X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FCmsAuthUtils.java;h=289f8dcc65eabf2e101c0af6208bbb2ead05ff90;hb=54df376a9c2dd458a82eaa09bfbb718fe699dd0d;hp=6abaf71f262ac676d33efb5eff0968039c9378c1;hpb=0bd819f841b28c7eb869362e67cf424a9e99f862;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java b/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java
index 6abaf71f2..289f8dcc6 100644
--- a/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java
@@ -20,13 +20,14 @@ import javax.security.auth.x500.X500Principal;
 
 import org.argeo.api.cms.AnonymousPrincipal;
 import org.argeo.api.cms.CmsConstants;
+import org.argeo.api.cms.CmsSession;
 import org.argeo.api.cms.CmsSessionId;
 import org.argeo.api.cms.DataAdminPrincipal;
 import org.argeo.cms.internal.auth.CmsSessionImpl;
 import org.argeo.cms.internal.auth.ImpliedByPrincipal;
 import org.argeo.cms.internal.auth.RemoteCmsSessionImpl;
 import org.argeo.cms.internal.runtime.CmsContextImpl;
-import org.argeo.osgi.useradmin.AuthenticatingUser;
+import org.argeo.cms.osgi.useradmin.AuthenticatingUser;
 import org.osgi.service.useradmin.Authorization;
 
 /** Centralises security related registrations. */
@@ -135,8 +136,7 @@ class CmsAuthUtils {
 		// TODO move it to a service in order to avoid static synchronization
 		if (request != null) {
 			RemoteAuthSession httpSession = request.getSession();
-			assert httpSession != null;
-			String httpSessId = httpSession.getId();
+			String httpSessId = httpSession != null ? httpSession.getId() : null;
 			boolean anonymous = authorization.getName() == null;
 			String remoteUser = !anonymous ? authorization.getName() : CmsConstants.ROLE_ANONYMOUS;
 			request.setAttribute(RemoteAuthRequest.REMOTE_USER, remoteUser);
@@ -145,7 +145,7 @@ class CmsAuthUtils {
 			CmsSessionImpl cmsSession;
 			CmsSessionImpl currentLocalSession = CmsContextImpl.getCmsContext().getCmsSessionByLocalId(httpSessId);
 			if (currentLocalSession != null) {
-				boolean currentLocalSessionAnonymous = currentLocalSession.getAuthorization().getName() == null;
+				boolean currentLocalSessionAnonymous = currentLocalSession.isAnonymous();
 				if (!anonymous) {
 					if (currentLocalSessionAnonymous) {
 						currentLocalSession.close();
@@ -192,6 +192,7 @@ class CmsAuthUtils {
 					throw new IllegalStateException(
 							"Subject already logged with session " + storedSessionId + " (not " + nodeSessionId + ")");
 			}
+			request.setAttribute(CmsSession.class.getName(), cmsSession);
 		} else {
 			CmsSessionImpl cmsSession = CmsContextImpl.getCmsContext().getCmsSessionByLocalId(SINGLE_USER_LOCAL_ID);
 			if (cmsSession == null) {