From 18c2b586c244d4e0642067c10eb965ac35cb3bd5 Mon Sep 17 00:00:00 2001 From: Mathieu Baudier Date: Wed, 25 Feb 2015 22:30:39 +0000 Subject: [PATCH] Fix web login git-svn-id: https://svn.argeo.org/commons/trunk@7966 4cfe0d0a-d680-48aa-b62c-e0a02a3f76cc --- org.argeo.cms/src/org/argeo/cms/CmsLogin.java | 49 ++++++++----------- 1 file changed, 20 insertions(+), 29 deletions(-) diff --git a/org.argeo.cms/src/org/argeo/cms/CmsLogin.java b/org.argeo.cms/src/org/argeo/cms/CmsLogin.java index d93a95225..0919ee9c9 100644 --- a/org.argeo.cms/src/org/argeo/cms/CmsLogin.java +++ b/org.argeo.cms/src/org/argeo/cms/CmsLogin.java @@ -2,52 +2,43 @@ package org.argeo.cms; import static org.argeo.cms.internal.kernel.KernelConstants.SPRING_SECURITY_CONTEXT_KEY; -import java.util.Collections; -import java.util.List; - +import javax.security.auth.Subject; +import javax.security.auth.login.LoginContext; +import javax.security.auth.login.LoginException; import javax.servlet.http.HttpSession; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.argeo.cms.internal.kernel.KernelConstants; +import org.argeo.ArgeoException; +import org.argeo.cms.auth.ArgeoLoginContext; +import org.argeo.security.NodeAuthenticationToken; import org.eclipse.rap.rwt.RWT; -import org.springframework.security.authentication.AnonymousAuthenticationToken; import org.springframework.security.authentication.AuthenticationManager; -import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; -import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.security.core.userdetails.User; -import org.springframework.security.core.userdetails.UserDetails; /** Gateway for user login, can also generate the related UI. */ public class CmsLogin { private final static Log log = LogFactory.getLog(CmsLogin.class); private AuthenticationManager authenticationManager; - private String systemKey = KernelConstants.DEFAULT_SECURITY_KEY; + + // private String systemKey = KernelConstants.DEFAULT_SECURITY_KEY; public void logInAsAnonymous() { - // TODO Better deal with anonymous authentication + Subject subject = new Subject(); + final LoginContext loginContext; try { - List anonAuthorities = Collections - .singletonList(new SimpleGrantedAuthority( - KernelHeader.USERNAME_ANONYMOUS)); - UserDetails anonUser = new User("anonymous", "", true, true, true, - true, anonAuthorities); - AnonymousAuthenticationToken anonToken = new AnonymousAuthenticationToken( - systemKey, anonUser, anonAuthorities); - Authentication authentication = authenticationManager - .authenticate(anonToken); - SecurityContextHolder.getContext() - .setAuthentication(authentication); - } catch (Exception e) { - throw new CmsException("Cannot authenticate", e); + loginContext = new ArgeoLoginContext( + KernelHeader.LOGIN_CONTEXT_ANONYMOUS, subject); + loginContext.login(); + } catch (LoginException e1) { + throw new ArgeoException("Cannot authenticate anonymous", e1); } } public void logInWithPassword(String username, char[] password) { - UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken( - username, password); + NodeAuthenticationToken token = new NodeAuthenticationToken(username, + password); Authentication authentication = authenticationManager .authenticate(token); SecurityContextHolder.getContext().setAuthentication(authentication); @@ -63,8 +54,8 @@ public class CmsLogin { this.authenticationManager = authenticationManager; } - public void setSystemKey(String systemKey) { - this.systemKey = systemKey; - } + // public void setSystemKey(String systemKey) { + // this.systemKey = systemKey; + // } } -- 2.30.2