X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FRemoteAuthUtils.java;h=af4b5379c8383712c1e8870b13fc8e2e4c897874;hb=091d43fef5f8e88c7081340138eb1bb33c5862a2;hp=4a8f18fcd811a11b516597e827d173542a441c50;hpb=54df376a9c2dd458a82eaa09bfbb718fe699dd0d;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/auth/RemoteAuthUtils.java b/org.argeo.cms/src/org/argeo/cms/auth/RemoteAuthUtils.java index 4a8f18fcd..af4b5379c 100644 --- a/org.argeo.cms/src/org/argeo/cms/auth/RemoteAuthUtils.java +++ b/org.argeo.cms/src/org/argeo/cms/auth/RemoteAuthUtils.java @@ -46,39 +46,8 @@ public class RemoteAuthUtils { public final static T doAs(Supplier supplier, RemoteAuthRequest req) { CmsSession cmsSession = getCmsSession(req); return CurrentSubject.callAs(cmsSession.getSubject(), () -> supplier.get()); -// ClassLoader currentContextCl = Thread.currentThread().getContextClassLoader(); -// Thread.currentThread().setContextClassLoader(RemoteAuthUtils.class.getClassLoader()); -// try { -// return Subject.doAs( -// Subject.getSubject((AccessControlContext) req.getAttribute(AccessControlContext.class.getName())), -// new PrivilegedAction() { -// -// @Override -// public T run() { -// return supplier.get(); -// } -// -// }); -// } finally { -// Thread.currentThread().setContextClassLoader(currentContextCl); -// } } -// public final static void configureRequestSecurity(RemoteAuthRequest req) { -// if (req.getAttribute(AccessControlContext.class.getName()) != null) -// throw new IllegalStateException("Request already authenticated."); -// AccessControlContext acc = AccessController.getContext(); -// req.setAttribute(REMOTE_USER, CurrentUser.getUsername()); -// req.setAttribute(AccessControlContext.class.getName(), acc); -// } -// -// public final static void clearRequestSecurity(RemoteAuthRequest req) { -// if (req.getAttribute(AccessControlContext.class.getName()) == null) -// throw new IllegalStateException("Cannot clear non-authenticated request."); -// req.setAttribute(REMOTE_USER, null); -// req.setAttribute(AccessControlContext.class.getName(), null); -// } - public static CmsSession getCmsSession(RemoteAuthRequest req) { CmsSession cmsSession = (CmsSession) req.getAttribute(CmsSession.class.getName()); if (cmsSession == null) @@ -161,11 +130,15 @@ public class RemoteAuthUtils { // response.setHeader(HttpUtils.HEADER_WWW_AUTHENTICATE, "basic // realm=\"" + httpAuthRealm + "\""); - if (hasAcceptorCredentials() && !forceBasic && !negotiateFailed)// SPNEGO - remoteAuthResponse.setHeader(HttpHeader.WWW_AUTHENTICATE.getHeaderName(), HttpHeader.NEGOTIATE); - else + if (hasAcceptorCredentials() && !forceBasic && !negotiateFailed) {// SPNEGO + remoteAuthResponse.addHeader(HttpHeader.WWW_AUTHENTICATE.getHeaderName(), HttpHeader.NEGOTIATE); + // TODO make it configurable ? + remoteAuthResponse.addHeader(HttpHeader.WWW_AUTHENTICATE.getHeaderName(), + HttpHeader.BASIC + " " + HttpHeader.REALM + "=\"" + realm + "\""); + } else { remoteAuthResponse.setHeader(HttpHeader.WWW_AUTHENTICATE.getHeaderName(), HttpHeader.BASIC + " " + HttpHeader.REALM + "=\"" + realm + "\""); + } // response.setDateHeader("Date", System.currentTimeMillis()); // response.setDateHeader("Expires", System.currentTimeMillis() + (24 *