projects / lgpl / argeo-commons.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Work on servlet securitxy integration.
[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / integration / CmsPrivateServletContext.java
diff --git a/org.argeo.cms/src/org/argeo/cms/integration/CmsPrivateServletContext.java b/org.argeo.cms/src/org/argeo/cms/integration/CmsPrivateServletContext.java
index 4c7c8997af3f2dfff96dfd81bd8e2451206f7ba3..a97f4133fdbdc2cd3191a6164136ef9a1d703e5f 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/integration/CmsPrivateServletContext.java
+++ b/org.argeo.cms/src/org/argeo/cms/integration/CmsPrivateServletContext.java
@@ -4,7 +4,6 @@ import static org.argeo.api.NodeConstants.LOGIN_CONTEXT_USER;
 
 import java.io.IOException;
 import java.security.AccessControlContext;
-import java.security.AccessController;
 import java.security.PrivilegedAction;
 import java.util.Map;
 
@@ -15,6 +14,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.argeo.cms.auth.HttpRequestCallbackHandler;
+import org.argeo.cms.auth.ServletAuthUtils;
 import org.osgi.service.http.context.ServletContextHelper;
 
 /** Manages security access to servlets. */
@@ -53,7 +53,8 @@ public class CmsPrivateServletContext extends ServletContextHelper {
 
                        @Override
                        public Void run() {
-                               request.setAttribute(REMOTE_USER, AccessController.getContext());
+                               // TODO also set login context in order to log out ?
+                               ServletAuthUtils.configureRequestSecurity(request);
                                return null;
                        }
 
@@ -62,6 +63,11 @@ public class CmsPrivateServletContext extends ServletContextHelper {
                return true;
        }
 
+       @Override
+       public void finishSecurity(HttpServletRequest request, HttpServletResponse response) {
+               ServletAuthUtils.clearRequestSecurity(request);
+       }
+
        protected LoginContext processUnauthorized(HttpServletRequest request, HttpServletResponse response) {
                try {
                        response.sendRedirect(loginPage);
Argeo Commons - Lightweight integration framework in pure Java/OSGi