Improve and clean authentication. Reintroduce anonymous login context.

[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / internal / http / CmsSessionProvider.java
diff --git a/org.argeo.cms/src/org/argeo/cms/internal/http/CmsSessionProvider.java b/org.argeo.cms/src/org/argeo/cms/internal/http/CmsSessionProvider.java

index e398fc95641e18927fe1ed5cbdc0b192c1948005..37ba5cdb15332a440e1dac222ecaf7ed16d1db28 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/internal/http/CmsSessionProvider.java
+++ b/org.argeo.cms/src/org/argeo/cms/internal/http/CmsSessionProvider.java
@@ -1,24 +1,19 @@
  package org.argeo.cms.internal.http;
  
  import java.io.Serializable;
-import java.security.PrivilegedExceptionAction;
  import java.util.LinkedHashMap;
  
  import javax.jcr.Repository;
  import javax.jcr.RepositoryException;
  import javax.jcr.Session;
-import javax.security.auth.Subject;
-import javax.security.auth.login.LoginContext;
  import javax.servlet.ServletException;
  import javax.servlet.http.HttpServletRequest;
  
  import org.apache.commons.logging.Log;
  import org.apache.commons.logging.LogFactory;
  import org.apache.jackrabbit.server.SessionProvider;
-import org.argeo.cms.CmsException;
  import org.argeo.cms.auth.CmsSession;
  import org.argeo.jcr.JcrUtils;
-import org.argeo.node.NodeConstants;
  
  /**
   * Implements an open session in view patter: a new JCR session is created for
@@ -41,8 +36,8 @@ class CmsSessionProvider implements SessionProvider, Serializable {
                         throws javax.jcr.LoginException, ServletException, RepositoryException {
  
                 CmsSession cmsSession = WebCmsSessionImpl.getCmsSession(request);
-               if (cmsSession == null)
-                       return anonymousSession(request, rep, workspace);
+//             if (cmsSession == null)
+//                     return anonymousSession(request, rep, workspace);
                 if (log.isTraceEnabled()) {
                         log.debug("Get JCR session from " + cmsSession);
                 }
@@ -51,32 +46,32 @@ class CmsSessionProvider implements SessionProvider, Serializable {
                 return session;
         }
  
-       private synchronized Session anonymousSession(HttpServletRequest request, Repository repository, String workspace) {
-               // TODO rather log in here as anonymous?
-               LoginContext lc = (LoginContext) request.getAttribute(NodeConstants.LOGIN_CONTEXT_USER);
-               if (lc == null)
-                       throw new CmsException("No login context available");
-               // optimize
-               Session session;
-               try {
-                       session = Subject.doAs(lc.getSubject(), new PrivilegedExceptionAction<Session>() {
-                               @Override
-                               public Session run() throws Exception {
-                                       return repository.login(workspace);
-                               }
-                       });
-               } catch (Exception e) {
-                       throw new CmsException("Cannot log in to JCR", e);
-               }
-               return session;
-       }
+//     private synchronized Session anonymousSession(HttpServletRequest request, Repository repository, String workspace) {
+//             // TODO rather log in here as anonymous?
+//             LoginContext lc = (LoginContext) request.getAttribute(NodeConstants.LOGIN_CONTEXT_ANONYMOUS);
+//             if (lc == null)
+//                     throw new CmsException("No login context available");
+//             // optimize
+//             Session session;
+//             try {
+//                     session = Subject.doAs(lc.getSubject(), new PrivilegedExceptionAction<Session>() {
+//                             @Override
+//                             public Session run() throws Exception {
+//                                     return repository.login(workspace);
+//                             }
+//                     });
+//             } catch (Exception e) {
+//                     throw new CmsException("Cannot log in to JCR", e);
+//             }
+//             return session;
+//     }
  
         public synchronized void releaseSession(Session session) {
                 if (cmsSessions.containsKey(session)) {
                         CmsSession cmsSession = cmsSessions.get(session);
                         cmsSession.releaseDataSession(alias, session);
                 } else {
-                       // anonymous
+                       log.warn("JCR session "+session+" not found in CMS session list. Logging it out...");
                         JcrUtils.logoutQuietly(session);
                 }
         }