X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FCmsAuthUtils.java;h=289f8dcc65eabf2e101c0af6208bbb2ead05ff90;hb=98d5fd2b03d86c9e76d04187385c0fada262fca2;hp=9e00ed458ac0011480f034589e3297b8e89eb7c5;hpb=4e548693acc16f97b74eaaa95d6841054a172b85;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java b/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java index 9e00ed458..289f8dcc6 100644 --- a/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java +++ b/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java @@ -20,13 +20,14 @@ import javax.security.auth.x500.X500Principal; import org.argeo.api.cms.AnonymousPrincipal; import org.argeo.api.cms.CmsConstants; +import org.argeo.api.cms.CmsSession; import org.argeo.api.cms.CmsSessionId; import org.argeo.api.cms.DataAdminPrincipal; import org.argeo.cms.internal.auth.CmsSessionImpl; import org.argeo.cms.internal.auth.ImpliedByPrincipal; -import org.argeo.cms.internal.http.WebCmsSessionImpl; +import org.argeo.cms.internal.auth.RemoteCmsSessionImpl; import org.argeo.cms.internal.runtime.CmsContextImpl; -import org.argeo.osgi.useradmin.AuthenticatingUser; +import org.argeo.cms.osgi.useradmin.AuthenticatingUser; import org.osgi.service.useradmin.Authorization; /** Centralises security related registrations. */ @@ -34,8 +35,8 @@ class CmsAuthUtils { // Standard final static String SHARED_STATE_NAME = AuthenticatingUser.SHARED_STATE_NAME; final static String SHARED_STATE_PWD = AuthenticatingUser.SHARED_STATE_PWD; - final static String HEADER_AUTHORIZATION = "Authorization"; - final static String HEADER_WWW_AUTHENTICATE = "WWW-Authenticate"; +// final static String HEADER_AUTHORIZATION = "Authorization"; +// final static String HEADER_WWW_AUTHENTICATE = "WWW-Authenticate"; // Argeo specific final static String SHARED_STATE_HTTP_REQUEST = "org.argeo.cms.auth.http.request"; @@ -135,8 +136,7 @@ class CmsAuthUtils { // TODO move it to a service in order to avoid static synchronization if (request != null) { RemoteAuthSession httpSession = request.getSession(); - assert httpSession != null; - String httpSessId = httpSession.getId(); + String httpSessId = httpSession != null ? httpSession.getId() : null; boolean anonymous = authorization.getName() == null; String remoteUser = !anonymous ? authorization.getName() : CmsConstants.ROLE_ANONYMOUS; request.setAttribute(RemoteAuthRequest.REMOTE_USER, remoteUser); @@ -145,13 +145,13 @@ class CmsAuthUtils { CmsSessionImpl cmsSession; CmsSessionImpl currentLocalSession = CmsContextImpl.getCmsContext().getCmsSessionByLocalId(httpSessId); if (currentLocalSession != null) { - boolean currentLocalSessionAnonymous = currentLocalSession.getAuthorization().getName() == null; + boolean currentLocalSessionAnonymous = currentLocalSession.isAnonymous(); if (!anonymous) { if (currentLocalSessionAnonymous) { currentLocalSession.close(); // new CMS session UUID cmsSessionUuid = CmsContextImpl.getCmsContext().getUuidFactory().timeUUID(); - cmsSession = new WebCmsSessionImpl(cmsSessionUuid, subject, authorization, locale, request); + cmsSession = new RemoteCmsSessionImpl(cmsSessionUuid, subject, authorization, locale, request); CmsContextImpl.getCmsContext().registerCmsSession(cmsSession); } else if (!authorization.getName().equals(currentLocalSession.getAuthorization().getName())) { throw new IllegalStateException("Inconsistent user " + authorization.getName() @@ -176,7 +176,7 @@ class CmsAuthUtils { } else { // new CMS session UUID cmsSessionUuid = CmsContextImpl.getCmsContext().getUuidFactory().timeUUID(); - cmsSession = new WebCmsSessionImpl(cmsSessionUuid, subject, authorization, locale, request); + cmsSession = new RemoteCmsSessionImpl(cmsSessionUuid, subject, authorization, locale, request); CmsContextImpl.getCmsContext().registerCmsSession(cmsSession); } @@ -192,6 +192,7 @@ class CmsAuthUtils { throw new IllegalStateException( "Subject already logged with session " + storedSessionId + " (not " + nodeSessionId + ")"); } + request.setAttribute(CmsSession.class.getName(), cmsSession); } else { CmsSessionImpl cmsSession = CmsContextImpl.getCmsContext().getCmsSessionByLocalId(SINGLE_USER_LOCAL_ID); if (cmsSession == null) {