Massive package refactoring

[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / auth / RemoteSessionLoginModule.java
diff --git a/org.argeo.cms/src/org/argeo/cms/auth/RemoteSessionLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/RemoteSessionLoginModule.java

index 6bf3fc985a8d1040edfbab0692a4a4e8cd991dae..987c3dd19dfeff760f579d27adf6f41558812a29 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/auth/RemoteSessionLoginModule.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/RemoteSessionLoginModule.java
@@ -16,13 +16,13 @@ import javax.security.auth.spi.LoginModule;
  
  import org.argeo.api.cms.CmsLog;
  import org.argeo.cms.CmsDeployProperty;
+import org.argeo.cms.http.HttpHeader;
  import org.argeo.cms.internal.auth.CmsSessionImpl;
  import org.argeo.cms.internal.runtime.CmsContextImpl;
  import org.argeo.cms.internal.runtime.CmsStateImpl;
-import org.argeo.util.http.HttpHeader;
  import org.osgi.service.useradmin.Authorization;
  
-/** Use the HTTP session as the basis for authentication. */
+/** Use a remote session as the basis for authentication. */
  public class RemoteSessionLoginModule implements LoginModule {
         private final static CmsLog log = CmsLog.getLog(RemoteSessionLoginModule.class);
  
@@ -64,8 +64,6 @@ public class RemoteSessionLoginModule implements LoginModule {
                                 return false;
                         // TODO factorize with below
                         String httpSessionId = httpSession.getId();
-//                     if (log.isTraceEnabled())
-//                             log.trace("HTTP login: " + request.getPathInfo() + " #" + httpSessionId);
                         CmsSessionImpl cmsSession = CmsContextImpl.getCmsContext().getCmsSessionByLocalId(httpSessionId);
                         if (cmsSession != null && !cmsSession.isAnonymous()) {
                                 authorization = cmsSession.getAuthorization();
@@ -77,16 +75,8 @@ public class RemoteSessionLoginModule implements LoginModule {
                         authorization = (Authorization) request.getAttribute(RemoteAuthRequest.AUTHORIZATION);
                         if (authorization == null) {// search by session ID
                                 RemoteAuthSession httpSession = request.getSession();
-//                             if (httpSession == null) {
-//                                     // TODO make sure this is always safe
-//                                     if (log.isTraceEnabled())
-//                                             log.trace("Create http session");
-//                                     httpSession = request.createSession();
-//                             }
                                 if (httpSession != null) {
                                         String httpSessionId = httpSession.getId();
-//                             if (log.isTraceEnabled())
-//                                     log.trace("HTTP login: " + request.getPathInfo() + " #" + httpSessionId);
                                         CmsSessionImpl cmsSession = CmsContextImpl.getCmsContext().getCmsSessionByLocalId(httpSessionId);
                                         if (cmsSession != null && !cmsSession.isAnonymous()) {
                                                 authorization = cmsSession.getAuthorization();
@@ -94,6 +84,8 @@ public class RemoteSessionLoginModule implements LoginModule {
                                                 if (log.isTraceEnabled())
                                                         log.trace("Retrieved authorization from " + cmsSession);
                                         }
+                               }else {
+                                       request.createSession();
                                 }
                         }
                         sharedState.put(CmsAuthUtils.SHARED_STATE_HTTP_REQUEST, request);
@@ -116,7 +108,7 @@ public class RemoteSessionLoginModule implements LoginModule {
         public boolean commit() throws LoginException {
                 byte[] outToken = (byte[]) sharedState.get(CmsAuthUtils.SHARED_STATE_SPNEGO_OUT_TOKEN);
                 if (outToken != null) {
-                       response.setHeader(HttpHeader.WWW_AUTHENTICATE.getName(),
+                       response.setHeader(HttpHeader.WWW_AUTHENTICATE.getHeaderName(),
                                         "Negotiate " + java.util.Base64.getEncoder().encodeToString(outToken));
                 }
  
@@ -154,7 +146,7 @@ public class RemoteSessionLoginModule implements LoginModule {
         }
  
         private void extractHttpAuth(final RemoteAuthRequest httpRequest) {
-               String authHeader = httpRequest.getHeader(HttpHeader.AUTHORIZATION.getName());
+               String authHeader = httpRequest.getHeader(HttpHeader.AUTHORIZATION.getHeaderName());
                 extractHttpAuth(authHeader);
         }
  
@@ -189,15 +181,6 @@ public class RemoteSessionLoginModule implements LoginModule {
                                 }
                         }
                 }
-
-               // auth token
-               // String mail = request.getParameter(LdapAttrs.mail.name());
-               // String authPassword = request.getParameter(LdapAttrs.authPassword.name());
-               // if (authPassword != null) {
-               // sharedState.put(CmsAuthUtils.SHARED_STATE_PWD, authPassword);
-               // if (mail != null)
-               // sharedState.put(CmsAuthUtils.SHARED_STATE_NAME, mail);
-               // }
         }
  
         private void extractClientCertificate(RemoteAuthRequest req) {