SPNEGO working

[lgpl/argeo-commons.git] / eclipse / org.argeo.cms.servlet / src / org / argeo / cms / servlet / CmsServletContext.java

diff --git a/eclipse/org.argeo.cms.servlet/src/org/argeo/cms/servlet/CmsServletContext.java b/eclipse/org.argeo.cms.servlet/src/org/argeo/cms/servlet/CmsServletContext.java
index cc2bc02d1978e46bc34e3149f0779baf2728522a..9cb48b212d38b5db6054c6fefac76dc00a9a00e3 100644 (file)
--- a/eclipse/org.argeo.cms.servlet/src/org/argeo/cms/servlet/CmsServletContext.java
+++ b/eclipse/org.argeo.cms.servlet/src/org/argeo/cms/servlet/CmsServletContext.java
@@ -41,6 +41,8 @@ public class CmsServletContext extends ServletContextHelper {
        public boolean handleSecurity(HttpServletRequest request, HttpServletResponse response) throws IOException {
                if (log.isTraceEnabled())
                        HttpUtils.logRequestHeaders(log, request);
+               ClassLoader currentThreadContextClassLoader = Thread.currentThread().getContextClassLoader();
+               Thread.currentThread().setContextClassLoader(CmsServletContext.class.getClassLoader());
                LoginContext lc;
                try {
                        lc = CmsAuth.USER.newLoginContext(
@@ -52,6 +54,8 @@ public class CmsServletContext extends ServletContextHelper {
                                HttpUtils.logResponseHeaders(log, response);
                        if (lc == null)
                                return false;
+               } finally {
+                       Thread.currentThread().setContextClassLoader(currentThreadContextClassLoader);
                }
 
                Subject subject = lc.getSubject();
@@ -79,7 +83,7 @@ public class CmsServletContext extends ServletContextHelper {
                ClassLoader currentContextClassLoader = Thread.currentThread().getContextClassLoader();
                try {
                        Thread.currentThread().setContextClassLoader(CmsServletContext.class.getClassLoader());
-                       LoginContext lc = new LoginContext(CmsAuth.LOGIN_CONTEXT_ANONYMOUS,
+                       LoginContext lc = CmsAuth.ANONYMOUS.newLoginContext(
                                        new RemoteAuthCallbackHandler(new ServletHttpRequest(request), new ServletHttpResponse(response)));
                        lc.login();
                        return lc;