projects
/
lgpl
/
argeo-commons.git
/ blobdiff
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Work on servlet securitxy integration.
[lgpl/argeo-commons.git]
/
org.argeo.cms
/
src
/
org
/
argeo
/
cms
/
integration
/
CmsPrivateServletContext.java
diff --git
a/org.argeo.cms/src/org/argeo/cms/integration/CmsPrivateServletContext.java
b/org.argeo.cms/src/org/argeo/cms/integration/CmsPrivateServletContext.java
index 4c7c8997af3f2dfff96dfd81bd8e2451206f7ba3..a97f4133fdbdc2cd3191a6164136ef9a1d703e5f 100644
(file)
--- a/
org.argeo.cms/src/org/argeo/cms/integration/CmsPrivateServletContext.java
+++ b/
org.argeo.cms/src/org/argeo/cms/integration/CmsPrivateServletContext.java
@@
-4,7
+4,6
@@
import static org.argeo.api.NodeConstants.LOGIN_CONTEXT_USER;
import java.io.IOException;
import java.security.AccessControlContext;
import java.io.IOException;
import java.security.AccessControlContext;
-import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Map;
import java.security.PrivilegedAction;
import java.util.Map;
@@
-15,6
+14,7
@@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.argeo.cms.auth.HttpRequestCallbackHandler;
import javax.servlet.http.HttpServletResponse;
import org.argeo.cms.auth.HttpRequestCallbackHandler;
+import org.argeo.cms.auth.ServletAuthUtils;
import org.osgi.service.http.context.ServletContextHelper;
/** Manages security access to servlets. */
import org.osgi.service.http.context.ServletContextHelper;
/** Manages security access to servlets. */
@@
-53,7
+53,8
@@
public class CmsPrivateServletContext extends ServletContextHelper {
@Override
public Void run() {
@Override
public Void run() {
- request.setAttribute(REMOTE_USER, AccessController.getContext());
+ // TODO also set login context in order to log out ?
+ ServletAuthUtils.configureRequestSecurity(request);
return null;
}
return null;
}
@@
-62,6
+63,11
@@
public class CmsPrivateServletContext extends ServletContextHelper {
return true;
}
return true;
}
+ @Override
+ public void finishSecurity(HttpServletRequest request, HttpServletResponse response) {
+ ServletAuthUtils.clearRequestSecurity(request);
+ }
+
protected LoginContext processUnauthorized(HttpServletRequest request, HttpServletResponse response) {
try {
response.sendRedirect(loginPage);
protected LoginContext processUnauthorized(HttpServletRequest request, HttpServletResponse response) {
try {
response.sendRedirect(loginPage);