X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2FCmsLogin.java;h=eab83ee316113f6cdce0a36126cca7edfd193d84;hb=54900d01b87c39e1b4099b6db4c173a7bbf7136b;hp=d93a952254d1aa3c233bc3b0c1845b14bc276d3d;hpb=d12f4cda6ff7b1de242a19362c3680f30ccc5168;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/CmsLogin.java b/org.argeo.cms/src/org/argeo/cms/CmsLogin.java index d93a95225..eab83ee31 100644 --- a/org.argeo.cms/src/org/argeo/cms/CmsLogin.java +++ b/org.argeo.cms/src/org/argeo/cms/CmsLogin.java @@ -1,59 +1,46 @@ package org.argeo.cms; -import static org.argeo.cms.internal.kernel.KernelConstants.SPRING_SECURITY_CONTEXT_KEY; - -import java.util.Collections; -import java.util.List; - -import javax.servlet.http.HttpSession; +import javax.security.auth.Subject; +import javax.security.auth.login.LoginContext; +import javax.security.auth.login.LoginException; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.argeo.cms.internal.kernel.KernelConstants; -import org.eclipse.rap.rwt.RWT; -import org.springframework.security.authentication.AnonymousAuthenticationToken; +import org.argeo.ArgeoException; +import org.argeo.cms.auth.ArgeoLoginContext; +import org.argeo.security.NodeAuthenticationToken; import org.springframework.security.authentication.AuthenticationManager; -import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; -import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.security.core.userdetails.User; -import org.springframework.security.core.userdetails.UserDetails; /** Gateway for user login, can also generate the related UI. */ public class CmsLogin { private final static Log log = LogFactory.getLog(CmsLogin.class); private AuthenticationManager authenticationManager; - private String systemKey = KernelConstants.DEFAULT_SECURITY_KEY; + + // private String systemKey = KernelConstants.DEFAULT_SECURITY_KEY; public void logInAsAnonymous() { - // TODO Better deal with anonymous authentication + Subject subject = new Subject(); + final LoginContext loginContext; try { - List anonAuthorities = Collections - .singletonList(new SimpleGrantedAuthority( - KernelHeader.USERNAME_ANONYMOUS)); - UserDetails anonUser = new User("anonymous", "", true, true, true, - true, anonAuthorities); - AnonymousAuthenticationToken anonToken = new AnonymousAuthenticationToken( - systemKey, anonUser, anonAuthorities); - Authentication authentication = authenticationManager - .authenticate(anonToken); - SecurityContextHolder.getContext() - .setAuthentication(authentication); - } catch (Exception e) { - throw new CmsException("Cannot authenticate", e); + loginContext = new ArgeoLoginContext( + KernelHeader.LOGIN_CONTEXT_ANONYMOUS, subject); + loginContext.login(); + } catch (LoginException e1) { + throw new ArgeoException("Cannot authenticate anonymous", e1); } } public void logInWithPassword(String username, char[] password) { - UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken( - username, password); + NodeAuthenticationToken token = new NodeAuthenticationToken(username, + password); Authentication authentication = authenticationManager .authenticate(token); SecurityContextHolder.getContext().setAuthentication(authentication); - HttpSession httpSession = RWT.getRequest().getSession(); - httpSession.setAttribute(SPRING_SECURITY_CONTEXT_KEY, - SecurityContextHolder.getContext()); + // HttpSession httpSession = RWT.getRequest().getSession(); + // httpSession.setAttribute(SPRING_SECURITY_CONTEXT_KEY, + // SecurityContextHolder.getContext()); if (log.isDebugEnabled()) log.debug("Authenticated as " + authentication); } @@ -63,8 +50,8 @@ public class CmsLogin { this.authenticationManager = authenticationManager; } - public void setSystemKey(String systemKey) { - this.systemKey = systemKey; - } + // public void setSystemKey(String systemKey) { + // this.systemKey = systemKey; + // } }