X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2FAbstractCmsEntryPoint.java;h=c101c021f134bc36602a0dc93b1a6da661ac4039;hb=2efce0621cf742d6ef077a1f13f8c76843c20ffb;hp=9a7f6412e862a5b219df558932fe5b6952606f92;hpb=ba85380c1db977b0d9ea3182d1383956a8b80679;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/AbstractCmsEntryPoint.java b/org.argeo.cms/src/org/argeo/cms/AbstractCmsEntryPoint.java index 9a7f6412e..c101c021f 100644 --- a/org.argeo.cms/src/org/argeo/cms/AbstractCmsEntryPoint.java +++ b/org.argeo.cms/src/org/argeo/cms/AbstractCmsEntryPoint.java @@ -1,9 +1,8 @@ package org.argeo.cms; +import java.security.PrivilegedAction; import java.util.HashMap; -import java.util.Locale; import java.util.Map; -import java.util.ResourceBundle; import javax.jcr.Node; import javax.jcr.Property; @@ -12,14 +11,17 @@ import javax.jcr.RepositoryException; import javax.jcr.Session; import javax.jcr.nodetype.NodeType; import javax.security.auth.Subject; +import javax.security.auth.login.CredentialNotFoundException; +import javax.security.auth.login.LoginContext; import javax.security.auth.login.LoginException; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.argeo.ArgeoException; -import org.argeo.cms.auth.ArgeoLoginContext; -import org.argeo.cms.auth.LoginRequiredException; -import org.argeo.cms.i18n.Msg; +import org.argeo.cms.auth.AuthConstants; +import org.argeo.cms.auth.HttpRequestCallbackHandler; +import org.argeo.cms.ui.UxContext; +import org.argeo.eclipse.ui.specific.UiContext; import org.argeo.jcr.JcrUtils; import org.eclipse.rap.rwt.RWT; import org.eclipse.rap.rwt.application.AbstractEntryPoint; @@ -34,10 +36,11 @@ import org.eclipse.swt.widgets.Shell; /** Manages history and navigation */ public abstract class AbstractCmsEntryPoint extends AbstractEntryPoint - implements CmsSession { + implements CmsView { private final Log log = LogFactory.getLog(AbstractCmsEntryPoint.class); - private final Subject subject = new Subject(); + private final Subject subject; + private LoginContext loginContext; private final Repository repository; private final String workspace; @@ -61,23 +64,26 @@ public abstract class AbstractCmsEntryPoint extends AbstractEntryPoint this.workspace = workspace; this.defaultPath = defaultPath; this.factoryProperties = new HashMap(factoryProperties); + subject = new Subject(); // Initial login try { - new ArgeoLoginContext(KernelHeader.LOGIN_CONTEXT_USER, subject) - .login(); - } catch (LoginException e) { - if (log.isTraceEnabled()) - log.trace("Cannot authenticate user", e); + loginContext = new LoginContext(AuthConstants.LOGIN_CONTEXT_USER, + subject, new HttpRequestCallbackHandler( + UiContext.getHttpRequest())); + loginContext.login(); + } catch (CredentialNotFoundException e) { try { - new ArgeoLoginContext(KernelHeader.LOGIN_CONTEXT_ANONYMOUS, - subject).login(); - } catch (LoginException eAnonymous) { - throw new ArgeoException("Cannot initialize subject", - eAnonymous); + loginContext = new LoginContext( + AuthConstants.LOGIN_CONTEXT_ANONYMOUS, subject); + loginContext.login(); + } catch (LoginException e1) { + throw new ArgeoException("Cannot log as anonymous", e); } + } catch (LoginException e) { + throw new ArgeoException("Cannot initialize subject", e); } - authChange(); + authChange(loginContext); jsExecutor = RWT.getClient().getService(JavaScriptExecutor.class); browserNavigation = RWT.getClient().getService(BrowserNavigation.class); @@ -103,18 +109,24 @@ public abstract class AbstractCmsEntryPoint extends AbstractEntryPoint } @Override - protected final void createContents(Composite parent) { - try { - getShell().getDisplay().setData(CmsSession.KEY, this); - - createUi(parent); - } catch (Exception e) { - throw new CmsException("Cannot create entrypoint contents", e); - } + protected final void createContents(final Composite parent) { + UiContext.setData(CmsView.KEY, this); + Subject.doAs(subject, new PrivilegedAction() { + @Override + public Void run() { + try { + initUi(parent); + } catch (Exception e) { + throw new CmsException("Cannot