X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=eclipse%2Forg.argeo.cms.servlet%2Fsrc%2Forg%2Fargeo%2Fcms%2Fservlet%2FCmsServletContext.java;h=9cb48b212d38b5db6054c6fefac76dc00a9a00e3;hb=36c0ba6709ae9a3974c1d1dce01ebe47c5aec24e;hp=1ae6286ac2a4e38eb6c37bf4269c187a1d89a419;hpb=8282011b0e20e80704b209ad55fa9fb132e16280;p=lgpl%2Fargeo-commons.git

diff --git a/eclipse/org.argeo.cms.servlet/src/org/argeo/cms/servlet/CmsServletContext.java b/eclipse/org.argeo.cms.servlet/src/org/argeo/cms/servlet/CmsServletContext.java
index 1ae6286ac..9cb48b212 100644
--- a/eclipse/org.argeo.cms.servlet/src/org/argeo/cms/servlet/CmsServletContext.java
+++ b/eclipse/org.argeo.cms.servlet/src/org/argeo/cms/servlet/CmsServletContext.java
@@ -41,6 +41,8 @@ public class CmsServletContext extends ServletContextHelper {
 	public boolean handleSecurity(HttpServletRequest request, HttpServletResponse response) throws IOException {
 		if (log.isTraceEnabled())
 			HttpUtils.logRequestHeaders(log, request);
+		ClassLoader currentThreadContextClassLoader = Thread.currentThread().getContextClassLoader();
+		Thread.currentThread().setContextClassLoader(CmsServletContext.class.getClassLoader());
 		LoginContext lc;
 		try {
 			lc = CmsAuth.USER.newLoginContext(
@@ -52,6 +54,8 @@ public class CmsServletContext extends ServletContextHelper {
 				HttpUtils.logResponseHeaders(log, response);
 			if (lc == null)
 				return false;
+		} finally {
+			Thread.currentThread().setContextClassLoader(currentThreadContextClassLoader);
 		}
 
 		Subject subject = lc.getSubject();
@@ -76,8 +80,10 @@ public class CmsServletContext extends ServletContextHelper {
 
 	protected LoginContext processUnauthorized(HttpServletRequest request, HttpServletResponse response) {
 		// anonymous
+		ClassLoader currentContextClassLoader = Thread.currentThread().getContextClassLoader();
 		try {
-			LoginContext lc = new LoginContext(CmsAuth.LOGIN_CONTEXT_ANONYMOUS,
+			Thread.currentThread().setContextClassLoader(CmsServletContext.class.getClassLoader());
+			LoginContext lc = CmsAuth.ANONYMOUS.newLoginContext(
 					new RemoteAuthCallbackHandler(new ServletHttpRequest(request), new ServletHttpResponse(response)));
 			lc.login();
 			return lc;
@@ -85,6 +91,8 @@ public class CmsServletContext extends ServletContextHelper {
 			if (log.isDebugEnabled())
 				log.error("Cannot log in as anonymous", e1);
 			return null;
+		} finally {
+			Thread.currentThread().setContextClassLoader(currentContextClassLoader);
 		}
 	}