParamList().containsKey("name")) {
					searchCriteria.addParam("name", loggedInVXUser.getName());
				}else if(searchCriteria.getParamList().containsKey("name")
						&& !stringUtil.isEmpty(searchCriteria.getParamValue("name").toString())
						&& !searchCriteria.getParamValue("name").toString().equalsIgnoreCase(loggedInVXUser.getName())){
					throw restErrorUtil.create403RESTException("Logged-In user is not allowed to access requested user data.");
				}
								
			}
		}
	}

	return xUserMgr.searchXUsers(searchCriteria);
}
 
Example 16
Source Project: cxf-fediz   File: FederationServlet.java    License: Apache License 2.0 4 votes vote down vote up
public void doGet(HttpServletRequest request, HttpServletResponse response)
    throws ServletException, IOException {

    response.setContentType("text/html");
    PrintWriter out = response.getWriter();

    out.println("<html>");
    out.println("<head><title>WS Federation Spring Security Pre-Auth Example</title></head>");
    out.println("<body>");
    out.println("<h1>Hello World</h1>");
    out.println("Hello world<br>");
    out.println("Request url: "); out.println(request.getRequestURL()); out.println("<p>");


    out.println("<br><b>User</b><p>");
    Principal p = request.getUserPrincipal();
    if (p != null) {
        out.println("Principal: " + p.getName() + "<p>");
    }

    out.println("<br><b>Roles</b><p>");
    List<String> roleListToCheck = Arrays.asList("Admin", "Manager", "User", "Authenticated");
    for (String item: roleListToCheck) {
        out.println("Has role '" + item + "': " + ((request.isUserInRole(item)) ? "<b>yes</b>" : "no") + "<p>");
    }

    if (p instanceof FedizPrincipal) {
        FedizPrincipal fp = (FedizPrincipal)p;

        out.println("<br><b>Claims</b><p>");
        ClaimCollection claims = fp.getClaims();
        for (Claim c: claims) {
            out.println(c.getClaimType().toString() + ": " + c.getValue() + "<p>");
        }
    } else {
        out.println("Principal is not instance of FedizPrincipal");
    }

    // Access Spring security context
    Authentication obj = SecurityContextHolder.getContext().getAuthentication();
    System.out.println("getCredentials: " + obj.getCredentials().toString());
    System.out.println("getDetails: " + obj.getDetails().toString());
    System.out.println("getName: " + obj.getName().toString());
    System.out.println("getAuthorities: " + obj.getAuthorities().toString());
    System.out.println("getPrincipal: " + obj.getPrincipal().toString());

    Element el = SecurityTokenThreadLocal.getToken();
    if (el != null) {
        out.println("<p>Bootstrap token...");
        try {
            TransformerFactory transFactory = TransformerFactory.newInstance();
            Transformer transformer = transFactory.newTransformer();
            StringWriter buffer = new StringWriter();
            transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
            transformer.transform(new DOMSource(el),
                                  new StreamResult(buffer));
            String token = buffer.toString();
            out.println("<p>" + HtmlUtils.htmlEscape(token));
        } catch (Exception ex) {
            out.println("<p>Failed to transform cached element to string: " + ex.toString());
        }
    } else {
        out.println("<p>Bootstrap token not cached in thread local storage");
    }

    out.println("</body>");
}
 
Example 17
public static boolean isLoggedIn ( final HttpServletRequest request )
{
    return request.getUserPrincipal () != null;
}
 
Example 18
Source Project: cxf-fediz   File: FederationServlet.java    License: Apache License 2.0 4 votes vote down vote up
public void doGet(HttpServletRequest request, HttpServletResponse response)
    throws ServletException, IOException {

    response.setContentType("text/html");
    PrintWriter out = response.getWriter();

    out.println("<html>");
    out.println("<head><title>WS Federation Example</title></head>");
    out.println("<body>");
    out.println("<h1>Hello World</h1>");
    out.println("Hello world<br>");
    out.println("Request url: "); out.println(request.getRequestURL()); out.println("<p>");


    out.println("<br><b>User</b><p>");
    Principal p = request.getUserPrincipal();
    if (p != null) {
        out.println("Principal: " + p.getName() + "<p>");
    }

    out.println("<br><b>Roles</b><p>");
    List<String> roleListToCheck = Arrays.asList("Admin", "Manager", "User", "Authenticated");
    for (String item: roleListToCheck) {
        out.println("Has role '" + item + "': " + ((request.isUserInRole(item)) ? "<b>yes</b>" : "no") + "<p>");
    }

    if (p instanceof FedizPrincipal) {
        FedizPrincipal fp = (FedizPrincipal)p;

        out.println("<br><b>Claims</b><p>");
        ClaimCollection claims = fp.getClaims();
        for (Claim c: claims) {
            out.println(c.getClaimType().toString() + ": " + c.getValue() + "<p>");
        }
    } else {
        out.println("Principal is not instance of FedizPrincipal");
    }

