import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.argeo.cms.auth.HttpRequestCallbackHandler;
-import org.argeo.cms.servlet.ServletAuthUtils;
+import org.argeo.cms.auth.RemoteAuthCallbackHandler;
+import org.argeo.cms.auth.RemoteAuthUtils;
+import org.argeo.cms.servlet.ServletHttpRequest;
+import org.argeo.cms.servlet.ServletHttpResponse;
import org.osgi.service.http.context.ServletContextHelper;
/** Manages security access to servlets. */
* the login page.
*/
@Override
- public boolean handleSecurity(final HttpServletRequest request, HttpServletResponse response) throws IOException {
+ public boolean handleSecurity(final HttpServletRequest req, HttpServletResponse resp) throws IOException {
LoginContext lc = null;
+ ServletHttpRequest request = new ServletHttpRequest(req);
+ ServletHttpResponse response = new ServletHttpResponse(resp);
- String pathInfo = request.getPathInfo();
- String servletPath = request.getServletPath();
+ String pathInfo = req.getPathInfo();
+ String servletPath = req.getServletPath();
if ((pathInfo != null && (servletPath + pathInfo).equals(loginPage)) || servletPath.contentEquals(loginServlet))
return true;
try {
- lc = new LoginContext(LOGIN_CONTEXT_USER, new HttpRequestCallbackHandler(request, response));
+ lc = new LoginContext(LOGIN_CONTEXT_USER, new RemoteAuthCallbackHandler(request, response));
lc.login();
} catch (LoginException e) {
- lc = processUnauthorized(request, response);
+ lc = processUnauthorized(req, resp);
if (lc == null)
return false;
}
@Override
public Void run() {
// TODO also set login context in order to log out ?
- ServletAuthUtils.configureRequestSecurity(request);
+ RemoteAuthUtils.configureRequestSecurity(request);
return null;
}
}
@Override
- public void finishSecurity(HttpServletRequest request, HttpServletResponse response) {
- ServletAuthUtils.clearRequestSecurity(request);
+ public void finishSecurity(HttpServletRequest req, HttpServletResponse resp) {
+ RemoteAuthUtils.clearRequestSecurity(new ServletHttpRequest(req));
}
protected LoginContext processUnauthorized(HttpServletRequest request, HttpServletResponse response) {