X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FCmsAuthUtils.java;h=33a8dc62eb4a4979299bbadf501ac7cc0002f4d8;hb=b45e59192a4bb34a6b38a9bfa416b3dc3f6b7892;hp=4d59c5263a76afe974b600244c8ad6b848c98243;hpb=44728c14306ddf25bb5225496de5f44345fab85d;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java b/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java
index 4d59c5263..33a8dc62e 100644
--- a/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java
@@ -118,19 +118,19 @@ class CmsAuthUtils {
 	private static void registerSessionAuthorization(HttpServletRequest request, Subject subject,
 			Authorization authorization) {
 		if (request != null) {
-			HttpSession httpSession = request.getSession();
+			HttpSession httpSession = request.getSession(false);
 			String httpSessId = httpSession.getId();
 			String remoteUser = authorization.getName() != null ? authorization.getName()
 					: NodeConstants.ROLE_ANONYMOUS;
 			request.setAttribute(HttpContext.REMOTE_USER, remoteUser);
 			request.setAttribute(HttpContext.AUTHORIZATION, authorization);
 
-			CmsSession cmsSession = CmsSessionImpl.getByLocalId(httpSessId);
+			CmsSessionImpl cmsSession = (CmsSessionImpl) CmsSessionImpl.getByLocalId(httpSessId);
 			if (cmsSession != null) {
 				if (authorization.getName() != null) {
 					if (cmsSession.getAuthorization().getName() == null) {
 						// FIXME make it more generic
-						((WebCmsSessionImpl) cmsSession).cleanUp();
+						cmsSession.close();
 						cmsSession = null;
 					} else if (!authorization.getName().equals(cmsSession.getAuthorization().getName())) {
 						throw new CmsException("Inconsistent user " + authorization.getName()
@@ -139,14 +139,14 @@ class CmsAuthUtils {
 				} else {// anonymous
 					if (cmsSession.getAuthorization().getName() != null) {
 						// FIXME make it more generic
-						((WebCmsSessionImpl) cmsSession).cleanUp();
+						cmsSession.close();
 						cmsSession = null;
 					}
 				}
 			}
 
 			if (cmsSession == null)
-				cmsSession = new WebCmsSessionImpl(subject, authorization, httpSessId);
+				cmsSession = new WebCmsSessionImpl(subject, authorization, request);
 			// request.setAttribute(CmsSession.class.getName(), cmsSession);
 			CmsSessionId nodeSessionId = new CmsSessionId(cmsSession.getUuid());
 			if (subject.getPrivateCredentials(CmsSessionId.class).size() == 0)