X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FCmsAuthUtils.java;h=760544b8189f38b57154976726f034cc51619af4;hb=a847fccbcfed504b2526c137a46d1e0238c28cf5;hp=d8d7e87216cb971cbd28c968fd64de8539557e7c;hpb=a444205e81419d439635a9e0ff3382ae3f5d9947;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java b/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java index d8d7e8721..760544b81 100644 --- a/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java +++ b/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java @@ -1,24 +1,38 @@ package org.argeo.cms.auth; import java.security.Principal; +import java.util.Collection; import java.util.Set; import javax.naming.InvalidNameException; import javax.naming.ldap.LdapName; import javax.security.auth.Subject; import javax.security.auth.x500.X500Principal; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpSession; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; //import org.apache.jackrabbit.core.security.AnonymousPrincipal; //import org.apache.jackrabbit.core.security.SecurityConstants; //import org.apache.jackrabbit.core.security.principal.AdminPrincipal; import org.argeo.cms.CmsException; import org.argeo.cms.internal.auth.ImpliedByPrincipal; +import org.argeo.cms.internal.kernel.WebCmsSessionImpl; import org.argeo.node.security.AnonymousPrincipal; import org.argeo.node.security.DataAdminPrincipal; import org.argeo.node.security.NodeSecurityUtils; +import org.osgi.framework.BundleContext; +import org.osgi.framework.InvalidSyntaxException; +import org.osgi.framework.ServiceReference; +import org.osgi.service.http.HttpContext; import org.osgi.service.useradmin.Authorization; class CmsAuthUtils { + private final static Log log = LogFactory.getLog(CmsAuthUtils.class); + + /** Shared HTTP request */ + static final String SHARED_STATE_HTTP_REQUEST = "org.argeo.cms.auth.http.request"; /** From org.osgi.service.http.HttpContext */ static final String SHARED_STATE_AUTHORIZATION = "org.osgi.service.useradmin.authorization"; /** From com.sun.security.auth.module.*LoginModule */ @@ -62,9 +76,8 @@ class CmsAuthUtils { } else { NodeSecurityUtils.checkImpliedPrincipalName(roleName); principals.add(new ImpliedByPrincipal(roleName.toString(), userPrincipal)); - // if (roleName.equals(ROLE_ADMIN_NAME)) - // principals.add(new - // AdminPrincipal(SecurityConstants.ADMIN_ID)); + if (roleName.equals(NodeSecurityUtils.ROLE_ADMIN_NAME)) + principals.add(new DataAdminPrincipal()); } } @@ -100,7 +113,87 @@ class CmsAuthUtils { // public static final String SHARED_STATE_PASSWORD = // "javax.security.auth.login.password"; + static void registerSessionAuthorization(BundleContext bc, HttpServletRequest request, Subject subject, + Authorization authorization) { + String httpSessId = request.getSession().getId(); + if (authorization.getName() != null) { + request.setAttribute(HttpContext.REMOTE_USER, authorization.getName()); + request.setAttribute(HttpContext.AUTHORIZATION, authorization); + + HttpSession httpSession = request.getSession(); + if (httpSession.getAttribute(HttpContext.AUTHORIZATION) == null) { + + Collection> sr; + try { + sr = bc.getServiceReferences(WebCmsSession.class, + "(" + WebCmsSession.CMS_SESSION_ID + "=" + httpSessId + ")"); + } catch (InvalidSyntaxException e) { + throw new CmsException("Cannot get CMS session for id " + httpSessId, e); + } + ServiceReference cmsSessionRef; + if (sr.size() == 1) { + cmsSessionRef = sr.iterator().next(); + } else if (sr.size() == 0) { + WebCmsSessionImpl cmsSessionImpl = new WebCmsSessionImpl(httpSessId, authorization); + cmsSessionRef = cmsSessionImpl.getServiceRegistration().getReference(); + if (log.isDebugEnabled()) + log.debug("Initialized " + cmsSessionImpl + " for " + authorization.getName()); + } else + throw new CmsException(sr.size() + " CMS sessions registered for " + httpSessId); + + WebCmsSessionImpl cmsSession = (WebCmsSessionImpl) bc.getService(cmsSessionRef); + cmsSession.addHttpSession(request); + if (log.isTraceEnabled()) + log.trace("Added " + request.getServletPath() + " to " + cmsSession + " (" + request.getRequestURI() + + ")"); + // httpSession.setAttribute(HttpContext.REMOTE_USER, + // authorization.getName()); + // httpSession.setAttribute(HttpContext.AUTHORIZATION, + // authorization); + } + } + HttpSessionId httpSessionId = new HttpSessionId(httpSessId); + if (subject.getPrivateCredentials(HttpSessionId.class).size() == 0) + subject.getPrivateCredentials().add(httpSessionId); + else { + String storedSessionId = subject.getPrivateCredentials(HttpSessionId.class).iterator().next().getValue(); + // if (storedSessionId.equals(httpSessionId.getValue())) + throw new CmsException( + "Subject already logged with session " + storedSessionId + " (not " + httpSessionId + ")"); + } + } + + static boolean logoutSession(BundleContext bc, Subject subject) { + String httpSessionId; + if (subject.getPrivateCredentials(HttpSessionId.class).size() == 1) + httpSessionId = subject.getPrivateCredentials(HttpSessionId.class).iterator().next().getValue(); + else + return false; + Collection> srs; + try { + srs = bc.getServiceReferences(WebCmsSession.class, + "(" + WebCmsSession.CMS_SESSION_ID + "=" + httpSessionId + ")"); + } catch (InvalidSyntaxException e) { + throw new CmsException("Cannot retrieve CMS session #" + httpSessionId, e); + } + + if (srs.size() == 0) { + if (log.isTraceEnabled()) + log.warn("No CMS web session found for http session " + httpSessionId); + return false; + } else if (srs.size() > 1) + throw new CmsException(srs.size() + " CMS web sessions found for http session " + httpSessionId); + + WebCmsSessionImpl cmsSession = (WebCmsSessionImpl) bc.getService(srs.iterator().next()); + cmsSession.cleanUp(); + subject.getPrivateCredentials().removeAll(subject.getPrivateCredentials(HttpSessionId.class)); + if (log.isDebugEnabled()) + log.debug("Cleaned up " + cmsSession); + return true; + } + private CmsAuthUtils() { } + }