X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FHttpSessionLoginModule.java;h=d3103627c294259f8d4218e3534f2a8d98ce89c1;hb=d2057396fab26e7b94e9d479d8429e0ed2487067;hp=9e05ac95aec0212b320dccb3424a573b06de83cc;hpb=e6ec864540db3fe0d39d99be294c7e402c2a4ce9;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/auth/HttpSessionLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/HttpSessionLoginModule.java
index 9e05ac95a..d3103627c 100644
--- a/org.argeo.cms/src/org/argeo/cms/auth/HttpSessionLoginModule.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/HttpSessionLoginModule.java
@@ -14,11 +14,13 @@ import javax.security.auth.login.LoginException;
 import javax.security.auth.spi.LoginModule;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
 
 import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.argeo.cms.CmsException;
+import org.argeo.naming.LdapAttrs;
 import org.osgi.framework.BundleContext;
 import org.osgi.framework.FrameworkUtil;
 import org.osgi.framework.InvalidSyntaxException;
@@ -68,7 +70,14 @@ public class HttpSessionLoginModule implements LoginModule {
 			return false;
 		authorization = (Authorization) request.getAttribute(HttpContext.AUTHORIZATION);
 		if (authorization == null) {// search by session ID
-			String httpSessionId = request.getSession().getId();
+			HttpSession httpSession = request.getSession(false);
+			if (httpSession == null) {
+				// TODO make sure this is always safe
+				if (log.isTraceEnabled())
+					log.trace("Create http session");
+				httpSession = request.getSession(true);
+			}
+			String httpSessionId = httpSession.getId();
 			// authorization = (Authorization)
 			// request.getSession().getAttribute(HttpContext.AUTHORIZATION);
 			// if (authorization == null) {
@@ -82,6 +91,8 @@ public class HttpSessionLoginModule implements LoginModule {
 			if (sr.size() == 1) {
 				CmsSession cmsSession = bc.getService(sr.iterator().next());
 				authorization = cmsSession.getAuthorization();
+				if (authorization.getName() == null)
+					authorization = null;// anonymous is not sufficient
 				if (log.isTraceEnabled())
 					log.trace("Retrieved authorization from " + cmsSession);
 			} else if (sr.size() == 0)
@@ -93,35 +104,15 @@ public class HttpSessionLoginModule implements LoginModule {
 		sharedState.put(CmsAuthUtils.SHARED_STATE_HTTP_REQUEST, request);
 		extractHttpAuth(request);
 		extractClientCertificate(request);
-		if (authorization == null)
+		if (authorization == null) {
 			return false;
-		sharedState.put(CmsAuthUtils.SHARED_STATE_AUTHORIZATION, authorization);
-		return true;
+		} else {
+			return true;
+		}
 	}
 
 	@Override
 	public boolean commit() throws LoginException {
-		if(authorization!=null){
-			CmsAuthUtils.addAuthorization(subject, authorization,request);
-//			CmsAuthUtils.registerSessionAuthorization(bc, request, subject, authorization);
-		}
-		
-		// TODO create CmsSession in another module
-//		Authorization authorizationToRegister;
-//		if (authorization == null) {
-//			authorizationToRegister = (Authorization) sharedState.get(CmsAuthUtils.SHARED_STATE_AUTHORIZATION);
-//		}
-//		else { // this login module did the authorization
-//			CmsAuthUtils.addAuthentication(subject, authorization);
-//			authorizationToRegister = authorization;
-//		}
-//		if (authorizationToRegister == null) {
-//			return false;
-//		}
-//		if (request == null)
-//			return false;
-//		CmsAuthUtils.registerSessionAuthorization(bc, request, subject, authorizationToRegister);
-
 		byte[] outToken = (byte[]) sharedState.get(CmsAuthUtils.SHARED_STATE_SPNEGO_OUT_TOKEN);
 		if (outToken != null) {
 			response.setHeader(CmsAuthUtils.HEADER_WWW_AUTHENTICATE,
@@ -129,7 +120,7 @@ public class HttpSessionLoginModule implements LoginModule {
 		}
 
 		if (authorization != null) {
-			// CmsAuthUtils.addAuthentication(subject, authorization);
+			CmsAuthUtils.addAuthorization(subject, authorization, request.getLocale(), request);
 			cleanUp();
 			return true;
 		} else {
@@ -151,7 +142,8 @@ public class HttpSessionLoginModule implements LoginModule {
 
 	@Override
 	public boolean logout() throws LoginException {
-		return CmsAuthUtils.logoutSession(bc, subject);
+		cleanUp();
+		return true;
 	}
 
 	private void extractHttpAuth(final HttpServletRequest httpRequest) {
@@ -184,6 +176,15 @@ public class HttpSessionLoginModule implements LoginModule {
 				}
 			}
 		}
+
+		// auth token
+//		String mail = request.getParameter(LdapAttrs.mail.name());
+//		String authPassword = request.getParameter(LdapAttrs.authPassword.name());
+//		if (authPassword != null) {
+//			sharedState.put(CmsAuthUtils.SHARED_STATE_PWD, authPassword);
+//			if (mail != null)
+//				sharedState.put(CmsAuthUtils.SHARED_STATE_NAME, mail);
+//		}
 	}
 
 	private X509Certificate[] extractClientCertificate(HttpServletRequest req) {