X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FCmsAuthUtils.java;h=aa313ee0a954e6b2b1fa088f9c1881d9e093de72;hb=ef73bd445ed1fc2a24dd0afc4d022c48b0501e8e;hp=dadcc4dbcb109e23a604cbd8b4265eb8f3fe34bf;hpb=54e74b900b1c0f7b1de0def771de35e50a8d4071;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java b/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java index dadcc4dbc..aa313ee0a 100644 --- a/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java +++ b/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java @@ -65,13 +65,13 @@ class CmsAuthUtils { name = NodeSecurityUtils.ROLE_ANONYMOUS_NAME; userPrincipal = new AnonymousPrincipal(); principals.add(userPrincipal); - // principals.add(new AnonymousPrincipal()); } else { name = new LdapName(authName); NodeSecurityUtils.checkUserName(name); userPrincipal = new X500Principal(name.toString()); principals.add(userPrincipal); - principals.add(new ImpliedByPrincipal(NodeSecurityUtils.ROLE_USER_NAME, userPrincipal)); + // principals.add(new ImpliedByPrincipal(NodeSecurityUtils.ROLE_USER_NAME, + // userPrincipal)); } // Add roles provided by authorization @@ -79,6 +79,8 @@ class CmsAuthUtils { LdapName roleName = new LdapName(role); if (roleName.equals(name)) { // skip + } else if (roleName.equals(NodeSecurityUtils.ROLE_ANONYMOUS_NAME)) { + // skip } else { NodeSecurityUtils.checkImpliedPrincipalName(roleName); principals.add(new ImpliedByPrincipal(roleName.toString(), userPrincipal)); @@ -91,7 +93,7 @@ class CmsAuthUtils { throw new CmsException("Cannot commit", e); } - registerSessionAuthorization(request, subject, authorization, locale); + // registerSessionAuthorization(request, subject, authorization, locale); } private static void checkSubjectEmpty(Subject subject) { @@ -119,7 +121,7 @@ class CmsAuthUtils { // subject.getPrincipals().removeAll(subject.getPrincipals(AnonymousPrincipal.class)); } - private synchronized static void registerSessionAuthorization(HttpServletRequest request, Subject subject, + synchronized static void registerSessionAuthorization(HttpServletRequest request, Subject subject, Authorization authorization, Locale locale) { // synchronized in order to avoid multiple registrations // TODO move it to a service in order to avoid static synchronization @@ -142,6 +144,8 @@ class CmsAuthUtils { throw new CmsException("Inconsistent user " + authorization.getName() + " for existing CMS session " + cmsSession); } + // keyring + subject.getPrivateCredentials().addAll(cmsSession.getSecretKeys()); } else {// anonymous if (cmsSession.getAuthorization().getName() != null) { cmsSession.close(); @@ -149,10 +153,9 @@ class CmsAuthUtils { cmsSession = null; } } - } - - if (cmsSession == null) + } else if (cmsSession == null) { cmsSession = new WebCmsSessionImpl(subject, authorization, locale, request); + } // request.setAttribute(CmsSession.class.getName(), cmsSession); CmsSessionId nodeSessionId = new CmsSessionId(cmsSession.getUuid()); if (subject.getPrivateCredentials(CmsSessionId.class).size() == 0) @@ -163,7 +166,9 @@ class CmsAuthUtils { throw new CmsException( "Subject already logged with session " + storedSessionId + " (not " + nodeSessionId + ")"); } - } else { + } else + + { // TODO desktop, CLI } }