Major refactoring of Argeo CMS UI

[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / auth / HttpSessionLoginModule.java

diff --git a/org.argeo.cms/src/org/argeo/cms/auth/HttpSessionLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/HttpSessionLoginModule.java
index f42e79c98980d185e469329aedc8810b6775aa3d..c2dfead780ac8c9d71e2bbc932eafad00c15321e 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/auth/HttpSessionLoginModule.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/HttpSessionLoginModule.java
@@ -19,13 +19,14 @@ import javax.servlet.http.HttpSession;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.argeo.cms.CmsException;
+import org.argeo.cms.internal.auth.CmsSessionImpl;
 import org.argeo.cms.internal.kernel.Activator;
 import org.osgi.framework.BundleContext;
 import org.osgi.framework.FrameworkUtil;
 import org.osgi.service.http.HttpContext;
 import org.osgi.service.useradmin.Authorization;
 
+/** Use the HTTP session as the basis for authentication. */
 public class HttpSessionLoginModule implements LoginModule {
        private final static Log log = LogFactory.getLog(HttpSessionLoginModule.class);
 
@@ -73,7 +74,7 @@ public class HttpSessionLoginModule implements LoginModule {
                        String httpSessionId = httpSession.getId();
                        if (log.isTraceEnabled())
                                log.trace("HTTP login: " + request.getPathInfo() + " #" + httpSessionId);
-                       CmsSession cmsSession = CmsAuthUtils.cmsSessionFromHttpSession(bc, httpSessionId);
+                       CmsSessionImpl cmsSession = CmsAuthUtils.cmsSessionFromHttpSession(bc, httpSessionId);
                        if (cmsSession != null) {
                                authorization = cmsSession.getAuthorization();
                                locale = cmsSession.getLocale();
@@ -93,7 +94,7 @@ public class HttpSessionLoginModule implements LoginModule {
                                String httpSessionId = httpSession.getId();
                                if (log.isTraceEnabled())
                                        log.trace("HTTP login: " + request.getPathInfo() + " #" + httpSessionId);
-                               CmsSession cmsSession = CmsAuthUtils.cmsSessionFromHttpSession(bc, httpSessionId);
+                               CmsSessionImpl cmsSession = CmsAuthUtils.cmsSessionFromHttpSession(bc, httpSessionId);
                                if (cmsSession != null) {
                                        authorization = cmsSession.getAuthorization();
                                        locale = cmsSession.getLocale();
@@ -112,6 +113,7 @@ public class HttpSessionLoginModule implements LoginModule {
                } else {
                        if (log.isTraceEnabled())
                                log.trace("HTTP login: " + true);
+                       request.setAttribute(HttpContext.AUTHORIZATION, authorization);
                        return true;
                }
        }
@@ -180,10 +182,10 @@ public class HttpSessionLoginModule implements LoginModule {
                                                        sharedState.put(CmsAuthUtils.SHARED_STATE_NAME, login);
                                                        sharedState.put(CmsAuthUtils.SHARED_STATE_PWD, password);
                                                } else {
-                                                       throw new CmsException("Invalid authentication token");
+                                                       throw new IllegalStateException("Invalid authentication token");
                                                }
                                        } catch (Exception e) {
-                                               throw new CmsException("Couldn't retrieve authentication", e);
+                                               throw new IllegalStateException("Couldn't retrieve authentication", e);
                                        }
                                } else if (basic.equalsIgnoreCase("Negotiate")) {
                                        String spnegoToken = st.nextToken();