Support SSL client authentication

[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / auth / CmsAuthUtils.java
diff --git a/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java b/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java

index 6fa7bd2a1c343d03e3b73ed14018175c8c43ad77..4762eb96c765578396650ba1044c0c92b9818e20 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java
@@ -23,25 +23,22 @@ import org.argeo.node.NodeConstants;
  import org.argeo.node.security.AnonymousPrincipal;
  import org.argeo.node.security.DataAdminPrincipal;
  import org.argeo.node.security.NodeSecurityUtils;
+import org.argeo.osgi.useradmin.AuthenticatingUser;
  import org.osgi.service.http.HttpContext;
  import org.osgi.service.useradmin.Authorization;
  
  class CmsAuthUtils {
-       /** Shared HTTP request */
-       final static String SHARED_STATE_HTTP_REQUEST = "org.argeo.cms.auth.http.request";
-       /** From org.osgi.service.http.HttpContext */
-       // final static String SHARED_STATE_AUTHORIZATION =
-       // "org.osgi.service.useradmin.authorization";
-       /** From com.sun.security.auth.module.*LoginModule */
-       final static String SHARED_STATE_NAME = "javax.security.auth.login.name";
-       /** From com.sun.security.auth.module.*LoginModule */
-       final static String SHARED_STATE_PWD = "javax.security.auth.login.password";
+       // Standard
+       final static String SHARED_STATE_NAME = AuthenticatingUser.SHARED_STATE_NAME;
+       final static String SHARED_STATE_PWD = AuthenticatingUser.SHARED_STATE_PWD;
+       final static String HEADER_AUTHORIZATION = "Authorization";
+       final static String HEADER_WWW_AUTHENTICATE = "WWW-Authenticate";
  
+       // Argeo specific
+       final static String SHARED_STATE_HTTP_REQUEST = "org.argeo.cms.auth.http.request";
         final static String SHARED_STATE_SPNEGO_TOKEN = "org.argeo.cms.auth.spnegoToken";
         final static String SHARED_STATE_SPNEGO_OUT_TOKEN = "org.argeo.cms.auth.spnegoOutToken";
-
-       final static String HEADER_AUTHORIZATION = "Authorization";
-       final static String HEADER_WWW_AUTHENTICATE = "WWW-Authenticate";
+       final static String SHARED_STATE_CERTIFICATE_CHAIN = "org.argeo.cms.auth.certificateChain";
  
         static void addAuthorization(Subject subject, Authorization authorization, Locale locale,
                         HttpServletRequest request) {
@@ -117,10 +114,13 @@ class CmsAuthUtils {
                 // subject.getPrincipals().removeAll(subject.getPrincipals(AnonymousPrincipal.class));
         }
  
-       private static void registerSessionAuthorization(HttpServletRequest request, Subject subject,
+       private synchronized static void registerSessionAuthorization(HttpServletRequest request, Subject subject,
                         Authorization authorization, Locale locale) {
+               // synchronized in order to avoid multiple registrations
+               // TODO move it to a service in order to avoid static synchronization
                 if (request != null) {
                         HttpSession httpSession = request.getSession(false);
+                       assert httpSession != null;
                         String httpSessId = httpSession.getId();
                         String remoteUser = authorization.getName() != null ? authorization.getName()
                                         : NodeConstants.ROLE_ANONYMOUS;
@@ -131,7 +131,6 @@ class CmsAuthUtils {
                         if (cmsSession != null) {
                                 if (authorization.getName() != null) {
                                         if (cmsSession.getAuthorization().getName() == null) {
-                                               // FIXME make it more generic
                                                 cmsSession.close();
                                                 cmsSession = null;
                                         } else if (!authorization.getName().equals(cmsSession.getAuthorization().getName())) {
@@ -140,8 +139,8 @@ class CmsAuthUtils {
                                         }
                                 } else {// anonymous
                                         if (cmsSession.getAuthorization().getName() != null) {
-                                               // FIXME make it more generic
                                                 cmsSession.close();
+                                               // TODO rather throw an exception ? log a warning ?
                                                 cmsSession = null;
                                         }
                                 }