X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.security.ui.rap%2Fsrc%2Forg%2Fargeo%2Fsecurity%2Fui%2Frap%2FAnonymousEntryPoint.java;h=04b6f0a9d38c08a9b02c854d82750a5a21df2ede;hb=8260f4470f514ea347ca53f5b4dfc632c4a4de66;hp=16d24897c7970f0d073bc227f2600c6af568af4f;hpb=d33e8191813f561cee96fbbbd3f74737070140d0;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.security.ui.rap/src/org/argeo/security/ui/rap/AnonymousEntryPoint.java b/org.argeo.security.ui.rap/src/org/argeo/security/ui/rap/AnonymousEntryPoint.java index 16d24897c..04b6f0a9d 100644 --- a/org.argeo.security.ui.rap/src/org/argeo/security/ui/rap/AnonymousEntryPoint.java +++ b/org.argeo.security.ui.rap/src/org/argeo/security/ui/rap/AnonymousEntryPoint.java @@ -18,14 +18,15 @@ package org.argeo.security.ui.rap; import java.security.PrivilegedAction; import javax.security.auth.Subject; +import javax.security.auth.login.LoginContext; import javax.security.auth.login.LoginException; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.argeo.ArgeoException; -import org.eclipse.equinox.security.auth.ILoginContext; +import org.argeo.cms.CmsException; +import org.argeo.cms.auth.AuthConstants; import org.eclipse.rap.rwt.RWT; -import org.eclipse.rap.rwt.application.IEntryPoint; +import org.eclipse.rap.rwt.application.EntryPoint; import org.eclipse.swt.widgets.Display; import org.eclipse.ui.PlatformUI; @@ -33,39 +34,33 @@ import org.eclipse.ui.PlatformUI; * RAP entry point which authenticates the subject as anonymous, for public * unauthenticated access. */ -public class AnonymousEntryPoint implements IEntryPoint { +public class AnonymousEntryPoint implements EntryPoint { private final static Log log = LogFactory.getLog(AnonymousEntryPoint.class); /** * How many seconds to wait before invalidating the session if the user has * not yet logged in. */ - private Integer loginTimeout = 1 * 60; - private Integer sessionTimeout = 15 * 60; + private Integer sessionTimeout = 5 * 60; @Override public int createUI() { - // Short login timeout so that the modal dialog login doesn't hang - // around too long - RWT.getRequest().getSession().setMaxInactiveInterval(loginTimeout); + RWT.getRequest().getSession().setMaxInactiveInterval(sessionTimeout); - if (log.isDebugEnabled()) - log.debug("Anonymous THREAD=" + Thread.currentThread().getId() - + ", sessionStore=" + RWT.getSessionStore().getId()); + // if (log.isDebugEnabled()) + // log.debug("Anonymous THREAD=" + Thread.currentThread().getId() + // + ", sessionStore=" + RWT.getSessionStore().getId()); - // create display final Display display = PlatformUI.createDisplay(); + Subject subject = new Subject(); - // log in - final ILoginContext loginContext = SecureRapActivator - .createLoginContext(SecureRapActivator.CONTEXT_SPRING_ANONYMOUS); - Subject subject = null; + final LoginContext loginContext; try { + loginContext = new LoginContext(AuthConstants.LOGIN_CONTEXT_ANONYMOUS, + subject); loginContext.login(); - subject = loginContext.getSubject(); - } catch (LoginException e) { - throw new ArgeoException( - "Unexpected exception during authentication", e); + } catch (LoginException e1) { + throw new CmsException("Cannot initialize login context", e1); } // identify after successful login @@ -74,9 +69,6 @@ public class AnonymousEntryPoint implements IEntryPoint { final String username = subject.getPrincipals().iterator().next() .getName(); - // Once the user is logged in, she can have a longer session timeout - RWT.getRequest().getSession().setMaxInactiveInterval(sessionTimeout); - // Logout callback when the display is disposed display.disposeExec(new Runnable() { public void run() { @@ -100,15 +92,17 @@ public class AnonymousEntryPoint implements IEntryPoint { } }); logout(loginContext, username); + if (log.isTraceEnabled()) + log.trace("Return code " + returnCode); } finally { display.dispose(); } - return returnCode; + return 1; } - private void logout(ILoginContext secureContext, String username) { + private void logout(LoginContext loginContext, String username) { try { - secureContext.logout(); + loginContext.logout(); log.info("Logged out " + (username != null ? username : "") + " (THREAD=" + Thread.currentThread().getId() + ")"); } catch (LoginException e) {