projects / lgpl / argeo-commons.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Work on servlet securitxy integration.
[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / auth / HttpSessionLoginModule.java
diff --git a/org.argeo.cms/src/org/argeo/cms/auth/HttpSessionLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/HttpSessionLoginModule.java
index 91a01574e18f499b6da627619576f88bf3a1d0ea..acc0ba4e8ff58ee0a4fc437e24065bc5ab5873fc 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/auth/HttpSessionLoginModule.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/HttpSessionLoginModule.java
@@ -26,6 +26,7 @@ import org.osgi.framework.FrameworkUtil;
 import org.osgi.service.http.HttpContext;
 import org.osgi.service.useradmin.Authorization;
 
+/** Use the HTTP session as the basis for authentication. */
 public class HttpSessionLoginModule implements LoginModule {
        private final static Log log = LogFactory.getLog(HttpSessionLoginModule.class);
 
@@ -83,11 +84,6 @@ public class HttpSessionLoginModule implements LoginModule {
                } else {
                        authorization = (Authorization) request.getAttribute(HttpContext.AUTHORIZATION);
                        if (authorization == null) {// search by session ID
-                               // TODO implement ident
-//                             IdentClient identClient = new IdentClient(request.getRemoteAddr(), "changeit");
-//                             String identUsername = identClient.getUsername(request.getLocalPort(), request.getRemotePort());
-//                             log.debug("Ident username: " + identUsername);
-
                                HttpSession httpSession = request.getSession(false);
                                if (httpSession == null) {
                                        // TODO make sure this is always safe
@@ -117,6 +113,7 @@ public class HttpSessionLoginModule implements LoginModule {
                } else {
                        if (log.isTraceEnabled())
                                log.trace("HTTP login: " + true);
+                       request.setAttribute(HttpContext.AUTHORIZATION, authorization);
                        return true;
                }
        }
Argeo Commons - Lightweight integration framework in pure Java/OSGi