X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.security.ui.rap%2Fsrc%2Forg%2Fargeo%2Fsecurity%2Fui%2Frap%2FSecureEntryPoint.java;h=6a582f83f75e948dc60b8fb9680e3aa9b49033a4;hb=94114b7d025df8452c96a23554ec96c32e6c459b;hp=48d33d2d4b68bb30efc663410b72e100e5b716d3;hpb=ff718212e89b0ea05087aabe147859efedf186f9;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.security.ui.rap/src/org/argeo/security/ui/rap/SecureEntryPoint.java b/org.argeo.security.ui.rap/src/org/argeo/security/ui/rap/SecureEntryPoint.java index 48d33d2d4..6a582f83f 100644 --- a/org.argeo.security.ui.rap/src/org/argeo/security/ui/rap/SecureEntryPoint.java +++ b/org.argeo.security.ui.rap/src/org/argeo/security/ui/rap/SecureEntryPoint.java @@ -15,7 +15,7 @@ */ package org.argeo.security.ui.rap; -import static org.argeo.cms.KernelHeader.ACCESS_CONTROL_CONTEXT; +import static org.argeo.cms.auth.AuthConstants.ACCESS_CONTROL_CONTEXT; import java.security.AccessControlContext; import java.security.AccessController; @@ -23,7 +23,7 @@ import java.security.PrivilegedAction; import javax.security.auth.Subject; import javax.security.auth.callback.CallbackHandler; -import javax.security.auth.login.CredentialNotFoundException; +import javax.security.auth.login.FailedLoginException; import javax.security.auth.login.LoginContext; import javax.security.auth.login.LoginException; import javax.security.auth.x500.X500Principal; @@ -33,8 +33,7 @@ import javax.servlet.http.HttpSession; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.argeo.ArgeoException; -import org.argeo.cms.KernelHeader; -import org.argeo.cms.auth.ArgeoLoginContext; +import org.argeo.cms.auth.AuthConstants; import org.argeo.cms.widgets.auth.DefaultLoginDialog; import org.argeo.eclipse.ui.dialogs.ErrorFeedback; import org.argeo.util.LocaleUtils; @@ -43,7 +42,6 @@ import org.eclipse.rap.rwt.RWT; import org.eclipse.rap.rwt.application.EntryPoint; import org.eclipse.swt.widgets.Display; import org.eclipse.ui.PlatformUI; -import org.springframework.security.authentication.BadCredentialsException; /** * RAP entry point with login capabilities. Once the user has been @@ -79,10 +77,12 @@ public class SecureEntryPoint implements EntryPoint { HttpServletRequest httpRequest = RWT.getRequest(); final HttpSession httpSession = httpRequest.getSession(); AccessControlContext acc = (AccessControlContext) httpSession - .getAttribute(KernelHeader.ACCESS_CONTROL_CONTEXT); + .getAttribute(AuthConstants.ACCESS_CONTROL_CONTEXT); final Subject subject; - if (acc != null) { + if (acc != null + && Subject.getSubject(acc).getPrincipals(X500Principal.class) + .size() == 1) { subject = Subject.getSubject(acc); } else { subject = new Subject(); @@ -91,8 +91,8 @@ public class SecureEntryPoint implements EntryPoint { try { CallbackHandler callbackHandler = new DefaultLoginDialog( display.getActiveShell()); - loginContext = new ArgeoLoginContext( - KernelHeader.LOGIN_CONTEXT_USER, subject, + loginContext = new LoginContext( + AuthConstants.LOGIN_CONTEXT_USER, subject, callbackHandler); } catch (LoginException e1) { throw new ArgeoException("Cannot initialize login context", e1); @@ -115,14 +115,12 @@ public class SecureEntryPoint implements EntryPoint { if (log.isDebugEnabled()) log.debug("Authenticated " + subject); + } catch (FailedLoginException e) { + MessageDialog.openInformation(display.getActiveShell(), + "Bad Credentials", e.getMessage()); + // retry login + continue tryLogin; } catch (LoginException e) { - BadCredentialsException bce = wasCausedByBadCredentials(e); - if (bce != null) { - MessageDialog.openInformation(display.getActiveShell(), - "Bad Credentials", bce.getMessage()); - // retry login - continue tryLogin; - } return processLoginDeath(display, e); } } @@ -135,8 +133,8 @@ public class SecureEntryPoint implements EntryPoint { if (log.isTraceEnabled()) log.trace("Display disposed"); try { - LoginContext loginContext = new ArgeoLoginContext( - KernelHeader.LOGIN_CONTEXT_USER, subject); + LoginContext loginContext = new LoginContext( + AuthConstants.LOGIN_CONTEXT_USER, subject); loginContext.logout(); } catch (LoginException e) { log.error("Error when logging out", e); @@ -190,20 +188,6 @@ public class SecureEntryPoint implements EntryPoint { } - /** Recursively look for {@link BadCredentialsException} in the root causes. */ - private BadCredentialsException wasCausedByBadCredentials(Throwable t) { - if (t instanceof BadCredentialsException) - return (BadCredentialsException) t; - - if (t instanceof CredentialNotFoundException) - return new BadCredentialsException("Login canceled"); - - if (t.getCause() != null) - return wasCausedByBadCredentials(t.getCause()); - else - return null; - } - /** * If there is a {@link ThreadDeath} in the root causes, rethrow it * (important for RAP cleaning mechanism) @@ -220,8 +204,8 @@ public class SecureEntryPoint implements EntryPoint { private void fullLogout(Subject subject, String username) { try { - LoginContext loginContext = new ArgeoLoginContext( - KernelHeader.LOGIN_CONTEXT_USER, subject); + LoginContext loginContext = new LoginContext( + AuthConstants.LOGIN_CONTEXT_USER, subject); loginContext.logout(); HttpServletRequest httpRequest = RWT.getRequest(); HttpSession httpSession = httpRequest.getSession();