From: Mathieu Baudier Date: Wed, 28 Jan 2015 12:58:44 +0000 (+0000) Subject: Restore all Workbench login features X-Git-Tag: argeo-commons-2.1.30~424 X-Git-Url: http://git.argeo.org/?a=commitdiff_plain;h=f43474c6e6416f35089d5e59332b8578efd3ac32;p=lgpl%2Fargeo-commons.git Restore all Workbench login features git-svn-id: https://svn.argeo.org/commons/trunk@7719 4cfe0d0a-d680-48aa-b62c-e0a02a3f76cc --- diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/SpringLoginModule.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/SpringLoginModule.java index d2e5bceb6..f3e0b608c 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/SpringLoginModule.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/SpringLoginModule.java @@ -42,7 +42,7 @@ import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.context.SecurityContextHolder; /** Login module which caches one subject per thread. */ -public class SpringLoginModule extends SecurityContextLoginModule { +class SpringLoginModule extends SecurityContextLoginModule { final static String NODE_REPO_URI = "argeo.node.repo.uri"; private final static Log log = LogFactory.getLog(SpringLoginModule.class); @@ -78,8 +78,21 @@ public class SpringLoginModule extends SecurityContextLoginModule { public boolean login() throws LoginException { try { // thread already logged in - if (SecurityContextHolder.getContext().getAuthentication() != null) + Authentication currentAuth = SecurityContextHolder.getContext() + .getAuthentication(); + if (currentAuth != null) { + if (subject.getPrincipals(Authentication.class).size() == 0) { + subject.getPrincipals().add(currentAuth); + } else { + Authentication principal = subject + .getPrincipals(Authentication.class).iterator() + .next(); + if (principal != currentAuth) + throw new LoginException( + "Already authenticated with a different auth"); + } return super.login(); + } if (remote && anonymous) throw new LoginException( diff --git a/org.argeo.security.ui.rap/src/org/argeo/security/ui/rap/SecureEntryPoint.java b/org.argeo.security.ui.rap/src/org/argeo/security/ui/rap/SecureEntryPoint.java index 503e2746c..0354070a9 100644 --- a/org.argeo.security.ui.rap/src/org/argeo/security/ui/rap/SecureEntryPoint.java +++ b/org.argeo.security.ui.rap/src/org/argeo/security/ui/rap/SecureEntryPoint.java @@ -28,13 +28,16 @@ import org.apache.commons.logging.LogFactory; import org.argeo.ArgeoException; import org.argeo.eclipse.ui.workbench.ErrorFeedback; import org.argeo.security.ui.dialogs.DefaultLoginDialog; +import org.argeo.util.LocaleUtils; import org.eclipse.equinox.security.auth.ILoginContext; +import org.eclipse.jface.dialogs.MessageDialog; import org.eclipse.rap.rwt.RWT; import org.eclipse.rap.rwt.application.EntryPoint; import org.eclipse.swt.widgets.Display; import org.eclipse.ui.PlatformUI; import org.osgi.framework.BundleContext; import org.springframework.security.authentication.BadCredentialsException; +import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContext; import org.springframework.security.core.context.SecurityContextHolder; @@ -96,49 +99,43 @@ public class SecureEntryPoint implements EntryPoint { .getServiceReference(LoginModule.class)); loginModule.initialize(subject, new DefaultLoginDialog(display.getActiveShell()), null, null); - try { - if (!loginModule.login()) { - throw new ArgeoException("Login failed"); + tryLogin: while (subject.getPrincipals(Authentication.class).size() == 0) { + try { + if (!loginModule.login()) { + throw new ArgeoException("Login failed"); + } + + if (subject.getPrincipals(Authentication.class).size() == 0) + throw new ArgeoException("Login succeeded but no auth");// fatal + + // add security context to session + if (httpSession.getAttribute(SPRING_SECURITY_CONTEXT_KEY) == null) + httpSession.setAttribute(SPRING_SECURITY_CONTEXT_KEY, + SecurityContextHolder.getContext()); + // add thread locale to RWT session + log.info("Locale "+LocaleUtils.threadLocale.get()); + RWT.setLocale(LocaleUtils.threadLocale.get()); + + // Once the user is logged in, longer session timeout + RWT.getRequest().getSession() + .setMaxInactiveInterval(sessionTimeout); + + if (log.isDebugEnabled()) + log.debug("Authenticated " + subject); + } catch (LoginException e) { + BadCredentialsException bce = wasCausedByBadCredentials(e); + if (bce != null) { + MessageDialog.openInformation(display.getActiveShell(), + "Bad Credentials", bce.getMessage()); + // retry login + continue tryLogin; + } + return processLoginDeath(display, e); } - } catch (LoginException e1) { - throw new ArgeoException("Login failed", e1); } - // final ILoginContext loginContext = SecureRapActivator - // .createLoginContext(SecureRapActivator.CONTEXT_SPRING); - // tryLogin: while (subject == null && !display.isDisposed()) { - // try { - // loginContext.login(); - // subject = loginContext.getSubject(); - // - // // add security context to session - // if (httpSession.getAttribute(SPRING_SECURITY_CONTEXT_KEY) == null) - // httpSession.setAttribute(SPRING_SECURITY_CONTEXT_KEY, - // SecurityContextHolder.getContext()); - // // add thread locale to RWT session - // log.info("Locale " + LocaleUtils.threadLocale.get()); - // RWT.setLocale(LocaleUtils.threadLocale.get()); - // - // // Once the user is logged in, she can have a longer session - // // timeout - // RWT.getRequest().getSession() - // .setMaxInactiveInterval(sessionTimeout); - // if (log.isDebugEnabled()) - // log.debug("Authenticated " + subject); - // } catch (LoginException e) { - // BadCredentialsException bce = wasCausedByBadCredentials(e); - // if (bce != null) { - // MessageDialog.openInformation(display.getActiveShell(), - // "Bad Credentials", bce.getMessage()); - // // retry login - // continue tryLogin; - // } - // return processLoginDeath(display, e); - // } - // } - - final String username = subject.getPrincipals().iterator().next() - .getName(); + final String username = subject.getPrincipals(Authentication.class) + .iterator().next().getName(); // Logout callback when the display is disposed display.disposeExec(new Runnable() { public void run() {