- // TODO create CmsSession in another module
- if (authorization == null) {
- authorization = (Authorization) sharedState.get(SHARED_STATE_AUTHORIZATION);
- } else { // this login module did the authorization
- CmsAuthUtils.addAuthentication(subject, authorization);
- }
- if (authorization == null) {
- return false;
- }
- if (request == null)
- return false;
- String httpSessionId = request.getSession().getId();
- if (authorization.getName() != null) {
- request.setAttribute(HttpContext.REMOTE_USER, authorization.getName());
- request.setAttribute(HttpContext.AUTHORIZATION, authorization);
-
- HttpSession httpSession = request.getSession();
- if (httpSession.getAttribute(HttpContext.AUTHORIZATION) == null) {
-
- Collection<ServiceReference<WebCmsSession>> sr;
- try {
- sr = bc.getServiceReferences(WebCmsSession.class,
- "(" + WebCmsSession.CMS_SESSION_ID + "=" + httpSessionId + ")");
- } catch (InvalidSyntaxException e) {
- throw new CmsException("Cannot get CMS session for id " + httpSessionId, e);
- }
- ServiceReference<WebCmsSession> cmsSessionRef;
- if (sr.size() == 1) {
- cmsSessionRef = sr.iterator().next();
- } else if (sr.size() == 0) {
- WebCmsSessionImpl cmsSessionImpl = new WebCmsSessionImpl(httpSessionId, authorization);
- cmsSessionRef = cmsSessionImpl.getServiceRegistration().getReference();
- if (log.isDebugEnabled())
- log.debug("Initialized " + cmsSessionImpl + " for " + authorization.getName());
- } else
- throw new CmsException(sr.size() + " CMS sessions registered for " + httpSessionId);
-
- WebCmsSessionImpl cmsSession = (WebCmsSessionImpl) bc.getService(cmsSessionRef);
- cmsSession.addHttpSession(request);
- if (log.isTraceEnabled())
- log.trace("Added " + request.getServletPath() + " to " + cmsSession + " (" + request.getRequestURI()
- + ")");
- httpSession.setAttribute(HttpContext.REMOTE_USER, authorization.getName());
- httpSession.setAttribute(HttpContext.AUTHORIZATION, authorization);
- }
- }
- if (subject.getPrivateCredentials(HttpSessionId.class).size() == 0)
- subject.getPrivateCredentials().add(new HttpSessionId(httpSessionId));
- else {
- String storedSessionId = subject.getPrivateCredentials(HttpSessionId.class).iterator().next().getValue();
- if (storedSessionId.equals(httpSessionId))
- throw new LoginException(
- "Subject already logged with session " + storedSessionId + " (not " + httpSessionId + ")");