X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FCmsAuthUtils.java;h=461080295ccc4d298228069ae3bbcf1f8e5df32d;hb=a547404b8d6e7943f912a3bb9c2b65caea5b5bfe;hp=760544b8189f38b57154976726f034cc51619af4;hpb=76a7e65ffa515c0dbd7a5587b29ffc9bba449542;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java b/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java
index 760544b81..461080295 100644
--- a/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java
@@ -3,6 +3,7 @@ package org.argeo.cms.auth;
 import java.security.Principal;
 import java.util.Collection;
 import java.util.Set;
+import java.util.UUID;
 
 import javax.naming.InvalidNameException;
 import javax.naming.ldap.LdapName;
@@ -17,8 +18,9 @@ import org.apache.commons.logging.LogFactory;
 //import org.apache.jackrabbit.core.security.SecurityConstants;
 //import org.apache.jackrabbit.core.security.principal.AdminPrincipal;
 import org.argeo.cms.CmsException;
+import org.argeo.cms.internal.auth.CmsSessionImpl;
 import org.argeo.cms.internal.auth.ImpliedByPrincipal;
-import org.argeo.cms.internal.kernel.WebCmsSessionImpl;
+import org.argeo.cms.internal.http.WebCmsSessionImpl;
 import org.argeo.node.security.AnonymousPrincipal;
 import org.argeo.node.security.DataAdminPrincipal;
 import org.argeo.node.security.NodeSecurityUtils;
@@ -32,15 +34,21 @@ class CmsAuthUtils {
 	private final static Log log = LogFactory.getLog(CmsAuthUtils.class);
 
 	/** Shared HTTP request */
-	static final String SHARED_STATE_HTTP_REQUEST = "org.argeo.cms.auth.http.request";
+	final static String SHARED_STATE_HTTP_REQUEST = "org.argeo.cms.auth.http.request";
 	/** From org.osgi.service.http.HttpContext */
-	static final String SHARED_STATE_AUTHORIZATION = "org.osgi.service.useradmin.authorization";
+	final static String SHARED_STATE_AUTHORIZATION = "org.osgi.service.useradmin.authorization";
 	/** From com.sun.security.auth.module.*LoginModule */
-	static final String SHARED_STATE_NAME = "javax.security.auth.login.name";
+	final static String SHARED_STATE_NAME = "javax.security.auth.login.name";
 	/** From com.sun.security.auth.module.*LoginModule */
-	static final String SHARED_STATE_PWD = "javax.security.auth.login.password";
+	final static String SHARED_STATE_PWD = "javax.security.auth.login.password";
 
-	static void addAuthentication(Subject subject, Authorization authorization) {
+	final static String SHARED_STATE_SPNEGO_TOKEN = "org.argeo.cms.auth.spnegoToken";
+	final static String SHARED_STATE_SPNEGO_OUT_TOKEN = "org.argeo.cms.auth.spnegoOutToken";
+
+	final static String HEADER_AUTHORIZATION = "Authorization";
+	final static String HEADER_WWW_AUTHENTICATE = "WWW-Authenticate";
+
+	static void addAuthorization(Subject subject, Authorization authorization, HttpServletRequest request) {
 		assert subject != null;
 		checkSubjectEmpty(subject);
 		assert authorization != null;
@@ -84,6 +92,8 @@ class CmsAuthUtils {
 		} catch (InvalidNameException e) {
 			throw new CmsException("Cannot commit", e);
 		}
+
+		registerSessionAuthorization(request, subject, authorization);
 	}
 
 	private static void checkSubjectEmpty(Subject subject) {
@@ -113,85 +123,72 @@ class CmsAuthUtils {
 	// public static final String SHARED_STATE_PASSWORD =
 	// "javax.security.auth.login.password";
 
