X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FCmsAuthUtils.java;h=65ccbd6aba15c7c2cfa71fcb7f39d7107eb5d7a0;hb=d2057396fab26e7b94e9d479d8429e0ed2487067;hp=4d59c5263a76afe974b600244c8ad6b848c98243;hpb=7864616a19aefc440239c1c8854c6b3969be7af0;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java b/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java index 4d59c5263..65ccbd6ab 100644 --- a/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java +++ b/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java @@ -1,6 +1,7 @@ package org.argeo.cms.auth; import java.security.Principal; +import java.util.Locale; import java.util.Set; import java.util.UUID; @@ -42,7 +43,8 @@ class CmsAuthUtils { final static String HEADER_AUTHORIZATION = "Authorization"; final static String HEADER_WWW_AUTHENTICATE = "WWW-Authenticate"; - static void addAuthorization(Subject subject, Authorization authorization, HttpServletRequest request) { + static void addAuthorization(Subject subject, Authorization authorization, Locale locale, + HttpServletRequest request) { assert subject != null; checkSubjectEmpty(subject); assert authorization != null; @@ -87,7 +89,7 @@ class CmsAuthUtils { throw new CmsException("Cannot commit", e); } - registerSessionAuthorization(request, subject, authorization); + registerSessionAuthorization(request, subject, authorization, locale); } private static void checkSubjectEmpty(Subject subject) { @@ -115,22 +117,24 @@ class CmsAuthUtils { // subject.getPrincipals().removeAll(subject.getPrincipals(AnonymousPrincipal.class)); } - private static void registerSessionAuthorization(HttpServletRequest request, Subject subject, - Authorization authorization) { + private synchronized static void registerSessionAuthorization(HttpServletRequest request, Subject subject, + Authorization authorization, Locale locale) { + // synchronized in order to avoid multiple registrations + // TODO move it to a service in order to avoid static synchronization if (request != null) { - HttpSession httpSession = request.getSession(); + HttpSession httpSession = request.getSession(false); + assert httpSession != null; String httpSessId = httpSession.getId(); String remoteUser = authorization.getName() != null ? authorization.getName() : NodeConstants.ROLE_ANONYMOUS; request.setAttribute(HttpContext.REMOTE_USER, remoteUser); request.setAttribute(HttpContext.AUTHORIZATION, authorization); - CmsSession cmsSession = CmsSessionImpl.getByLocalId(httpSessId); + CmsSessionImpl cmsSession = CmsSessionImpl.getByLocalId(httpSessId); if (cmsSession != null) { if (authorization.getName() != null) { if (cmsSession.getAuthorization().getName() == null) { - // FIXME make it more generic - ((WebCmsSessionImpl) cmsSession).cleanUp(); + cmsSession.close(); cmsSession = null; } else if (!authorization.getName().equals(cmsSession.getAuthorization().getName())) { throw new CmsException("Inconsistent user " + authorization.getName() @@ -138,15 +142,15 @@ class CmsAuthUtils { } } else {// anonymous if (cmsSession.getAuthorization().getName() != null) { - // FIXME make it more generic - ((WebCmsSessionImpl) cmsSession).cleanUp(); + cmsSession.close(); + // TODO rather throw an exception ? log a warning ? cmsSession = null; } } } if (cmsSession == null) - cmsSession = new WebCmsSessionImpl(subject, authorization, httpSessId); + cmsSession = new WebCmsSessionImpl(subject, authorization, locale, request); // request.setAttribute(CmsSession.class.getName(), cmsSession); CmsSessionId nodeSessionId = new CmsSessionId(cmsSession.getUuid()); if (subject.getPrivateCredentials(CmsSessionId.class).size() == 0)