From: Mathieu Baudier <mbaudier@argeo.org>
Date: Wed, 25 Feb 2015 21:02:27 +0000 (+0000)
Subject: Workbench anonymous entry point
X-Git-Tag: argeo-commons-2.1.30~316
X-Git-Url: http://git.argeo.org/?a=commitdiff_plain;h=0c5fb19fc8447577255071899e445329da8be5e7;p=lgpl%2Fargeo-commons.git

Workbench anonymous entry point

git-svn-id: https://svn.argeo.org/commons/trunk@7964 4cfe0d0a-d680-48aa-b62c-e0a02a3f76cc
---

diff --git a/org.argeo.cms/src/org/argeo/cms/auth/ArgeoLoginContext.java b/org.argeo.cms/src/org/argeo/cms/auth/ArgeoLoginContext.java
index 3a536672a..1a0648655 100644
--- a/org.argeo.cms/src/org/argeo/cms/auth/ArgeoLoginContext.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/ArgeoLoginContext.java
@@ -28,6 +28,15 @@ public class ArgeoLoginContext extends LoginContext {
 		currentContextClassLoader.remove();
 	}
 
+	public ArgeoLoginContext(String name, Subject subject)
+			throws LoginException {
+		super(setContextClassLoaderForName(name), subject);
+		// reset current context classloader
+		Thread.currentThread().setContextClassLoader(
+				currentContextClassLoader.get());
+		currentContextClassLoader.remove();
+	}
+
 	/**
 	 * Set the context classloader
 	 * 
diff --git a/org.argeo.cms/src/org/argeo/cms/internal/auth/AbstractLoginModule.java b/org.argeo.cms/src/org/argeo/cms/internal/auth/AbstractLoginModule.java
index 77f0d165a..427ec8318 100644
--- a/org.argeo.cms/src/org/argeo/cms/internal/auth/AbstractLoginModule.java
+++ b/org.argeo.cms/src/org/argeo/cms/internal/auth/AbstractLoginModule.java
@@ -80,8 +80,8 @@ public abstract class AbstractLoginModule implements LoginModule {
 				return true;
 			}
 
-			if (callbackHandler == null)
-				throw new LoginException("No callback handler available");
+			// if (callbackHandler == null)
+			// throw new LoginException("No callback handler available");
 
 			authentication = processLogin(callbackHandler);
 			if (authentication != null) {
diff --git a/org.argeo.cms/src/org/argeo/cms/internal/auth/AnonymousLoginModule.java b/org.argeo.cms/src/org/argeo/cms/internal/auth/AnonymousLoginModule.java
index 372f27e60..855524961 100644
--- a/org.argeo.cms/src/org/argeo/cms/internal/auth/AnonymousLoginModule.java
+++ b/org.argeo.cms/src/org/argeo/cms/internal/auth/AnonymousLoginModule.java
@@ -43,19 +43,22 @@ public class AnonymousLoginModule extends AbstractLoginModule {
 			InterruptedException {
 		Locale selectedLocale = null;
 		// multi locale
-		if (availableLocales != null && !availableLocales.trim().equals("")) {
-			LocaleCallback localeCallback = new LocaleCallback(availableLocales);
-			callbackHandler.handle(new Callback[] { localeCallback });
-			selectedLocale = localeCallback.getSelectedLocale();
-		} else {
-			callbackHandler.handle(new Callback[] {});
-		}
+		if (callbackHandler != null)
+			if (availableLocales != null && !availableLocales.trim().equals("")) {
+				LocaleCallback localeCallback = new LocaleCallback(
+						availableLocales);
+				callbackHandler.handle(new Callback[] { localeCallback });
+				selectedLocale = localeCallback.getSelectedLocale();
+			} else {
+				callbackHandler.handle(new Callback[] {});
+			}
 
 		List<GrantedAuthorityPrincipal> authorities = Collections
 				.singletonList(new GrantedAuthorityPrincipal(
 						KernelHeader.ROLE_ANONYMOUS));
 		AnonymousAuthenticationToken anonymousToken = new AnonymousAuthenticationToken(
-				Activator.getSystemKey(), null, authorities);
+				Activator.getSystemKey(), KernelHeader.USERNAME_ANONYMOUS,
+				authorities);
 
