import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.argeo.cms.CmsException;
+import org.argeo.cms.internal.auth.CmsSessionImpl;
import org.argeo.cms.internal.kernel.Activator;
import org.osgi.framework.BundleContext;
import org.osgi.framework.FrameworkUtil;
import org.osgi.service.http.HttpContext;
import org.osgi.service.useradmin.Authorization;
+/** Use the HTTP session as the basis for authentication. */
public class HttpSessionLoginModule implements LoginModule {
private final static Log log = LogFactory.getLog(HttpSessionLoginModule.class);
private CallbackHandler callbackHandler = null;
private Map<String, Object> sharedState = null;
- private HttpServletRequest request = null;
- private HttpServletResponse response = null;
+ private HttpRequest request = null;
+ private HttpResponse response = null;
private BundleContext bc;
return false;
// TODO factorize with below
String httpSessionId = httpSession.getId();
- if (log.isTraceEnabled())
- log.trace("HTTP login: " + request.getPathInfo() + " #" + httpSessionId);
- CmsSession cmsSession = CmsAuthUtils.cmsSessionFromHttpSession(bc, httpSessionId);
+// if (log.isTraceEnabled())
+// log.trace("HTTP login: " + request.getPathInfo() + " #" + httpSessionId);
+ CmsSessionImpl cmsSession = CmsAuthUtils.cmsSessionFromHttpSession(bc, httpSessionId);
if (cmsSession != null) {
authorization = cmsSession.getAuthorization();
locale = cmsSession.getLocale();
} else {
authorization = (Authorization) request.getAttribute(HttpContext.AUTHORIZATION);
if (authorization == null) {// search by session ID
- // TODO implement ident
-// IdentClient identClient = new IdentClient(request.getRemoteAddr(), "changeit");
-// String identUsername = identClient.getUsername(request.getLocalPort(), request.getRemotePort());
-// log.debug("Ident username: " + identUsername);
-
- HttpSession httpSession = request.getSession(false);
+ HttpSession httpSession = request.getSession();
if (httpSession == null) {
// TODO make sure this is always safe
if (log.isTraceEnabled())
log.trace("Create http session");
- httpSession = request.getSession(true);
+ httpSession = request.createSession();
}
String httpSessionId = httpSession.getId();
- if (log.isTraceEnabled())
- log.trace("HTTP login: " + request.getPathInfo() + " #" + httpSessionId);
- CmsSession cmsSession = CmsAuthUtils.cmsSessionFromHttpSession(bc, httpSessionId);
+// if (log.isTraceEnabled())
+// log.trace("HTTP login: " + request.getPathInfo() + " #" + httpSessionId);
+ CmsSessionImpl cmsSession = CmsAuthUtils.cmsSessionFromHttpSession(bc, httpSessionId);
if (cmsSession != null) {
authorization = cmsSession.getAuthorization();
locale = cmsSession.getLocale();
} else {
if (log.isTraceEnabled())
log.trace("HTTP login: " + true);
+ request.setAttribute(HttpContext.AUTHORIZATION, authorization);
return true;
}
}
return true;
}
- private void extractHttpAuth(final HttpServletRequest httpRequest) {
+ private void extractHttpAuth(final HttpRequest httpRequest) {
String authHeader = httpRequest.getHeader(CmsAuthUtils.HEADER_AUTHORIZATION);
extractHttpAuth(authHeader);
}
sharedState.put(CmsAuthUtils.SHARED_STATE_NAME, login);
sharedState.put(CmsAuthUtils.SHARED_STATE_PWD, password);
} else {
- throw new CmsException("Invalid authentication token");
+ throw new IllegalStateException("Invalid authentication token");
}
} catch (Exception e) {
- throw new CmsException("Couldn't retrieve authentication", e);
+ throw new IllegalStateException("Couldn't retrieve authentication", e);
}
} else if (basic.equalsIgnoreCase("Negotiate")) {
String spnegoToken = st.nextToken();
// }
}
- private void extractClientCertificate(HttpServletRequest req) {
+ private void extractClientCertificate(HttpRequest req) {
X509Certificate[] certs = (X509Certificate[]) req.getAttribute("javax.servlet.request.X509Certificate");
if (null != certs && certs.length > 0) {// Servlet container verified the client certificate
String certDn = certs[0].getSubjectX500Principal().getName();