X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FCmsAuthUtils.java;h=65ccbd6aba15c7c2cfa71fcb7f39d7107eb5d7a0;hb=c811008ac91053f068c26f48427617de9bb7b79c;hp=6fa7bd2a1c343d03e3b73ed14018175c8c43ad77;hpb=d66d81530f1da58e2e2c5d25e0a5dc30ad32b848;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java b/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java index 6fa7bd2a1..65ccbd6ab 100644 --- a/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java +++ b/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java @@ -117,10 +117,13 @@ class CmsAuthUtils { // subject.getPrincipals().removeAll(subject.getPrincipals(AnonymousPrincipal.class)); } - private static void registerSessionAuthorization(HttpServletRequest request, Subject subject, + private synchronized static void registerSessionAuthorization(HttpServletRequest request, Subject subject, Authorization authorization, Locale locale) { + // synchronized in order to avoid multiple registrations + // TODO move it to a service in order to avoid static synchronization if (request != null) { HttpSession httpSession = request.getSession(false); + assert httpSession != null; String httpSessId = httpSession.getId(); String remoteUser = authorization.getName() != null ? authorization.getName() : NodeConstants.ROLE_ANONYMOUS; @@ -131,7 +134,6 @@ class CmsAuthUtils { if (cmsSession != null) { if (authorization.getName() != null) { if (cmsSession.getAuthorization().getName() == null) { - // FIXME make it more generic cmsSession.close(); cmsSession = null; } else if (!authorization.getName().equals(cmsSession.getAuthorization().getName())) { @@ -140,8 +142,8 @@ class CmsAuthUtils { } } else {// anonymous if (cmsSession.getAuthorization().getName() != null) { - // FIXME make it more generic cmsSession.close(); + // TODO rather throw an exception ? log a warning ? cmsSession = null; } }