 		Authentication auth = getAuthenticationManager().authenticate(
 				anonymousToken);
diff --git a/org.argeo.security.ui.rap/plugin.xml b/org.argeo.security.ui.rap/plugin.xml
index f42eb1a5c..84df522b0 100644
--- a/org.argeo.security.ui.rap/plugin.xml
+++ b/org.argeo.security.ui.rap/plugin.xml
@@ -9,29 +9,12 @@
             path="/node"
             brandingId="org.argeo.security.ui.rap.defaultBranding">
       </entrypoint>
-      <entrypoint
-            id="org.argeo.security.ui.rap.secureEntryPoint"
-            class="org.argeo.security.ui.rap.SecureEntryPoint"
-            path="/secureWebUi"
-            brandingId="org.argeo.security.ui.rap.defaultBranding">
-      </entrypoint>
       <entrypoint
             id="org.argeo.security.ui.rap.anonymousEntryPoint"
             class="org.argeo.security.ui.rap.AnonymousEntryPoint"
-            path="/publicWebUi"
+            path="/public"
             brandingId="org.argeo.security.ui.rap.defaultBranding">
       </entrypoint>
-    <!--   <entrypoint
-            id="org.argeo.security.ui.rap.logoutEntryPoint"
-            class="org.argeo.security.ui.rap.LogoutEntryPoint"
-            path="/logout"
-            brandingId="org.argeo.security.ui.rap.logoutBranding">
-      </entrypoint> -->
-      <entrypoint
-            id="org.argeo.security.ui.rap.nullEntryPoint"
-            class="org.argeo.security.ui.rap.NullEntryPoint"
-            path="/nullEP">
-      </entrypoint>
    </extension>
 
 	<!-- COMMANDS --> 
diff --git a/org.argeo.security.ui.rap/src/org/argeo/security/ui/rap/AnonymousEntryPoint.java b/org.argeo.security.ui.rap/src/org/argeo/security/ui/rap/AnonymousEntryPoint.java
index ac0007acf..99536faa1 100644
--- a/org.argeo.security.ui.rap/src/org/argeo/security/ui/rap/AnonymousEntryPoint.java
+++ b/org.argeo.security.ui.rap/src/org/argeo/security/ui/rap/AnonymousEntryPoint.java
@@ -15,93 +15,99 @@
  */
 package org.argeo.security.ui.rap;
 
+import java.security.PrivilegedAction;
+
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.argeo.ArgeoException;
+import org.argeo.cms.KernelHeader;
+import org.argeo.cms.auth.ArgeoLoginContext;
 import org.eclipse.rap.rwt.RWT;
 import org.eclipse.rap.rwt.application.EntryPoint;
+import org.eclipse.swt.widgets.Display;
+import org.eclipse.ui.PlatformUI;
 
 /**
  * RAP entry point which authenticates the subject as anonymous, for public
  * unauthenticated access.
  */
 public class AnonymousEntryPoint implements EntryPoint {
-	// private final static Log log =
-	// LogFactory.getLog(AnonymousEntryPoint.class);
+	private final static Log log = LogFactory.getLog(AnonymousEntryPoint.class);
 
 	/**
 	 * How many seconds to wait before invalidating the session if the user has
 	 * not yet logged in.
 	 */
-	private Integer loginTimeout = 1 * 60;
+	private Integer sessionTimeout = 5 * 60;
 
 	@Override
 	public int createUI() {
-		// Short login timeout so that the modal dialog login doesn't hang
-		// around too long
-		RWT.getRequest().getSession().setMaxInactiveInterval(loginTimeout);
+		RWT.getRequest().getSession().setMaxInactiveInterval(sessionTimeout);
 
 		// if (log.isDebugEnabled())
 		// log.debug("Anonymous THREAD=" + Thread.currentThread().getId()
 		// + ", sessionStore=" + RWT.getSessionStore().getId());
 
