import java.io.IOException;
import java.net.URL;
-import java.security.PrivilegedAction;
import java.util.Map;
-import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.servlet.http.HttpServletRequest;
lc = CmsAuth.USER.newLoginContext(new RemoteAuthCallbackHandler(remoteAuthRequest, remoteAuthResponse));
lc.login();
} catch (LoginException e) {
- // FIXME better analyse failure so as not to try endlessly
if (authIsRequired(remoteAuthRequest, remoteAuthResponse)) {
- int statusCode = RemoteAuthUtils.askForWwwAuth(remoteAuthResponse, httpAuthRealm, forceBasic);
+ int statusCode = RemoteAuthUtils.askForWwwAuth(remoteAuthRequest,
+ remoteAuthResponse, httpAuthRealm,
+ forceBasic);
response.setStatus(statusCode);
return false;
Thread.currentThread().setContextClassLoader(currentThreadContextClassLoader);
}
- Subject subject = lc.getSubject();
- Subject.doAs(subject, new PrivilegedAction<Void>() {
-
- @Override
- public Void run() {
- // TODO also set login context in order to log out ?
- RemoteAuthUtils.configureRequestSecurity(remoteAuthRequest);
- return null;
- }
-
- });
+// Subject subject = lc.getSubject();
+// Subject.doAs(subject, new PrivilegedAction<Void>() {
+//
+// @Override
+// public Void run() {
+// // TODO also set login context in order to log out ?
+// RemoteAuthUtils.configureRequestSecurity(remoteAuthRequest);
+// return null;
+// }
+//
+// });
return true;
}
- @Override
- public void finishSecurity(HttpServletRequest request, HttpServletResponse response) {
- RemoteAuthUtils.clearRequestSecurity(new ServletHttpRequest(request));
- }
+// @Override
+// public void finishSecurity(HttpServletRequest request, HttpServletResponse response) {
+// RemoteAuthUtils.clearRequestSecurity(new ServletHttpRequest(request));
+// }
protected boolean authIsRequired(RemoteAuthRequest remoteAuthRequest, RemoteAuthResponse remoteAuthResponse) {
return false;