-	static void registerSessionAuthorization(BundleContext bc, HttpServletRequest request, Subject subject,
+	private static void registerSessionAuthorization(HttpServletRequest request, Subject subject,
 			Authorization authorization) {
-		String httpSessId = request.getSession().getId();
-		if (authorization.getName() != null) {
-			request.setAttribute(HttpContext.REMOTE_USER, authorization.getName());
-			request.setAttribute(HttpContext.AUTHORIZATION, authorization);
-
+		if (request != null) {
 			HttpSession httpSession = request.getSession();
-			if (httpSession.getAttribute(HttpContext.AUTHORIZATION) == null) {
-
-				Collection<ServiceReference<WebCmsSession>> sr;
-				try {
-					sr = bc.getServiceReferences(WebCmsSession.class,
-							"(" + WebCmsSession.CMS_SESSION_ID + "=" + httpSessId + ")");
-				} catch (InvalidSyntaxException e) {
-					throw new CmsException("Cannot get CMS session for id " + httpSessId, e);
+			String httpSessId = httpSession.getId();
+			if (authorization.getName() != null) {
+				request.setAttribute(HttpContext.REMOTE_USER, authorization.getName());
+				request.setAttribute(HttpContext.AUTHORIZATION, authorization);
+
+				CmsSession cmsSession = CmsSessionImpl.getByLocalId(httpSessId);
+				if (cmsSession == null)
+					cmsSession = new WebCmsSessionImpl(subject, authorization, httpSessId);
+				request.setAttribute(CmsSession.class.getName(), cmsSession);
+				CmsSessionId nodeSessionId = new CmsSessionId(cmsSession.getUuid());
+				if (subject.getPrivateCredentials(CmsSessionId.class).size() == 0)
+					subject.getPrivateCredentials().add(nodeSessionId);
+				else {
+					UUID storedSessionId = subject.getPrivateCredentials(CmsSessionId.class).iterator().next()
+							.getUuid();
+					// if (storedSessionId.equals(httpSessionId.getValue()))
+					throw new CmsException(
+							"Subject already logged with session " + storedSessionId + " (not " + nodeSessionId + ")");
 				}
-				ServiceReference<WebCmsSession> cmsSessionRef;
-				if (sr.size() == 1) {
-					cmsSessionRef = sr.iterator().next();
-				} else if (sr.size() == 0) {
-					WebCmsSessionImpl cmsSessionImpl = new WebCmsSessionImpl(httpSessId, authorization);
-					cmsSessionRef = cmsSessionImpl.getServiceRegistration().getReference();
-					if (log.isDebugEnabled())
-						log.debug("Initialized " + cmsSessionImpl + " for " + authorization.getName());
-				} else
-					throw new CmsException(sr.size() + " CMS sessions registered for " + httpSessId);
-
-				WebCmsSessionImpl cmsSession = (WebCmsSessionImpl) bc.getService(cmsSessionRef);
-				cmsSession.addHttpSession(request);
-				if (log.isTraceEnabled())
-					log.trace("Added " + request.getServletPath() + " to " + cmsSession + " (" + request.getRequestURI()
-							+ ")");
-				// httpSession.setAttribute(HttpContext.REMOTE_USER,
-				// authorization.getName());
-				// httpSession.setAttribute(HttpContext.AUTHORIZATION,
-				// authorization);
 			}
-		}
-		HttpSessionId httpSessionId = new HttpSessionId(httpSessId);
-		if (subject.getPrivateCredentials(HttpSessionId.class).size() == 0)
-			subject.getPrivateCredentials().add(httpSessionId);
-		else {
-			String storedSessionId = subject.getPrivateCredentials(HttpSessionId.class).iterator().next().getValue();
-			// if (storedSessionId.equals(httpSessionId.getValue()))
-			throw new CmsException(
-					"Subject already logged with session " + storedSessionId + " (not " + httpSessionId + ")");
+		} else {
+			// TODO desktop, CLI
 		}
 	}
 
 	static boolean logoutSession(BundleContext bc, Subject subject) {
-		String httpSessionId;
-		if (subject.getPrivateCredentials(HttpSessionId.class).size() == 1)
-			httpSessionId = subject.getPrivateCredentials(HttpSessionId.class).iterator().next().getValue();
+		UUID nodeSessionId;
+		if (subject.getPrivateCredentials(CmsSessionId.class).size() == 1)
+			nodeSessionId = subject.getPrivateCredentials(CmsSessionId.class).iterator().next().getUuid();
 		else
 			return false;
-		Collection<ServiceReference<WebCmsSession>> srs;
+		Collection<ServiceReference<CmsSession>> srs;
 		try {
-			srs = bc.getServiceReferences(WebCmsSession.class,
-					"(" + WebCmsSession.CMS_SESSION_ID + "=" + httpSessionId + ")");
+			srs = bc.getServiceReferences(CmsSession.class, "(" + CmsSession.SESSION_UUID + "=" + nodeSessionId + ")");
 		} catch (InvalidSyntaxException e) {
-			throw new CmsException("Cannot retrieve CMS session #" + httpSessionId, e);
+			throw new CmsException("Cannot retrieve CMS session #" + nodeSessionId, e);
 		}
 
 		if (srs.size() == 0) {
 			if (log.isTraceEnabled())
-				log.warn("No CMS web session found for http session " + httpSessionId);
+				log.warn("No CMS web session found for http session " + nodeSessionId);
 			return false;
 		} else if (srs.size() > 1)
-			throw new CmsException(srs.size() + " CMS web sessions found for http session " + httpSessionId);
+			throw new CmsException(srs.size() + " CMS web sessions found for http session " + nodeSessionId);
 
 		WebCmsSessionImpl cmsSession = (WebCmsSessionImpl) bc.getService(srs.iterator().next());
 		cmsSession.cleanUp();
-		subject.getPrivateCredentials().removeAll(subject.getPrivateCredentials(HttpSessionId.class));
+		subject.getPrivateCredentials().removeAll(subject.getPrivateCredentials(CmsSessionId.class));
 		if (log.isDebugEnabled())
 			log.debug("Cleaned up " + cmsSession);
 		return true;
 	}
 
+	public static <T extends Principal> T getSinglePrincipal(Subject subject, Class<T> clss) {
+		Set<T> principals = subject.getPrincipals(clss);
+		if (principals.isEmpty())
+			return null;
+		if (principals.size() > 1)
+			throw new IllegalStateException("Only one " + clss + " principal expected in " + subject);
+		return principals.iterator().next();
+	}
+
 	private CmsAuthUtils() {
 
 	}