From: Mathieu Baudier Date: Wed, 4 Nov 2020 07:36:50 +0000 (+0100) Subject: Improve servlet integration. X-Git-Tag: argeo-commons-2.1.89~39 X-Git-Url: http://git.argeo.org/?p=lgpl%2Fargeo-commons.git;a=commitdiff_plain;h=8fd1416f1a9ba2e6bd9da56ec560f57ad421ac83 Improve servlet integration. --- diff --git a/org.argeo.cms/src/org/argeo/cms/auth/ServletAuthUtils.java b/org.argeo.cms/src/org/argeo/cms/auth/ServletAuthUtils.java deleted file mode 100644 index 9cb7fdcbe..000000000 --- a/org.argeo.cms/src/org/argeo/cms/auth/ServletAuthUtils.java +++ /dev/null @@ -1,42 +0,0 @@ -package org.argeo.cms.auth; - -import java.security.AccessControlContext; -import java.security.AccessController; -import java.security.PrivilegedAction; -import java.util.function.Supplier; - -import javax.security.auth.Subject; -import javax.servlet.http.HttpServletRequest; - -import org.osgi.service.http.HttpContext; - -/** Authentications utilities when using servlets. */ -public class ServletAuthUtils { - public final static T doAs(Supplier supplier, HttpServletRequest req) { - return Subject.doAs( - Subject.getSubject((AccessControlContext) req.getAttribute(AccessControlContext.class.getName())), - new PrivilegedAction() { - - @Override - public T run() { - return supplier.get(); - } - - }); - } - - public final static void configureRequestSecurity(HttpServletRequest req) { - if (req.getAttribute(AccessControlContext.class.getName()) != null) - throw new IllegalStateException("Request already authenticated."); - AccessControlContext acc = AccessController.getContext(); - req.setAttribute(HttpContext.REMOTE_USER, CurrentUser.getUsername()); - req.setAttribute(AccessControlContext.class.getName(), acc); - } - - public final static void clearRequestSecurity(HttpServletRequest req) { - if (req.getAttribute(AccessControlContext.class.getName()) == null) - throw new IllegalStateException("Cannot clear non-authenticated request."); - req.setAttribute(HttpContext.REMOTE_USER, null); - req.setAttribute(AccessControlContext.class.getName(), null); - } -} diff --git a/org.argeo.cms/src/org/argeo/cms/integration/CmsPrivateServletContext.java b/org.argeo.cms/src/org/argeo/cms/integration/CmsPrivateServletContext.java index a97f4133f..862d7ee08 100644 --- a/org.argeo.cms/src/org/argeo/cms/integration/CmsPrivateServletContext.java +++ b/org.argeo.cms/src/org/argeo/cms/integration/CmsPrivateServletContext.java @@ -14,7 +14,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.argeo.cms.auth.HttpRequestCallbackHandler; -import org.argeo.cms.auth.ServletAuthUtils; +import org.argeo.cms.servlet.ServletAuthUtils; import org.osgi.service.http.context.ServletContextHelper; /** Manages security access to servlets. */ diff --git a/org.argeo.cms/src/org/argeo/cms/servlet/CmsServletContext.java b/org.argeo.cms/src/org/argeo/cms/servlet/CmsServletContext.java index 0d94ff3f1..9ff8f855f 100644 --- a/org.argeo.cms/src/org/argeo/cms/servlet/CmsServletContext.java +++ b/org.argeo.cms/src/org/argeo/cms/servlet/CmsServletContext.java @@ -15,7 +15,6 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.argeo.api.NodeConstants; import org.argeo.cms.auth.HttpRequestCallbackHandler; -import org.argeo.cms.auth.ServletAuthUtils; import org.argeo.cms.internal.http.HttpUtils; import org.osgi.framework.Bundle; import org.osgi.framework.FrameworkUtil; diff --git a/org.argeo.cms/src/org/argeo/cms/servlet/ServletAuthUtils.java b/org.argeo.cms/src/org/argeo/cms/servlet/ServletAuthUtils.java new file mode 100644 index 000000000..13dfbe638 --- /dev/null +++ b/org.argeo.cms/src/org/argeo/cms/servlet/ServletAuthUtils.java @@ -0,0 +1,53 @@ +package org.argeo.cms.servlet; + +import java.security.AccessControlContext; +import java.security.AccessController; +import java.security.PrivilegedAction; +import java.util.function.Supplier; + +import javax.security.auth.Subject; +import javax.servlet.http.HttpServletRequest; + +import org.argeo.cms.auth.CurrentUser; +import org.osgi.service.http.HttpContext; + +/** Authentications utilities when using servlets. */ +public class ServletAuthUtils { + /** + * Execute this supplier, using the CMS class loader as context classloader. + * Useful to log in to JCR. + */ + public final static T doAs(Supplier supplier, HttpServletRequest req) { + ClassLoader currentContextCl = Thread.currentThread().getContextClassLoader(); + Thread.currentThread().setContextClassLoader(ServletAuthUtils.class.getClassLoader()); + try { + return Subject.doAs( + Subject.getSubject((AccessControlContext) req.getAttribute(AccessControlContext.class.getName())), + new PrivilegedAction() { + + @Override + public T run() { + return supplier.get(); + } + + }); + } finally { + Thread.currentThread().setContextClassLoader(currentContextCl); + } + } + + public final static void configureRequestSecurity(HttpServletRequest req) { + if (req.getAttribute(AccessControlContext.class.getName()) != null) + throw new IllegalStateException("Request already authenticated."); + AccessControlContext acc = AccessController.getContext(); + req.setAttribute(HttpContext.REMOTE_USER, CurrentUser.getUsername()); + req.setAttribute(AccessControlContext.class.getName(), acc); + } + + public final static void clearRequestSecurity(HttpServletRequest req) { + if (req.getAttribute(AccessControlContext.class.getName()) == null) + throw new IllegalStateException("Cannot clear non-authenticated request."); + req.setAttribute(HttpContext.REMOTE_USER, null); + req.setAttribute(AccessControlContext.class.getName(), null); + } +}