import javax.security.auth.login.LoginContext;
import javax.servlet.http.HttpSession;
import javax.websocket.Extension;
import javax.security.auth.login.LoginContext;
import javax.servlet.http.HttpSession;
import javax.websocket.Extension;
import org.apache.commons.logging.LogFactory;
import org.argeo.cms.auth.HttpRequestCallbackHandler;
import org.argeo.node.NodeConstants;
import org.apache.commons.logging.LogFactory;
import org.argeo.cms.auth.HttpRequestCallbackHandler;
import org.argeo.node.NodeConstants;
/** Customises the initialisation of a new web socket. */
public class CmsWebSocketConfigurator extends Configurator {
/** Customises the initialisation of a new web socket. */
public class CmsWebSocketConfigurator extends Configurator {
- sec.getUserProperties().put(WEBSOCKET_SUBJECT, lc.getSubject());
+ Subject.doAs(lc.getSubject(), new PrivilegedAction<Void>() {
+
+ @Override
+ public Void run() {
+ sec.getUserProperties().put(ServletContextHelper.REMOTE_USER, AccessController.getContext());
+ return null;
+ }
+
+ });
protected void rejectResponse(HandshakeResponse response, Exception e) {
// violent implementation, as suggested in
// https://stackoverflow.com/questions/21763829/jsr-356-how-to-abort-a-websocket-connection-during-the-handshake
protected void rejectResponse(HandshakeResponse response, Exception e) {
// violent implementation, as suggested in
// https://stackoverflow.com/questions/21763829/jsr-356-how-to-abort-a-websocket-connection-during-the-handshake