-		// create display
-		// final Display display = PlatformUI.createDisplay();
+		final Display display = PlatformUI.createDisplay();
+		Subject subject = new Subject();
+
+		final LoginContext loginContext;
+		try {
+			loginContext = new ArgeoLoginContext(
+					KernelHeader.LOGIN_CONTEXT_ANONYMOUS, subject);
+			loginContext.login();
+		} catch (LoginException e1) {
+			throw new ArgeoException("Cannot initialize login context", e1);
+		}
+
+		// identify after successful login
+		if (log.isDebugEnabled())
+			log.debug("Authenticated " + subject);
+		final String username = subject.getPrincipals().iterator().next()
+				.getName();
+
+		// Logout callback when the display is disposed
+		display.disposeExec(new Runnable() {
+			public void run() {
+				log.debug("Display disposed");
+				logout(loginContext, username);
+			}
+		});
 
-		// log in
-		// final ILoginContext loginContext = SecureRapActivator
-		// .createLoginContext(SecureRapActivator.CONTEXT_SPRING_ANONYMOUS);
-		// Subject subject = null;
-		// try {
-		// loginContext.login();
-		// subject = loginContext.getSubject();
-		// } catch (LoginException e) {
-		// throw new ArgeoException(
-		// "Unexpected exception during authentication", e);
-		// }
-		//
-		// // identify after successful login
-		// if (log.isDebugEnabled())
-		// log.debug("Authenticated " + subject);
-		// final String username = subject.getPrincipals().iterator().next()
-		// .getName();
-		//
-		// // Once the user is logged in, she can have a longer session timeout
-		// RWT.getRequest().getSession().setMaxInactiveInterval(sessionTimeout);
 		//
-		// // Logout callback when the display is disposed
-		// display.disposeExec(new Runnable() {
-		// public void run() {
-		// log.debug("Display disposed");
-		// logout(loginContext, username);
-		// }
-		// });
+		// RUN THE WORKBENCH
 		//
-		// //
-		// // RUN THE WORKBENCH
-		// //
-		// Integer returnCode = null;
-		// try {
-		// returnCode = Subject.doAs(subject, new PrivilegedAction<Integer>() {
-		// public Integer run() {
-		// RapWorkbenchAdvisor workbenchAdvisor = new RapWorkbenchAdvisor(
-		// null);
-		// int result = PlatformUI.createAndRunWorkbench(display,
-		// workbenchAdvisor);
-		// return new Integer(result);
-		// }
-		// });
-		// logout(loginContext, username);
-		// } finally {
-		// display.dispose();
-		// }
+		Integer returnCode = null;
+		try {
+			returnCode = Subject.doAs(subject, new PrivilegedAction<Integer>() {
+				public Integer run() {
+					RapWorkbenchAdvisor workbenchAdvisor = new RapWorkbenchAdvisor(
+							null);
+					int result = PlatformUI.createAndRunWorkbench(display,
+							workbenchAdvisor);
+					return new Integer(result);
+				}
+			});
+			logout(loginContext, username);
+			if (log.isTraceEnabled())
+				log.trace("Return code " + returnCode);
+		} finally {
+			display.dispose();
+		}
 		return 1;
 	}
 
-	// private void logout(ILoginContext secureContext, String username) {
-	// try {
-	// secureContext.logout();
-	// log.info("Logged out " + (username != null ? username : "")
-	// + " (THREAD=" + Thread.currentThread().getId() + ")");
-	// } catch (LoginException e) {
-	// log.error("Erorr when logging out", e);
-	// }
-	// }
+	private void logout(LoginContext loginContext, String username) {
+		try {
+			loginContext.logout();
+			log.info("Logged out " + (username != null ? username : "")
+					+ " (THREAD=" + Thread.currentThread().getId() + ")");
+		} catch (LoginException e) {
+			log.error("Erorr when logging out", e);
+		}
+	}
 }
diff --git a/org.argeo.security.ui.rap/src/org/argeo/security/ui/rap/SecureEntryPoint.java b/org.argeo.security.ui.rap/src/org/argeo/security/ui/rap/SecureEntryPoint.java
index 7f92ab7cb..67e76ceae 100644
--- a/org.argeo.security.ui.rap/src/org/argeo/security/ui/rap/SecureEntryPoint.java
+++ b/org.argeo.security.ui.rap/src/org/argeo/security/ui/rap/SecureEntryPoint.java
@@ -86,18 +86,9 @@ public class SecureEntryPoint implements EntryPoint {
 			SecurityContextHolder
 					.setContext((SecurityContext) contextFromSessionObject);
 
