X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FCmsAuthUtils.java;h=dde2d73f50efffa23f6267d454e9b9c24f75de76;hb=6be83ba7b02c903dfb5aa5df9f7ef58bbbd9f6be;hp=661cc6905fb9a33753348cfa1e81d5b47a508e47;hpb=35507e18257f2e9f59842ba5120fcd3f19c4cf4d;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java b/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java
index 661cc6905..dde2d73f5 100644
--- a/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java
@@ -93,7 +93,7 @@ class CmsAuthUtils {
 			throw new CmsException("Cannot commit", e);
 		}
 
-		registerSessionAuthorization(request, subject, authorization, locale);
+		// registerSessionAuthorization(request, subject, authorization, locale);
 	}
 
 	private static void checkSubjectEmpty(Subject subject) {
@@ -121,7 +121,7 @@ class CmsAuthUtils {
 		// subject.getPrincipals().removeAll(subject.getPrincipals(AnonymousPrincipal.class));
 	}
 
-	private synchronized static void registerSessionAuthorization(HttpServletRequest request, Subject subject,
+	synchronized static void registerSessionAuthorization(HttpServletRequest request, Subject subject,
 			Authorization authorization, Locale locale) {
 		// synchronized in order to avoid multiple registrations
 		// TODO move it to a service in order to avoid static synchronization
@@ -144,6 +144,9 @@ class CmsAuthUtils {
 						throw new CmsException("Inconsistent user " + authorization.getName()
 								+ " for existing CMS session " + cmsSession);
 					}
+					// keyring
+					if (cmsSession != null)
+						subject.getPrivateCredentials().addAll(cmsSession.getSecretKeys());
 				} else {// anonymous
 					if (cmsSession.getAuthorization().getName() != null) {
 						cmsSession.close();
@@ -151,19 +154,21 @@ class CmsAuthUtils {
 						cmsSession = null;
 					}
 				}
-			}
-
-			if (cmsSession == null)
+			} else if (cmsSession == null) {
 				cmsSession = new WebCmsSessionImpl(subject, authorization, locale, request);
+			}
 			// request.setAttribute(CmsSession.class.getName(), cmsSession);
-			CmsSessionId nodeSessionId = new CmsSessionId(cmsSession.getUuid());
-			if (subject.getPrivateCredentials(CmsSessionId.class).size() == 0)
-				subject.getPrivateCredentials().add(nodeSessionId);
-			else {
-				UUID storedSessionId = subject.getPrivateCredentials(CmsSessionId.class).iterator().next().getUuid();
-				// if (storedSessionId.equals(httpSessionId.getValue()))
-				throw new CmsException(
-						"Subject already logged with session " + storedSessionId + " (not " + nodeSessionId + ")");
+			if (cmsSession != null) {
+				CmsSessionId nodeSessionId = new CmsSessionId(cmsSession.getUuid());
+				if (subject.getPrivateCredentials(CmsSessionId.class).size() == 0)
+					subject.getPrivateCredentials().add(nodeSessionId);
+				else {
+					UUID storedSessionId = subject.getPrivateCredentials(CmsSessionId.class).iterator().next()
+							.getUuid();
+					// if (storedSessionId.equals(httpSessionId.getValue()))
+					throw new CmsException(
+							"Subject already logged with session " + storedSessionId + " (not " + nodeSessionId + ")");
+				}
 			}
 		} else {
 			// TODO desktop, CLI