X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FHttpSessionLoginModule.java;h=48220a86876b7db2b3092ad9395757cc648514c5;hb=715f6820660b91d532e3bd75a53786267066e1a7;hp=d3103627c294259f8d4218e3534f2a8d98ce89c1;hpb=d2057396fab26e7b94e9d479d8429e0ed2487067;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/auth/HttpSessionLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/HttpSessionLoginModule.java
index d3103627c..48220a868 100644
--- a/org.argeo.cms/src/org/argeo/cms/auth/HttpSessionLoginModule.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/HttpSessionLoginModule.java
@@ -2,7 +2,9 @@ package org.argeo.cms.auth;
 
 import java.io.IOException;
 import java.security.cert.X509Certificate;
+import java.util.Base64;
 import java.util.Collection;
+import java.util.Locale;
 import java.util.Map;
 import java.util.StringTokenizer;
 
@@ -16,11 +18,9 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
-import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.argeo.cms.CmsException;
-import org.argeo.naming.LdapAttrs;
 import org.osgi.framework.BundleContext;
 import org.osgi.framework.FrameworkUtil;
 import org.osgi.framework.InvalidSyntaxException;
@@ -41,6 +41,7 @@ public class HttpSessionLoginModule implements LoginModule {
 	private BundleContext bc;
 
 	private Authorization authorization;
+	private Locale locale;
 
 	@SuppressWarnings("unchecked")
 	@Override
@@ -90,6 +91,7 @@ public class HttpSessionLoginModule implements LoginModule {
 			}
 			if (sr.size() == 1) {
 				CmsSession cmsSession = bc.getService(sr.iterator().next());
+				locale = cmsSession.getLocale();
 				authorization = cmsSession.getAuthorization();
 				if (authorization.getName() == null)
 					authorization = null;// anonymous is not sufficient
@@ -120,7 +122,12 @@ public class HttpSessionLoginModule implements LoginModule {
 		}
 
 		if (authorization != null) {
-			CmsAuthUtils.addAuthorization(subject, authorization, request.getLocale(), request);
+			// Locale locale = request.getLocale();
+			if (locale == null)
+				locale = request.getLocale();
+			subject.getPublicCredentials().add(locale);
+			CmsAuthUtils.addAuthorization(subject, authorization, locale, request);
+			CmsAuthUtils.registerSessionAuthorization(request, subject, authorization, locale);
 			cleanUp();
 			return true;
 		} else {
@@ -155,7 +162,8 @@ public class HttpSessionLoginModule implements LoginModule {
 				if (basic.equalsIgnoreCase("Basic")) {
 					try {
 						// TODO manipulate char[]
-						String credentials = new String(Base64.decodeBase64(st.nextToken()), "UTF-8");
+						Base64.Decoder decoder = Base64.getDecoder();
+						String credentials = new String(decoder.decode(st.nextToken()), "UTF-8");
 						// log.debug("Credentials: " + credentials);
 						int p = credentials.indexOf(":");
 						if (p != -1) {
@@ -171,28 +179,37 @@ public class HttpSessionLoginModule implements LoginModule {
 					}
 				} else if (basic.equalsIgnoreCase("Negotiate")) {
 					String spnegoToken = st.nextToken();
-					byte[] authToken = Base64.decodeBase64(spnegoToken);
+					Base64.Decoder decoder = Base64.getDecoder();
+					byte[] authToken = decoder.decode(spnegoToken);
 					sharedState.put(CmsAuthUtils.SHARED_STATE_SPNEGO_TOKEN, authToken);
 				}
 			}
 		}
 
 		// auth token
-//		String mail = request.getParameter(LdapAttrs.mail.name());
-//		String authPassword = request.getParameter(LdapAttrs.authPassword.name());
-//		if (authPassword != null) {
-//			sharedState.put(CmsAuthUtils.SHARED_STATE_PWD, authPassword);
-//			if (mail != null)
-//				sharedState.put(CmsAuthUtils.SHARED_STATE_NAME, mail);
-//		}
+		// String mail = request.getParameter(LdapAttrs.mail.name());
+		// String authPassword = request.getParameter(LdapAttrs.authPassword.name());
+		// if (authPassword != null) {
+		// sharedState.put(CmsAuthUtils.SHARED_STATE_PWD, authPassword);
+		// if (mail != null)
+		// sharedState.put(CmsAuthUtils.SHARED_STATE_NAME, mail);
+		// }
 	}
 
-	private X509Certificate[] extractClientCertificate(HttpServletRequest req) {
+	private void extractClientCertificate(HttpServletRequest req) {
 		X509Certificate[] certs = (X509Certificate[]) req.getAttribute("javax.servlet.request.X509Certificate");
 		if (null != certs && certs.length > 0) {
-			return certs;
+			sharedState.put(CmsAuthUtils.SHARED_STATE_NAME, certs[0].getSubjectX500Principal().getName());
+			sharedState.put(CmsAuthUtils.SHARED_STATE_CERTIFICATE_CHAIN, certs);
+		} else {
+			// When client has been verified by reverse proxy
+			String certDn = req.getHeader("SSL_CLIENT_S_DN");
+			if (certDn != null) {
+				sharedState.put(CmsAuthUtils.SHARED_STATE_NAME, certDn);
+				String issuerDn = req.getHeader("SSL_CLIENT_I_DN");
+				sharedState.put(CmsAuthUtils.SHARED_STATE_CERTIFICATE_CHAIN, issuerDn);
+			}
 		}
-		return null;
 	}
 
 }