create entrypoint contents", + e); + } + return null; + } + }); } /** Create UI */ - protected abstract void createUi(Composite parent); + protected abstract void initUi(Composite parent); /** Recreate UI after navigation or auth change */ protected abstract void refresh(); @@ -125,8 +137,9 @@ public abstract class AbstractCmsEntryPoint extends AbstractEntryPoint */ protected Node getDefaultNode(Session session) throws RepositoryException { if (!session.hasPermission(defaultPath, "read")) { - if (session.getUserID().equals("anonymous")) - throw new LoginRequiredException(); + if (session.getUserID().equals(AuthConstants.ROLE_ANONYMOUS)) + // TODO throw a special exception + throw new CmsException("Login required"); else throw new CmsException("Unauthorized"); } @@ -140,7 +153,7 @@ public abstract class AbstractCmsEntryPoint extends AbstractEntryPoint public void navigateTo(String state) { exception = null; String title = setState(state); - refresh(); + doRefresh(); if (browserNavigation != null) browserNavigation.pushState(state, title); } @@ -151,44 +164,87 @@ public abstract class AbstractCmsEntryPoint extends AbstractEntryPoint } @Override - public void authChange() { + public void logout() { + if (loginContext == null) + throw new CmsException("Login context should not be null"); try { - String currentPath = null; - if (node != null) - currentPath = node.getPath(); - JcrUtils.logoutQuietly(session); + loginContext.logout(); + LoginContext anonymousLc = new LoginContext( + AuthConstants.LOGIN_CONTEXT_ANONYMOUS, subject); + anonymousLc.login(); + authChange(anonymousLc); + } catch (LoginException e) { + throw new CmsException("Cannot logout", e); + } + } - session = repository.login(workspace); - if (currentPath != null) - node = session.getNode(currentPath); + @Override + public void authChange(LoginContext loginContext) { + if (loginContext == null) + throw new CmsException("Login context cannot be null"); + this.loginContext = loginContext; + Subject.doAs(subject, new PrivilegedAction() { - // refresh UI - refresh(); - } catch (RepositoryException e) { - throw new CmsException("Cannot perform auth change", e); - } + @Override + public Void run() { + try { + String currentPath = null; + if (node != null) + currentPath = node.getPath(); + JcrUtils.logoutQuietly(session); + + session = repository.login(workspace); + if (currentPath != null) + try { + node = session.getNode(currentPath); + } catch (Exception e) { + logout(); + session = repository.login(workspace); + navigateTo("~"); + throw e; + } + + // refresh UI + doRefresh(); + } catch (RepositoryException e) { + throw new CmsException("Cannot perform auth change", e); + } + return null; + } + + }); } @Override - public void exception(Throwable e) { - this.exception = e; + public void exception(final Throwable e) { + AbstractCmsEntryPoint.this.exception = e; log.error("Unexpected exception in CMS", e); - refresh(); + doRefresh(); } - @Override - public Object local(Msg msg) { - String key = msg.getId(); - int lastDot = key.lastIndexOf('.'); - String className = key.substring(0, lastDot); - String fieldName = key.substring(lastDot + 1); - Locale locale = RWT.getLocale(); - ResourceBundle rb = ResourceBundle.getBundle(className, locale, - msg.getClassLoader()); - return rb.getString(fieldName); + protected void doRefresh() { + Subject.doAs(subject, new PrivilegedAction() { + @Override + public Void run() { + refresh(); + return null; + } + }); } + // @Override + // public Object local(Msg msg) { + // String key = msg.getId(); + // int lastDot = key.lastIndexOf('.'); + // String className = key.substring(0, lastDot); + // String fieldName = key.substring(lastDot + 1); + // Locale locale = RWT.getLocale(); + // ResourceBundle rb = ResourceBundle.getBundle(className, locale, + // msg.getClassLoader()); + // return rb.getString(fieldName); + // } + /** Sets the state of the entry point and retrieve the related JCR node. */ protected synchronized String setState(String newState) { String previousState = this.state;