Massive package refactoring

[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / auth / CmsAuthUtils.java

diff --git a/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java b/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java
index 6abaf71f262ac676d33efb5eff0968039c9378c1..289f8dcc65eabf2e101c0af6208bbb2ead05ff90 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java
@@ -20,13 +20,14 @@ import javax.security.auth.x500.X500Principal;
 
 import org.argeo.api.cms.AnonymousPrincipal;
 import org.argeo.api.cms.CmsConstants;
+import org.argeo.api.cms.CmsSession;
 import org.argeo.api.cms.CmsSessionId;
 import org.argeo.api.cms.DataAdminPrincipal;
 import org.argeo.cms.internal.auth.CmsSessionImpl;
 import org.argeo.cms.internal.auth.ImpliedByPrincipal;
 import org.argeo.cms.internal.auth.RemoteCmsSessionImpl;
 import org.argeo.cms.internal.runtime.CmsContextImpl;
-import org.argeo.osgi.useradmin.AuthenticatingUser;
+import org.argeo.cms.osgi.useradmin.AuthenticatingUser;
 import org.osgi.service.useradmin.Authorization;
 
 /** Centralises security related registrations. */
@@ -135,8 +136,7 @@ class CmsAuthUtils {
                // TODO move it to a service in order to avoid static synchronization
                if (request != null) {
                        RemoteAuthSession httpSession = request.getSession();
-                       assert httpSession != null;
-                       String httpSessId = httpSession.getId();
+                       String httpSessId = httpSession != null ? httpSession.getId() : null;
                        boolean anonymous = authorization.getName() == null;
                        String remoteUser = !anonymous ? authorization.getName() : CmsConstants.ROLE_ANONYMOUS;
                        request.setAttribute(RemoteAuthRequest.REMOTE_USER, remoteUser);
@@ -145,7 +145,7 @@ class CmsAuthUtils {
                        CmsSessionImpl cmsSession;
                        CmsSessionImpl currentLocalSession = CmsContextImpl.getCmsContext().getCmsSessionByLocalId(httpSessId);
                        if (currentLocalSession != null) {
-                               boolean currentLocalSessionAnonymous = currentLocalSession.getAuthorization().getName() == null;
+                               boolean currentLocalSessionAnonymous = currentLocalSession.isAnonymous();
                                if (!anonymous) {
                                        if (currentLocalSessionAnonymous) {
                                                currentLocalSession.close();
@@ -192,6 +192,7 @@ class CmsAuthUtils {
                                        throw new IllegalStateException(
                                                        "Subject already logged with session " + storedSessionId + " (not " + nodeSessionId + ")");
                        }
+                       request.setAttribute(CmsSession.class.getName(), cmsSession);
                } else {
                        CmsSessionImpl cmsSession = CmsContextImpl.getCmsContext().getCmsSessionByLocalId(SINGLE_USER_LOCAL_ID);
                        if (cmsSession == null) {