import org.argeo.api.cms.AnonymousPrincipal;
import org.argeo.api.cms.CmsConstants;
+import org.argeo.api.cms.CmsSession;
import org.argeo.api.cms.CmsSessionId;
import org.argeo.api.cms.DataAdminPrincipal;
import org.argeo.cms.internal.auth.CmsSessionImpl;
import org.argeo.cms.internal.auth.ImpliedByPrincipal;
-import org.argeo.cms.internal.http.WebCmsSessionImpl;
+import org.argeo.cms.internal.auth.RemoteCmsSessionImpl;
import org.argeo.cms.internal.runtime.CmsContextImpl;
-import org.argeo.osgi.useradmin.AuthenticatingUser;
+import org.argeo.cms.osgi.useradmin.AuthenticatingUser;
import org.osgi.service.useradmin.Authorization;
/** Centralises security related registrations. */
// Standard
final static String SHARED_STATE_NAME = AuthenticatingUser.SHARED_STATE_NAME;
final static String SHARED_STATE_PWD = AuthenticatingUser.SHARED_STATE_PWD;
- final static String HEADER_AUTHORIZATION = "Authorization";
- final static String HEADER_WWW_AUTHENTICATE = "WWW-Authenticate";
+// final static String HEADER_AUTHORIZATION = "Authorization";
+// final static String HEADER_WWW_AUTHENTICATE = "WWW-Authenticate";
// Argeo specific
final static String SHARED_STATE_HTTP_REQUEST = "org.argeo.cms.auth.http.request";
// TODO move it to a service in order to avoid static synchronization
if (request != null) {
RemoteAuthSession httpSession = request.getSession();
- assert httpSession != null;
- String httpSessId = httpSession.getId();
+ String httpSessId = httpSession != null ? httpSession.getId() : null;
boolean anonymous = authorization.getName() == null;
String remoteUser = !anonymous ? authorization.getName() : CmsConstants.ROLE_ANONYMOUS;
request.setAttribute(RemoteAuthRequest.REMOTE_USER, remoteUser);
CmsSessionImpl cmsSession;
CmsSessionImpl currentLocalSession = CmsContextImpl.getCmsContext().getCmsSessionByLocalId(httpSessId);
if (currentLocalSession != null) {
- boolean currentLocalSessionAnonymous = currentLocalSession.getAuthorization().getName() == null;
+ boolean currentLocalSessionAnonymous = currentLocalSession.isAnonymous();
if (!anonymous) {
if (currentLocalSessionAnonymous) {
currentLocalSession.close();
// new CMS session
UUID cmsSessionUuid = CmsContextImpl.getCmsContext().getUuidFactory().timeUUID();
- cmsSession = new WebCmsSessionImpl(cmsSessionUuid, subject, authorization, locale, request);
+ cmsSession = new RemoteCmsSessionImpl(cmsSessionUuid, subject, authorization, locale, request);
CmsContextImpl.getCmsContext().registerCmsSession(cmsSession);
} else if (!authorization.getName().equals(currentLocalSession.getAuthorization().getName())) {
throw new IllegalStateException("Inconsistent user " + authorization.getName()
} else {
// new CMS session
UUID cmsSessionUuid = CmsContextImpl.getCmsContext().getUuidFactory().timeUUID();
- cmsSession = new WebCmsSessionImpl(cmsSessionUuid, subject, authorization, locale, request);
+ cmsSession = new RemoteCmsSessionImpl(cmsSessionUuid, subject, authorization, locale, request);
CmsContextImpl.getCmsContext().registerCmsSession(cmsSession);
}
throw new IllegalStateException(
"Subject already logged with session " + storedSessionId + " (not " + nodeSessionId + ")");
}
+ request.setAttribute(CmsSession.class.getName(), cmsSession);
} else {
CmsSessionImpl cmsSession = CmsContextImpl.getCmsContext().getCmsSessionByLocalId(SINGLE_USER_LOCAL_ID);
if (cmsSession == null) {