X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FHttpSessionLoginModule.java;h=ce004c58e86762e5937f4d8bae1aa8e509fe2cc4;hb=44728c14306ddf25bb5225496de5f44345fab85d;hp=be8a693baa2c9a6da376fc11c929e2defa1b2995;hpb=02a6354c17ddb160513580e9e3c7826d9475b177;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/auth/HttpSessionLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/HttpSessionLoginModule.java
index be8a693ba..ce004c58e 100644
--- a/org.argeo.cms/src/org/argeo/cms/auth/HttpSessionLoginModule.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/HttpSessionLoginModule.java
@@ -82,6 +82,8 @@ public class HttpSessionLoginModule implements LoginModule {
 			if (sr.size() == 1) {
 				CmsSession cmsSession = bc.getService(sr.iterator().next());
 				authorization = cmsSession.getAuthorization();
+				if (authorization.getName() == null)
+					authorization = null;// anonymous is not sufficient
 				if (log.isTraceEnabled())
 					log.trace("Retrieved authorization from " + cmsSession);
 			} else if (sr.size() == 0)
@@ -93,29 +95,15 @@ public class HttpSessionLoginModule implements LoginModule {
 		sharedState.put(CmsAuthUtils.SHARED_STATE_HTTP_REQUEST, request);
 		extractHttpAuth(request);
 		extractClientCertificate(request);
-		if (authorization == null)
+		if (authorization == null) {
 			return false;
-		sharedState.put(CmsAuthUtils.SHARED_STATE_AUTHORIZATION, authorization);
-		return true;
+		} else {
+			return true;
+		}
 	}
 
 	@Override
 	public boolean commit() throws LoginException {
-		// TODO create CmsSession in another module
-		Authorization authorizationToRegister;
-		if (authorization == null) {
-			authorizationToRegister = (Authorization) sharedState.get(CmsAuthUtils.SHARED_STATE_AUTHORIZATION);
-		} else { // this login module did the authorization
-			CmsAuthUtils.addAuthentication(subject, authorization);
-			authorizationToRegister = authorization;
-		}
-		if (authorizationToRegister == null) {
-			return false;
-		}
-		if (request == null)
-			return false;
-		CmsAuthUtils.registerSessionAuthorization(bc, request, subject, authorizationToRegister);
-
 		byte[] outToken = (byte[]) sharedState.get(CmsAuthUtils.SHARED_STATE_SPNEGO_OUT_TOKEN);
 		if (outToken != null) {
 			response.setHeader(CmsAuthUtils.HEADER_WWW_AUTHENTICATE,
@@ -123,7 +111,7 @@ public class HttpSessionLoginModule implements LoginModule {
 		}
 
 		if (authorization != null) {
-			// CmsAuthUtils.addAuthentication(subject, authorization);
+			CmsAuthUtils.addAuthorization(subject, authorization, request);
 			cleanUp();
 			return true;
 		} else {
@@ -145,7 +133,8 @@ public class HttpSessionLoginModule implements LoginModule {
 
 	@Override
 	public boolean logout() throws LoginException {
-		return CmsAuthUtils.logoutSession(bc, subject);
+		cleanUp();
+		return true;
 	}
 
 	private void extractHttpAuth(final HttpServletRequest httpRequest) {