Update license headers

[lgpl/argeo-commons.git] / security / plugins / org.argeo.security.ui.rap / src / main / java / org / argeo / security / ui / rap / SecureEntryPoint.java

diff --git a/security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/SecureEntryPoint.java b/security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/SecureEntryPoint.java
index e2febf0aeb9033ce74f09b33e8f1f1cf53cd8e6d..10dced4b3e44be80502c4750277988b424025a23 100644 (file)
--- a/security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/SecureEntryPoint.java
+++ b/security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/SecureEntryPoint.java
@@ -1,9 +1,26 @@
+/*
+ * Copyright (C) 2007-2012 Mathieu Baudier
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package org.argeo.security.ui.rap;
 
 import java.security.PrivilegedAction;
 
 import javax.security.auth.Subject;
 import javax.security.auth.login.LoginException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
@@ -16,6 +33,8 @@ import org.eclipse.rwt.lifecycle.IEntryPoint;
 import org.eclipse.swt.widgets.Display;
 import org.eclipse.ui.PlatformUI;
 import org.springframework.security.BadCredentialsException;
+import org.springframework.security.context.SecurityContext;
+import org.springframework.security.context.SecurityContextHolder;
 
 /**
  * RAP entry point with login capabilities. Once the user has been
@@ -25,6 +44,12 @@ import org.springframework.security.BadCredentialsException;
 public class SecureEntryPoint implements IEntryPoint {
        private final static Log log = LogFactory.getLog(SecureEntryPoint.class);
 
+       /**
+        * From org.springframework.security.context.
+        * HttpSessionContextIntegrationFilter
+        */
+       protected static final String SPRING_SECURITY_CONTEXT_KEY = "SPRING_SECURITY_CONTEXT";
+
        /**
         * How many seconds to wait before invalidating the session if the user has
         * not yet logged in.
@@ -34,15 +59,29 @@ public class SecureEntryPoint implements IEntryPoint {
        /** Default session timeout is 8 hours (European working day length) */
        private Integer sessionTimeout = 8 * 60 * 60;
 
+       /** Override to provide an application specific workbench advisor */
+       protected RapWorkbenchAdvisor createRapWorkbenchAdvisor(String username) {
+               return new RapWorkbenchAdvisor(username);
+       }
+
        @Override
-       public int createUI() {
+       public final int createUI() {
                // Short login timeout so that the modal dialog login doesn't hang
                // around too long
                RWT.getRequest().getSession().setMaxInactiveInterval(loginTimeout);
 
+               HttpServletRequest httpRequest = RWT.getRequest();
+               HttpSession httpSession = httpRequest.getSession();
+               Object contextFromSessionObject = httpSession
+                               .getAttribute(SPRING_SECURITY_CONTEXT_KEY);
+               if (contextFromSessionObject != null)
+                       SecurityContextHolder
+                                       .setContext((SecurityContext) contextFromSessionObject);
+
                if (log.isDebugEnabled())
                        log.debug("THREAD=" + Thread.currentThread().getId()
-                                       + ", sessionStore=" + RWT.getSessionStore().getId());
+                                       + ", sessionStore=" + RWT.getSessionStore().getId()
+                                       + ", remote user=" + httpRequest.getRemoteUser());
 
                // create display
                final Display display = PlatformUI.createDisplay();
@@ -55,6 +94,17 @@ public class SecureEntryPoint implements IEntryPoint {
                        try {
                                loginContext.login();
                                subject = loginContext.getSubject();
+
+                               if (httpSession.getAttribute(SPRING_SECURITY_CONTEXT_KEY) == null)
+                                       httpSession.setAttribute(SPRING_SECURITY_CONTEXT_KEY,
+                                                       SecurityContextHolder.getContext());
+
+                               // Once the user is logged in, she can have a longer session
+                               // timeout
+                               RWT.getRequest().getSession()
+                                               .setMaxInactiveInterval(sessionTimeout);
+                               if (log.isDebugEnabled())
+                                       log.debug("Authenticated " + subject);
                        } catch (LoginException e) {
                                BadCredentialsException bce = wasCausedByBadCredentials(e);
                                if (bce != null) {
@@ -67,11 +117,6 @@ public class SecureEntryPoint implements IEntryPoint {
                        }
                }
 
-               // Once the user is logged in, she can have a longer session timeout
-               RWT.getRequest().getSession().setMaxInactiveInterval(sessionTimeout);
-               if (log.isDebugEnabled())
-                       log.debug("Authenticated " + subject);
-
                final String username = subject.getPrincipals().iterator().next()
                                .getName();
                // Logout callback when the display is disposed
@@ -89,8 +134,7 @@ public class SecureEntryPoint implements IEntryPoint {
                try {
                        returnCode = Subject.doAs(subject, new PrivilegedAction<Integer>() {
                                public Integer run() {
-                                       RapWorkbenchAdvisor workbenchAdvisor = new RapWorkbenchAdvisor(
-                                                       username);
+                                       RapWorkbenchAdvisor workbenchAdvisor = createRapWorkbenchAdvisor(username);
                                        int result = PlatformUI.createAndRunWorkbench(display,
                                                        workbenchAdvisor);
                                        return new Integer(result);