X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=security%2Fplugins%2Forg.argeo.security.ui.rap%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fsecurity%2Fui%2Frap%2FSecureEntryPoint.java;h=2339716874598d0d142b9431ba91e7a45afbdc8f;hb=99570bdddb84df8f6279e9a7eabe4c930d29b5d1;hp=e2febf0aeb9033ce74f09b33e8f1f1cf53cd8e6d;hpb=041234a54c1b98bcba16e359c4c4905c4eed1768;p=lgpl%2Fargeo-commons.git diff --git a/security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/SecureEntryPoint.java b/security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/SecureEntryPoint.java index e2febf0ae..233971687 100644 --- a/security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/SecureEntryPoint.java +++ b/security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/SecureEntryPoint.java @@ -1,9 +1,26 @@ +/* + * Copyright (C) 2007-2012 Mathieu Baudier + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package org.argeo.security.ui.rap; import java.security.PrivilegedAction; import javax.security.auth.Subject; import javax.security.auth.login.LoginException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpSession; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -16,6 +33,8 @@ import org.eclipse.rwt.lifecycle.IEntryPoint; import org.eclipse.swt.widgets.Display; import org.eclipse.ui.PlatformUI; import org.springframework.security.BadCredentialsException; +import org.springframework.security.context.SecurityContext; +import org.springframework.security.context.SecurityContextHolder; /** * RAP entry point with login capabilities. Once the user has been @@ -25,6 +44,12 @@ import org.springframework.security.BadCredentialsException; public class SecureEntryPoint implements IEntryPoint { private final static Log log = LogFactory.getLog(SecureEntryPoint.class); + /** + * From org.springframework.security.context. + * HttpSessionContextIntegrationFilter + */ + protected static final String SPRING_SECURITY_CONTEXT_KEY = "SPRING_SECURITY_CONTEXT"; + /** * How many seconds to wait before invalidating the session if the user has * not yet logged in. @@ -34,15 +59,29 @@ public class SecureEntryPoint implements IEntryPoint { /** Default session timeout is 8 hours (European working day length) */ private Integer sessionTimeout = 8 * 60 * 60; + /** Override to provide an application specific workbench advisor */ + protected RapWorkbenchAdvisor createRapWorkbenchAdvisor(String username) { + return new RapWorkbenchAdvisor(username); + } + @Override - public int createUI() { + public final int createUI() { // Short login timeout so that the modal dialog login doesn't hang // around too long RWT.getRequest().getSession().setMaxInactiveInterval(loginTimeout); + HttpServletRequest httpRequest = RWT.getRequest(); + HttpSession httpSession = httpRequest.getSession(); + Object contextFromSessionObject = httpSession + .getAttribute(SPRING_SECURITY_CONTEXT_KEY); + if (contextFromSessionObject != null) + SecurityContextHolder + .setContext((SecurityContext) contextFromSessionObject); + if (log.isDebugEnabled()) log.debug("THREAD=" + Thread.currentThread().getId() - + ", sessionStore=" + RWT.getSessionStore().getId()); + + ", sessionStore=" + RWT.getSessionStore().getId() + + ", remote user=" + httpRequest.getRemoteUser()); // create display final Display display = PlatformUI.createDisplay(); @@ -55,6 +94,17 @@ public class SecureEntryPoint implements IEntryPoint { try { loginContext.login(); subject = loginContext.getSubject(); + + if (httpSession.getAttribute(SPRING_SECURITY_CONTEXT_KEY) == null) + httpSession.setAttribute(SPRING_SECURITY_CONTEXT_KEY, + SecurityContextHolder.getContext()); + + // Once the user is logged in, she can have a longer session + // timeout + RWT.getRequest().getSession() + .setMaxInactiveInterval(sessionTimeout); + if (log.isDebugEnabled()) + log.debug("Authenticated " + subject); } catch (LoginException e) { BadCredentialsException bce = wasCausedByBadCredentials(e); if (bce != null) { @@ -67,11 +117,6 @@ public class SecureEntryPoint implements IEntryPoint { } } - // Once the user is logged in, she can have a longer session timeout - RWT.getRequest().getSession().setMaxInactiveInterval(sessionTimeout); - if (log.isDebugEnabled()) - log.debug("Authenticated " + subject); - final String username = subject.getPrincipals().iterator().next() .getName(); // Logout callback when the display is disposed @@ -89,14 +134,13 @@ public class SecureEntryPoint implements IEntryPoint { try { returnCode = Subject.doAs(subject, new PrivilegedAction() { public Integer run() { - RapWorkbenchAdvisor workbenchAdvisor = new RapWorkbenchAdvisor( - username); + RapWorkbenchAdvisor workbenchAdvisor = createRapWorkbenchAdvisor(username); int result = PlatformUI.createAndRunWorkbench(display, workbenchAdvisor); return new Integer(result); } }); - logout(loginContext, username); + //logout(loginContext, username); } finally { display.dispose(); } @@ -150,6 +194,11 @@ public class SecureEntryPoint implements IEntryPoint { protected void logout(ILoginContext secureContext, String username) { try { + HttpServletRequest httpRequest = RWT.getRequest(); + HttpSession httpSession = httpRequest.getSession(); + httpSession.setAttribute(SPRING_SECURITY_CONTEXT_KEY, null); + RWT.getRequest().getSession().setMaxInactiveInterval(1); + SecurityContextHolder.clearContext(); secureContext.logout(); log.info("Logged out " + (username != null ? username : "") + " (THREAD=" + Thread.currentThread().getId() + ")");