    Element el = SecurityTokenThreadLocal.getToken();
    if (el != null) {
        out.println("<p>Bootstrap token...");
        String token = null;
        try {
            TransformerFactory transFactory = TransformerFactory.newInstance();
            Transformer transformer = transFactory.newTransformer();
            StringWriter buffer = new StringWriter();
            transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
            transformer.transform(new DOMSource(el),
                                  new StreamResult(buffer));
            token = buffer.toString();
            out.println("<p>" + StringEscapeUtils.escapeXml11(token));
        } catch (Exception ex) {
            out.println("<p>Failed to transform cached element to string: " + ex.toString());
        }
    } else {
        out.println("<p>Bootstrap token not cached in thread local storage");
    }

    out.println("</body>");
}
 
Example 19
Source Project: glowroot   File: UserIT.java    License: Apache License 2.0 4 votes vote down vote up
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) {
    // user principal is only captured if app actually uses it
    // (since it may throw exception)
    request.getUserPrincipal();
}
 
Example 20
/**
 * Setup and cleanup around this request.
 * 
 * @param req
 *        HttpServletRequest object with the client request
 * @param res
 *        HttpServletResponse object back to the client
 */
@SuppressWarnings("unchecked")
protected void service(HttpServletRequest req, HttpServletResponse res) throws ServletException, java.io.IOException
{
	SakaidavServletInfo info = newInfo(req);

	// try to authenticate based on a Principal (one of ours) in the req
	Principal prin = req.getUserPrincipal();

	if ((prin != null) && (prin instanceof DavPrincipal))
	{
		String eid = prin.getName();
		String pw = ((DavPrincipal) prin).getPassword();
		Evidence e = new IdPwEvidence(eid, pw, req.getRemoteAddr());

		// in older versions of this code, we didn't authenticate
		// if there was a session for this user. Unfortunately the
		// these are special non-sakai sessions, which do not
		// have real cookies attached. The cookie looks like
		// username-hostname. That means that they're easy to
		// fake. Since the DAV protocol doesn't actually
		// support sessions in the first place, most clients
		// won't use them. So it's a security hole without
		// any real benefit. Thus we check the password for
		// every transaction. The underlying sessions are still
		// a good idea, as they set the context for later
		// operations. But we can't depend upon the cookies for
		// authentication.

		// authenticate
		try
		{
			if ((eid.length() == 0) || (pw.length() == 0))
			{
				throw new AuthenticationException("missing required fields");
			}

			Authentication a = AuthenticationManager.authenticate(e);

			// No need to log in again if UsageSession is not null, active, and the eid is the 
			// same as that resulting from the DAV basic auth authentication
			
			if ((UsageSessionService.getSession() == null || UsageSessionService.getSession().isClosed()
					|| !a.getEid().equals(UsageSessionService.getSession().getUserEid()))
					&& !UsageSessionService.login(a, req, UsageSessionService.EVENT_LOGIN_DAV))
			{
				// login failed
				res.addHeader("WWW-Authenticate","Basic realm=\"DAV\"");
				res.sendError(401);
				return;
			}
		}
		catch (AuthenticationException ex)
		{
			// not authenticated
			res.addHeader("WWW-Authenticate","Basic realm=\"DAV\"");
			res.sendError(401);
			return;
		}
	}
	else
	{
		// user name missing, so can't authenticate
		res.addHeader("WWW-Authenticate","Basic realm=\"DAV\"");
		res.sendError(401);
		return;
	}

	// Set the client cookie if enabled as this is not done by the RequestFilter for dav requests.
	// This is not required by DAV clients but may be helpful in some load-balancing
	// configurations for session affinity across app servers. However, some Windows DAV clients
	// share cookies with IE7 which can lead to confusing results in the browser session.
	
	if (useCookies) {
		req.setAttribute(RequestFilter.ATTR_SET_COOKIE, true);
	}
	
	// Setup... ?

	try
	{
		doDispatch(info, req, res);
	}
	finally
	{
		log(req, info);
	}
}