X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FRemoteAuthUtils.java;h=af4b5379c8383712c1e8870b13fc8e2e4c897874;hb=HEAD;hp=785eeb912f727a5a1246d41927536167f5830a26;hpb=bbfad683e435f1989cb7ed4aa56a2fed52b64245;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/auth/RemoteAuthUtils.java b/org.argeo.cms/src/org/argeo/cms/auth/RemoteAuthUtils.java index 785eeb912..af4b5379c 100644 --- a/org.argeo.cms/src/org/argeo/cms/auth/RemoteAuthUtils.java +++ b/org.argeo.cms/src/org/argeo/cms/auth/RemoteAuthUtils.java @@ -12,10 +12,10 @@ import javax.security.auth.login.LoginException; import org.argeo.api.cms.CmsAuth; import org.argeo.api.cms.CmsLog; import org.argeo.api.cms.CmsSession; +import org.argeo.cms.http.HttpHeader; +import org.argeo.cms.http.HttpStatus; import org.argeo.cms.internal.runtime.CmsContextImpl; -import org.argeo.util.CurrentSubject; -import org.argeo.util.http.HttpHeader; -import org.argeo.util.http.HttpStatus; +import org.argeo.cms.util.CurrentSubject; import org.ietf.jgss.GSSContext; import org.ietf.jgss.GSSException; import org.ietf.jgss.GSSManager; @@ -46,39 +46,8 @@ public class RemoteAuthUtils { public final static T doAs(Supplier supplier, RemoteAuthRequest req) { CmsSession cmsSession = getCmsSession(req); return CurrentSubject.callAs(cmsSession.getSubject(), () -> supplier.get()); -// ClassLoader currentContextCl = Thread.currentThread().getContextClassLoader(); -// Thread.currentThread().setContextClassLoader(RemoteAuthUtils.class.getClassLoader()); -// try { -// return Subject.doAs( -// Subject.getSubject((AccessControlContext) req.getAttribute(AccessControlContext.class.getName())), -// new PrivilegedAction() { -// -// @Override -// public T run() { -// return supplier.get(); -// } -// -// }); -// } finally { -// Thread.currentThread().setContextClassLoader(currentContextCl); -// } } -// public final static void configureRequestSecurity(RemoteAuthRequest req) { -// if (req.getAttribute(AccessControlContext.class.getName()) != null) -// throw new IllegalStateException("Request already authenticated."); -// AccessControlContext acc = AccessController.getContext(); -// req.setAttribute(REMOTE_USER, CurrentUser.getUsername()); -// req.setAttribute(AccessControlContext.class.getName(), acc); -// } -// -// public final static void clearRequestSecurity(RemoteAuthRequest req) { -// if (req.getAttribute(AccessControlContext.class.getName()) == null) -// throw new IllegalStateException("Cannot clear non-authenticated request."); -// req.setAttribute(REMOTE_USER, null); -// req.setAttribute(AccessControlContext.class.getName(), null); -// } - public static CmsSession getCmsSession(RemoteAuthRequest req) { CmsSession cmsSession = (CmsSession) req.getAttribute(CmsSession.class.getName()); if (cmsSession == null) @@ -161,11 +130,15 @@ public class RemoteAuthUtils { // response.setHeader(HttpUtils.HEADER_WWW_AUTHENTICATE, "basic // realm=\"" + httpAuthRealm + "\""); - if (hasAcceptorCredentials() && !forceBasic && !negotiateFailed)// SPNEGO - remoteAuthResponse.setHeader(HttpHeader.WWW_AUTHENTICATE.getHeaderName(), HttpHeader.NEGOTIATE); - else + if (hasAcceptorCredentials() && !forceBasic && !negotiateFailed) {// SPNEGO + remoteAuthResponse.addHeader(HttpHeader.WWW_AUTHENTICATE.getHeaderName(), HttpHeader.NEGOTIATE); + // TODO make it configurable ? + remoteAuthResponse.addHeader(HttpHeader.WWW_AUTHENTICATE.getHeaderName(), + HttpHeader.BASIC + " " + HttpHeader.REALM + "=\"" + realm + "\""); + } else { remoteAuthResponse.setHeader(HttpHeader.WWW_AUTHENTICATE.getHeaderName(), HttpHeader.BASIC + " " + HttpHeader.REALM + "=\"" + realm + "\""); + } // response.setDateHeader("Date", System.currentTimeMillis()); // response.setDateHeader("Expires", System.currentTimeMillis() + (24 *