From a1459a7133e6f81f7fc632030ae1d7f93ac6639c Mon Sep 17 00:00:00 2001 From: Mathieu Baudier Date: Wed, 28 Jan 2015 13:51:49 +0000 Subject: [PATCH] Fix issue with explicite logout git-svn-id: https://svn.argeo.org/commons/trunk@7720 4cfe0d0a-d680-48aa-b62c-e0a02a3f76cc --- .../security/ui/rap/AnonymousEntryPoint.java | 119 +++++++++--------- .../security/ui/rap/LogoutEntryPoint.java | 62 --------- .../security/ui/rap/SecureEntryPoint.java | 15 +-- .../security/ui/rap/SecureRapActivator.java | 14 +-- 4 files changed, 69 insertions(+), 141 deletions(-) delete mode 100644 org.argeo.security.ui.rap/src/org/argeo/security/ui/rap/LogoutEntryPoint.java diff --git a/org.argeo.security.ui.rap/src/org/argeo/security/ui/rap/AnonymousEntryPoint.java b/org.argeo.security.ui.rap/src/org/argeo/security/ui/rap/AnonymousEntryPoint.java index 16d24897c..4977815ae 100644 --- a/org.argeo.security.ui.rap/src/org/argeo/security/ui/rap/AnonymousEntryPoint.java +++ b/org.argeo.security.ui.rap/src/org/argeo/security/ui/rap/AnonymousEntryPoint.java @@ -15,15 +15,8 @@ */ package org.argeo.security.ui.rap; -import java.security.PrivilegedAction; - -import javax.security.auth.Subject; -import javax.security.auth.login.LoginException; - import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.argeo.ArgeoException; -import org.eclipse.equinox.security.auth.ILoginContext; import org.eclipse.rap.rwt.RWT; import org.eclipse.rap.rwt.application.IEntryPoint; import org.eclipse.swt.widgets.Display; @@ -57,62 +50,62 @@ public class AnonymousEntryPoint implements IEntryPoint { final Display display = PlatformUI.createDisplay(); // log in - final ILoginContext loginContext = SecureRapActivator - .createLoginContext(SecureRapActivator.CONTEXT_SPRING_ANONYMOUS); - Subject subject = null; - try { - loginContext.login(); - subject = loginContext.getSubject(); - } catch (LoginException e) { - throw new ArgeoException( - "Unexpected exception during authentication", e); - } - - // identify after successful login - if (log.isDebugEnabled()) - log.debug("Authenticated " + subject); - final String username = subject.getPrincipals().iterator().next() - .getName(); - - // Once the user is logged in, she can have a longer session timeout - RWT.getRequest().getSession().setMaxInactiveInterval(sessionTimeout); - - // Logout callback when the display is disposed - display.disposeExec(new Runnable() { - public void run() { - log.debug("Display disposed"); - logout(loginContext, username); - } - }); - - // - // RUN THE WORKBENCH - // - Integer returnCode = null; - try { - returnCode = Subject.doAs(subject, new PrivilegedAction() { - public Integer run() { - RapWorkbenchAdvisor workbenchAdvisor = new RapWorkbenchAdvisor( - null); - int result = PlatformUI.createAndRunWorkbench(display, - workbenchAdvisor); - return new Integer(result); - } - }); - logout(loginContext, username); - } finally { - display.dispose(); - } - return returnCode; +// final ILoginContext loginContext = SecureRapActivator +// .createLoginContext(SecureRapActivator.CONTEXT_SPRING_ANONYMOUS); +// Subject subject = null; +// try { +// loginContext.login(); +// subject = loginContext.getSubject(); +// } catch (LoginException e) { +// throw new ArgeoException( +// "Unexpected exception during authentication", e); +// } +// +// // identify after successful login +// if (log.isDebugEnabled()) +// log.debug("Authenticated " + subject); +// final String username = subject.getPrincipals().iterator().next() +// .getName(); +// +// // Once the user is logged in, she can have a longer session timeout +// RWT.getRequest().getSession().setMaxInactiveInterval(sessionTimeout); +// +// // Logout callback when the display is disposed +// display.disposeExec(new Runnable() { +// public void run() { +// log.debug("Display disposed"); +// logout(loginContext, username); +// } +// }); +// +// // +// // RUN THE WORKBENCH +// // +// Integer returnCode = null; +// try { +// returnCode = Subject.doAs(subject, new PrivilegedAction() { +// public Integer run() { +// RapWorkbenchAdvisor workbenchAdvisor = new RapWorkbenchAdvisor( +// null); +// int result = PlatformUI.createAndRunWorkbench(display, +// workbenchAdvisor); +// return new Integer(result); +// } +// }); +// logout(loginContext, username); +// } finally { +// display.dispose(); +// } + return 1; } - private void logout(ILoginContext secureContext, String username) { - try { - secureContext.logout(); - log.info("Logged out " + (username != null ? username : "") - + " (THREAD=" + Thread.currentThread().getId() + ")"); - } catch (LoginException e) { - log.error("Erorr when logging out", e); - } - } +// private void logout(ILoginContext secureContext, String username) { +// try { +// secureContext.logout(); +// log.info("Logged out " + (username != null ? username : "") +// + " (THREAD=" + Thread.currentThread().getId() + ")"); +// } catch (LoginException e) { +// log.error("Erorr when logging out", e); +// } +// } } diff --git a/org.argeo.security.ui.rap/src/org/argeo/security/ui/rap/LogoutEntryPoint.java b/org.argeo.security.ui.rap/src/org/argeo/security/ui/rap/LogoutEntryPoint.java deleted file mode 100644 index 7a9e6f3a5..000000000 --- a/org.argeo.security.ui.rap/src/org/argeo/security/ui/rap/LogoutEntryPoint.java +++ /dev/null @@ -1,62 +0,0 @@ -/* - * Copyright (C) 2007-2012 Argeo GmbH - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.argeo.security.ui.rap; - -import javax.security.auth.login.LoginException; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.eclipse.equinox.security.auth.ILoginContext; -import org.eclipse.rap.rwt.RWT; -import org.eclipse.rap.rwt.application.IEntryPoint; -import org.eclipse.ui.PlatformUI; -import org.springframework.security.core.context.SecurityContextHolder; - -/** - * RAP entry point which logs out the currently authenticated user - */ -public class LogoutEntryPoint implements IEntryPoint { - private final static Log log = LogFactory.getLog(LogoutEntryPoint.class); - - /** - * From org.springframework.security.context. - * HttpSessionContextIntegrationFilter - */ - protected static final String SPRING_SECURITY_CONTEXT_KEY = "SPRING_SECURITY_CONTEXT"; - - @Override - public int createUI() { - // create display - PlatformUI.createDisplay(); - - final ILoginContext loginContext = SecureRapActivator - .createLoginContext(SecureRapActivator.CONTEXT_SPRING); - try { - loginContext.logout(); - } catch (LoginException e) { - e.printStackTrace(); - } - - RWT.getRequest().getSession() - .removeAttribute(SPRING_SECURITY_CONTEXT_KEY); - SecurityContextHolder.clearContext(); - RWT.getRequest().getSession().setMaxInactiveInterval(1); - - if (log.isDebugEnabled()) - log.debug("Logged out session " + RWT.getSessionStore().getId()); - return 0; - } -} diff --git a/org.argeo.security.ui.rap/src/org/argeo/security/ui/rap/SecureEntryPoint.java b/org.argeo.security.ui.rap/src/org/argeo/security/ui/rap/SecureEntryPoint.java index 0354070a9..159152186 100644 --- a/org.argeo.security.ui.rap/src/org/argeo/security/ui/rap/SecureEntryPoint.java +++ b/org.argeo.security.ui.rap/src/org/argeo/security/ui/rap/SecureEntryPoint.java @@ -29,7 +29,6 @@ import org.argeo.ArgeoException; import org.argeo.eclipse.ui.workbench.ErrorFeedback; import org.argeo.security.ui.dialogs.DefaultLoginDialog; import org.argeo.util.LocaleUtils; -import org.eclipse.equinox.security.auth.ILoginContext; import org.eclipse.jface.dialogs.MessageDialog; import org.eclipse.rap.rwt.RWT; import org.eclipse.rap.rwt.application.EntryPoint; @@ -107,13 +106,13 @@ public class SecureEntryPoint implements EntryPoint { if (subject.getPrincipals(Authentication.class).size() == 0) throw new ArgeoException("Login succeeded but no auth");// fatal - + // add security context to session if (httpSession.getAttribute(SPRING_SECURITY_CONTEXT_KEY) == null) httpSession.setAttribute(SPRING_SECURITY_CONTEXT_KEY, SecurityContextHolder.getContext()); // add thread locale to RWT session - log.info("Locale "+LocaleUtils.threadLocale.get()); + log.info("Locale " + LocaleUtils.threadLocale.get()); RWT.setLocale(LocaleUtils.threadLocale.get()); // Once the user is logged in, longer session timeout @@ -162,7 +161,8 @@ public class SecureEntryPoint implements EntryPoint { return new Integer(result); } }); - // logout(loginContext, username); + // Explicit exit from workbench + logout(loginModule, username); } finally { display.dispose(); } @@ -214,14 +214,15 @@ public class SecureEntryPoint implements EntryPoint { return null; } - protected void logout(ILoginContext secureContext, String username) { + private void logout(LoginModule loginModule, String username) { try { + loginModule.logout(); + SecurityContextHolder.clearContext(); + HttpServletRequest httpRequest = RWT.getRequest(); HttpSession httpSession = httpRequest.getSession(); httpSession.setAttribute(SPRING_SECURITY_CONTEXT_KEY, null); RWT.getRequest().getSession().setMaxInactiveInterval(1); - SecurityContextHolder.clearContext(); - secureContext.logout(); log.info("Logged out " + (username != null ? username : "") + " (THREAD=" + Thread.currentThread().getId() + ")"); } catch (LoginException e) { diff --git a/org.argeo.security.ui.rap/src/org/argeo/security/ui/rap/SecureRapActivator.java b/org.argeo.security.ui.rap/src/org/argeo/security/ui/rap/SecureRapActivator.java index 4cbb441e7..7cb799026 100644 --- a/org.argeo.security.ui.rap/src/org/argeo/security/ui/rap/SecureRapActivator.java +++ b/org.argeo.security.ui.rap/src/org/argeo/security/ui/rap/SecureRapActivator.java @@ -15,10 +15,6 @@ */ package org.argeo.security.ui.rap; -import java.net.URL; - -import org.eclipse.equinox.security.auth.ILoginContext; -import org.eclipse.equinox.security.auth.LoginContextFactory; import org.osgi.framework.BundleActivator; import org.osgi.framework.BundleContext; @@ -51,9 +47,9 @@ public class SecureRapActivator implements BundleActivator { return activator; } - static ILoginContext createLoginContext(String contextName) { - URL configUrl = getActivator().getBundleContext().getBundle() - .getEntry(JAAS_CONFIG_FILE); - return LoginContextFactory.createContext(contextName, configUrl); - } +// static ILoginContext createLoginContext(String contextName) { +// URL configUrl = getActivator().getBundleContext().getBundle() +// .getEntry(JAAS_CONFIG_FILE); +// return LoginContextFactory.createContext(contextName, configUrl); +// } } -- 2.30.2