-		// if (log.isDebugEnabled())
-		// log.debug("THREAD=" + Thread.currentThread().getId()
-		// + ", sessionStore=" + RWT.getSessionStore().getId()
-		// + ", remote user=" + httpRequest.getRemoteUser());
-
-		// create display
 		final Display display = PlatformUI.createDisplay();
 		Subject subject = new Subject();
 
-		// log in
-		// Thread.currentThread().setContextClassLoader(
-		// getClass().getClassLoader());
 		final LoginContext loginContext;
 		try {
 			CallbackHandler callbackHandler = new DefaultLoginDialog(
@@ -111,10 +102,6 @@ public class SecureEntryPoint implements EntryPoint {
 		tryLogin: while (subject.getPrincipals(Authentication.class).size() == 0) {
 			try {
 				loginContext.login();
-				// if () {
-				// throw new ArgeoException("Login failed");
-				// }
-
 				if (subject.getPrincipals(Authentication.class).size() == 0)
 					throw new ArgeoException("Login succeeded but no auth");// fatal
 
@@ -122,12 +109,13 @@ public class SecureEntryPoint implements EntryPoint {
 				if (httpSession.getAttribute(SPRING_SECURITY_CONTEXT_KEY) == null)
 					httpSession.setAttribute(SPRING_SECURITY_CONTEXT_KEY,
 							SecurityContextHolder.getContext());
+
 				// add thread locale to RWT session
 				if (log.isTraceEnabled())
 					log.trace("Locale " + LocaleUtils.threadLocale.get());
 				RWT.setLocale(LocaleUtils.threadLocale.get());
 
-				// Once the user is logged in, longer session timeout
+				// once the user is logged in, longer session timeout
 				RWT.getRequest().getSession()
 						.setMaxInactiveInterval(sessionTimeout);
 
diff --git a/org.argeo.security.ui/plugin.xml b/org.argeo.security.ui/plugin.xml
index 7d18541af..a1e1e9bdf 100644
--- a/org.argeo.security.ui/plugin.xml
+++ b/org.argeo.security.ui/plugin.xml
@@ -52,6 +52,18 @@
    </extension>
   <extension
            point="org.eclipse.ui.activities">
+        <activity
+              description="Authenticated users"
+              id="org.argeo.security.ui.userActivity"
+              name="User">
+		  <enabledWhen>
+		    <with variable="roles">
+		      <iterate ifEmpty="false" operator="or">
+		        <equals value="ROLE_USER" />
+		      </iterate>
+		    </with>
+		  </enabledWhen>
+        </activity>
         <activity
               description="Admins"
               id="org.argeo.security.ui.adminActivity"
@@ -126,5 +138,15 @@
               isEqualityPattern="true"
               pattern="org.argeo.security.ui/org.argeo.security.ui.adminLogView">
         </activityPatternBinding>
+        <activityPatternBinding
+              activityId="org.argeo.security.ui.userActivity"
+              isEqualityPattern="true"
+              pattern="org.argeo.security.ui/org.argeo.security.ui.userHomePerspective">
+        </activityPatternBinding>
+        <activityPatternBinding
+              activityId="org.argeo.security.ui.userActivity"
+              isEqualityPattern="true"
+              pattern="org.argeo.security.ui/org.argeo.security.ui.userProfile">
+        </activityPatternBinding>
      </extension>
  </plugin>