Fix regression in root http filter, in order to support workbench

[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / AbstractCmsEntryPoint.java
diff --git a/org.argeo.cms/src/org/argeo/cms/AbstractCmsEntryPoint.java b/org.argeo.cms/src/org/argeo/cms/AbstractCmsEntryPoint.java

index 02e08f2af94c32d6561b94f0945a61513b1600ae..6e30d8e31d7b16b3b9cf4938faf954e0721839b5 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/AbstractCmsEntryPoint.java
+++ b/org.argeo.cms/src/org/argeo/cms/AbstractCmsEntryPoint.java
@@ -1,5 +1,7 @@
  package org.argeo.cms;
  
+import java.security.AccessControlContext;
+import java.security.PrivilegedAction;
  import java.util.HashMap;
  import java.util.Locale;
  import java.util.Map;
@@ -13,6 +15,8 @@ import javax.jcr.Session;
  import javax.jcr.nodetype.NodeType;
  import javax.security.auth.Subject;
  import javax.security.auth.login.LoginException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
  
  import org.apache.commons.logging.Log;
  import org.apache.commons.logging.LogFactory;
@@ -37,7 +41,7 @@ public abstract class AbstractCmsEntryPoint extends AbstractEntryPoint
                 implements CmsSession {
         private final Log log = LogFactory.getLog(AbstractCmsEntryPoint.class);
  
-       private final Subject subject = new Subject();
+       private final Subject subject;
  
         private final Repository repository;
         private final String workspace;
@@ -62,13 +66,23 @@ public abstract class AbstractCmsEntryPoint extends AbstractEntryPoint
                 this.defaultPath = defaultPath;
                 this.factoryProperties = new HashMap<String, String>(factoryProperties);
  
+               // load context from session
+               HttpServletRequest httpRequest = RWT.getRequest();
+               final HttpSession httpSession = httpRequest.getSession();
+               AccessControlContext acc = (AccessControlContext) httpSession
+                               .getAttribute(KernelHeader.ACCESS_CONTROL_CONTEXT);
+               if (acc != null)
+                       subject = Subject.getSubject(acc);
+               else
+                       subject = new Subject();
+
                 // Initial login
                 try {
                         new ArgeoLoginContext(KernelHeader.LOGIN_CONTEXT_USER, subject)
                                         .login();
                 } catch (LoginException e) {
-                       if (log.isTraceEnabled())
-                               log.trace("Cannot authenticate user", e);
+                       // if (log.isTraceEnabled())
+                       // log.trace("Cannot authenticate user", e);
                         try {
                                 new ArgeoLoginContext(KernelHeader.LOGIN_CONTEXT_ANONYMOUS,
                                                 subject).login();
@@ -103,14 +117,20 @@ public abstract class AbstractCmsEntryPoint extends AbstractEntryPoint
         }
  
         @Override
-       protected final void createContents(Composite parent) {
-               try {
-                       getShell().getDisplay().setData(CmsSession.KEY, this);
-
-                       createUi(parent);
-               } catch (Exception e) {
-                       throw new CmsException("Cannot create entrypoint contents", e);
-               }
+       protected final void createContents(final Composite parent) {
+               getShell().getDisplay().setData(CmsSession.KEY, this);
+               Subject.doAs(subject, new PrivilegedAction<Void>() {
+                       @Override
+                       public Void run() {
+                               try {
+                                       createUi(parent);
+                               } catch (Exception e) {
+                                       throw new CmsException("Cannot create entrypoint contents",
+                                                       e);
+                               }
+                               return null;
+                       }
+               });
         }
  
         /** Create UI */
@@ -140,7 +160,7 @@ public abstract class AbstractCmsEntryPoint extends AbstractEntryPoint
         public void navigateTo(String state) {
                 exception = null;
                 String title = setState(state);
-               refresh();
+               doRefresh();
                 if (browserNavigation != null)
                         browserNavigation.pushState(state, title);
         }
@@ -152,48 +172,66 @@ public abstract class AbstractCmsEntryPoint extends AbstractEntryPoint
  
         @Override
         public void authChange() {
-               try {
-                       String currentPath = null;
-                       if (node != null)
-                               currentPath = node.getPath();
-                       JcrUtils.logoutQuietly(session);
+               Subject.doAs(subject, new PrivilegedAction<Void>() {
  
-                       session = repository.login(workspace);
-                       if (currentPath != null)
+                       @Override
+                       public Void run() {
                                 try {
-                                       node = session.getNode(currentPath);
-                               } catch (Exception e) {
-                                       try {
-                                               // TODO find a less hacky way to log out
-                                               new ArgeoLoginContext(
-                                                               KernelHeader.LOGIN_CONTEXT_ANONYMOUS, subject)
-                                                               .logout();
-                                               new ArgeoLoginContext(
-                                                               KernelHeader.LOGIN_CONTEXT_ANONYMOUS, subject)
-                                                               .login();
-                                       } catch (LoginException eAnonymous) {
-                                               throw new ArgeoException("Cannot reset to anonymous",
-                                                               eAnonymous);
-                                       }
+                                       String currentPath = null;
+                                       if (node != null)
+                                               currentPath = node.getPath();
                                         JcrUtils.logoutQuietly(session);
+
                                         session = repository.login(workspace);
-                                       navigateTo("~");
-                                       throw e;
+                                       if (currentPath != null)
+                                               try {
+                                                       node = session.getNode(currentPath);
+                                               } catch (Exception e) {
+                                                       try {
+                                                               // TODO find a less hacky way to log out
+                                                               new ArgeoLoginContext(
+                                                                               KernelHeader.LOGIN_CONTEXT_ANONYMOUS,
+                                                                               subject).logout();
+                                                               new ArgeoLoginContext(
+                                                                               KernelHeader.LOGIN_CONTEXT_ANONYMOUS,
+                                                                               subject).login();
+                                                       } catch (LoginException eAnonymous) {
+                                                               throw new ArgeoException(
+                                                                               "Cannot reset to anonymous", eAnonymous);
+                                                       }
+                                                       JcrUtils.logoutQuietly(session);
+                                                       session = repository.login(workspace);
+                                                       navigateTo("~");
+                                                       throw e;
+                                               }
+
+                                       // refresh UI
+                                       doRefresh();
+                               } catch (RepositoryException e) {
+                                       throw new CmsException("Cannot perform auth change", e);
                                 }
+                               return null;
+                       }
  
-                       // refresh UI
-                       refresh();
-               } catch (RepositoryException e) {
-                       throw new CmsException("Cannot perform auth change", e);
-               }
+               });
  
         }
  
         @Override
-       public void exception(Throwable e) {
-               this.exception = e;
+       public void exception(final Throwable e) {
+               AbstractCmsEntryPoint.this.exception = e;
                 log.error("Unexpected exception in CMS", e);
-               refresh();
+               doRefresh();
+       }
+
+       protected void doRefresh() {
+               Subject.doAs(subject, new PrivilegedAction<Void>() {
+                       @Override
+                       public Void run() {
+                               refresh();
+                               return null;
+                       }
+               });
         }
  
         @Override