X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2FAbstractCmsEntryPoint.java;h=6e30d8e31d7b16b3b9cf4938faf954e0721839b5;hb=97c5b44699e82757f57ad19b74f9d9d362aee2d0;hp=02e08f2af94c32d6561b94f0945a61513b1600ae;hpb=b4b26424230c0ef25a65bc3de51c30e16ae868aa;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/AbstractCmsEntryPoint.java b/org.argeo.cms/src/org/argeo/cms/AbstractCmsEntryPoint.java index 02e08f2af..6e30d8e31 100644 --- a/org.argeo.cms/src/org/argeo/cms/AbstractCmsEntryPoint.java +++ b/org.argeo.cms/src/org/argeo/cms/AbstractCmsEntryPoint.java @@ -1,5 +1,7 @@ package org.argeo.cms; +import java.security.AccessControlContext; +import java.security.PrivilegedAction; import java.util.HashMap; import java.util.Locale; import java.util.Map; @@ -13,6 +15,8 @@ import javax.jcr.Session; import javax.jcr.nodetype.NodeType; import javax.security.auth.Subject; import javax.security.auth.login.LoginException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpSession; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -37,7 +41,7 @@ public abstract class AbstractCmsEntryPoint extends AbstractEntryPoint implements CmsSession { private final Log log = LogFactory.getLog(AbstractCmsEntryPoint.class); - private final Subject subject = new Subject(); + private final Subject subject; private final Repository repository; private final String workspace; @@ -62,13 +66,23 @@ public abstract class AbstractCmsEntryPoint extends AbstractEntryPoint this.defaultPath = defaultPath; this.factoryProperties = new HashMap(factoryProperties); + // load context from session + HttpServletRequest httpRequest = RWT.getRequest(); + final HttpSession httpSession = httpRequest.getSession(); + AccessControlContext acc = (AccessControlContext) httpSession + .getAttribute(KernelHeader.ACCESS_CONTROL_CONTEXT); + if (acc != null) + subject = Subject.getSubject(acc); + else + subject = new Subject(); + // Initial login try { new ArgeoLoginContext(KernelHeader.LOGIN_CONTEXT_USER, subject) .login(); } catch (LoginException e) { - if (log.isTraceEnabled()) - log.trace("Cannot authenticate user", e); + // if (log.isTraceEnabled()) + // log.trace("Cannot authenticate user", e); try { new ArgeoLoginContext(KernelHeader.LOGIN_CONTEXT_ANONYMOUS, subject).login(); @@ -103,14 +117,20 @@ public abstract class AbstractCmsEntryPoint extends AbstractEntryPoint } @Override - protected final void createContents(Composite parent) { - try { - getShell().getDisplay().setData(CmsSession.KEY, this); - - createUi(parent); - } catch (Exception e) { - throw new CmsException("Cannot create entrypoint contents", e); - } + protected final void createContents(final Composite parent) { + getShell().getDisplay().setData(CmsSession.KEY, this); + Subject.doAs(subject, new PrivilegedAction() { + @Override + public Void run() { + try { + createUi(parent); + } catch (Exception e) { + throw new CmsException("Cannot create entrypoint contents", + e); + } + return null; + } + }); } /** Create UI */ @@ -140,7 +160,7 @@ public abstract class AbstractCmsEntryPoint extends AbstractEntryPoint public void navigateTo(String state) { exception = null; String title = setState(state); - refresh(); + doRefresh(); if (browserNavigation != null) browserNavigation.pushState(state, title); } @@ -152,48 +172,66 @@ public abstract class AbstractCmsEntryPoint extends AbstractEntryPoint @Override public void authChange() { - try { - String currentPath = null; - if (node != null) - currentPath = node.getPath(); - JcrUtils.logoutQuietly(session); + Subject.doAs(subject, new PrivilegedAction() { - session = repository.login(workspace); - if (currentPath != null) + @Override + public Void run() { try { - node = session.getNode(currentPath); - } catch (Exception e) { - try { - // TODO find a less hacky way to log out - new ArgeoLoginContext( - KernelHeader.LOGIN_CONTEXT_ANONYMOUS, subject) - .logout(); - new ArgeoLoginContext( - KernelHeader.LOGIN_CONTEXT_ANONYMOUS, subject) - .login(); - } catch (LoginException eAnonymous) { - throw new ArgeoException("Cannot reset to anonymous", - eAnonymous); - } + String currentPath = null; + if (node != null) + currentPath = node.getPath(); JcrUtils.logoutQuietly(session); + session = repository.login(workspace); - navigateTo("~"); - throw e; + if (currentPath != null) + try { + node = session.getNode(currentPath); + } catch (Exception e) { + try { + // TODO find a less hacky way to log out + new ArgeoLoginContext( + KernelHeader.LOGIN_CONTEXT_ANONYMOUS, + subject).logout(); + new ArgeoLoginContext( + KernelHeader.LOGIN_CONTEXT_ANONYMOUS, + subject).login(); + } catch (LoginException eAnonymous) { + throw new ArgeoException( + "Cannot reset to anonymous", eAnonymous); + } + JcrUtils.logoutQuietly(session); + session = repository.login(workspace); + navigateTo("~"); + throw e; + } + + // refresh UI + doRefresh(); + } catch (RepositoryException e) { + throw new CmsException("Cannot perform auth change", e); } + return null; + } - // refresh UI - refresh(); - } catch (RepositoryException e) { - throw new CmsException("Cannot perform auth change", e); - } + }); } @Override - public void exception(Throwable e) { - this.exception = e; + public void exception(final Throwable e) { + AbstractCmsEntryPoint.this.exception = e; log.error("Unexpected exception in CMS", e); - refresh(); + doRefresh(); + } + + protected void doRefresh() { + Subject.doAs(subject, new PrivilegedAction() { + @Override + public Void run() { + refresh(); + return null; + } + }); } @Override