public boolean handleSecurity(HttpServletRequest request, HttpServletResponse response) throws IOException {
if (log.isTraceEnabled())
HttpUtils.logRequestHeaders(log, request);
+ ClassLoader currentThreadContextClassLoader = Thread.currentThread().getContextClassLoader();
+ Thread.currentThread().setContextClassLoader(CmsServletContext.class.getClassLoader());
LoginContext lc;
try {
lc = CmsAuth.USER.newLoginContext(
HttpUtils.logResponseHeaders(log, response);
if (lc == null)
return false;
+ } finally {
+ Thread.currentThread().setContextClassLoader(currentThreadContextClassLoader);
}
Subject subject = lc.getSubject();
protected LoginContext processUnauthorized(HttpServletRequest request, HttpServletResponse response) {
// anonymous
+ ClassLoader currentContextClassLoader = Thread.currentThread().getContextClassLoader();
try {
- LoginContext lc = new LoginContext(CmsAuth.LOGIN_CONTEXT_ANONYMOUS,
+ Thread.currentThread().setContextClassLoader(CmsServletContext.class.getClassLoader());
+ LoginContext lc = CmsAuth.ANONYMOUS.newLoginContext(
new RemoteAuthCallbackHandler(new ServletHttpRequest(request), new ServletHttpResponse(response)));
lc.login();
return lc;
if (log.isDebugEnabled())
log.error("Cannot log in as anonymous", e1);
return null;
+ } finally {
+ Thread.currentThread().setContextClassLoader(currentContextClassLoader);
}
}