Fix web login

git-svn-id: https://svn.argeo.org/commons/trunk@7966 4cfe0d0a-d680-48aa-b62c-e0a02a3f76cc

diff --git a/org.argeo.cms/src/org/argeo/cms/CmsLogin.java b/org.argeo.cms/src/org/argeo/cms/CmsLogin.java
index d93a952254d1aa3c233bc3b0c1845b14bc276d3d..0919ee9c9f7cbc6e5394a51bb274fc9506283efe 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/CmsLogin.java
+++ b/org.argeo.cms/src/org/argeo/cms/CmsLogin.java
@@ -2,52 +2,43 @@ package org.argeo.cms;
 
 import static org.argeo.cms.internal.kernel.KernelConstants.SPRING_SECURITY_CONTEXT_KEY;
 
-import java.util.Collections;
-import java.util.List;
-
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
 import javax.servlet.http.HttpSession;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.argeo.cms.internal.kernel.KernelConstants;
+import org.argeo.ArgeoException;
+import org.argeo.cms.auth.ArgeoLoginContext;
+import org.argeo.security.NodeAuthenticationToken;
 import org.eclipse.rap.rwt.RWT;
-import org.springframework.security.authentication.AnonymousAuthenticationToken;
 import org.springframework.security.authentication.AuthenticationManager;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.core.userdetails.User;
-import org.springframework.security.core.userdetails.UserDetails;
 
 /** Gateway for user login, can also generate the related UI. */
 public class CmsLogin {
        private final static Log log = LogFactory.getLog(CmsLogin.class);
        private AuthenticationManager authenticationManager;
-       private String systemKey = KernelConstants.DEFAULT_SECURITY_KEY;
+
+       // private String systemKey = KernelConstants.DEFAULT_SECURITY_KEY;
 
        public void logInAsAnonymous() {
-               // TODO Better deal with anonymous authentication
+               Subject subject = new Subject();
+               final LoginContext loginContext;
                try {
-                       List<SimpleGrantedAuthority> anonAuthorities = Collections
-                                       .singletonList(new SimpleGrantedAuthority(
-                                                       KernelHeader.USERNAME_ANONYMOUS));
-                       UserDetails anonUser = new User("anonymous", "", true, true, true,
-                                       true, anonAuthorities);
-                       AnonymousAuthenticationToken anonToken = new AnonymousAuthenticationToken(
-                                       systemKey, anonUser, anonAuthorities);
-                       Authentication authentication = authenticationManager
-                                       .authenticate(anonToken);
-                       SecurityContextHolder.getContext()
-                                       .setAuthentication(authentication);
-               } catch (Exception e) {
-                       throw new CmsException("Cannot authenticate", e);
+                       loginContext = new ArgeoLoginContext(
+                                       KernelHeader.LOGIN_CONTEXT_ANONYMOUS, subject);
+                       loginContext.login();
+               } catch (LoginException e1) {
+                       throw new ArgeoException("Cannot authenticate anonymous", e1);
                }
        }
 
        public void logInWithPassword(String username, char[] password) {
-               UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
-                               username, password);
+               NodeAuthenticationToken token = new NodeAuthenticationToken(username,
+                               password);
                Authentication authentication = authenticationManager
                                .authenticate(token);
                SecurityContextHolder.getContext().setAuthentication(authentication);
@@ -63,8 +54,8 @@ public class CmsLogin {
                this.authenticationManager = authenticationManager;
        }
 
-       public void setSystemKey(String systemKey) {
-               this.systemKey = systemKey;
-       }
+       // public void setSystemKey(String systemKey) {
+       // this.systemKey = systemKey;
+       // }
 
 }