X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FHttpSessionLoginModule.java;h=c2dfead780ac8c9d71e2bbc932eafad00c15321e;hb=b7683883512d924a039a43c2e1102290aa49f64d;hp=f42e79c98980d185e469329aedc8810b6775aa3d;hpb=b6e64316eb5472b68f4673cbda3f1e375defe8fe;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/auth/HttpSessionLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/HttpSessionLoginModule.java
index f42e79c98..c2dfead78 100644
--- a/org.argeo.cms/src/org/argeo/cms/auth/HttpSessionLoginModule.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/HttpSessionLoginModule.java
@@ -19,13 +19,14 @@ import javax.servlet.http.HttpSession;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.argeo.cms.CmsException;
+import org.argeo.cms.internal.auth.CmsSessionImpl;
 import org.argeo.cms.internal.kernel.Activator;
 import org.osgi.framework.BundleContext;
 import org.osgi.framework.FrameworkUtil;
 import org.osgi.service.http.HttpContext;
 import org.osgi.service.useradmin.Authorization;
 
+/** Use the HTTP session as the basis for authentication. */
 public class HttpSessionLoginModule implements LoginModule {
 	private final static Log log = LogFactory.getLog(HttpSessionLoginModule.class);
 
@@ -73,7 +74,7 @@ public class HttpSessionLoginModule implements LoginModule {
 			String httpSessionId = httpSession.getId();
 			if (log.isTraceEnabled())
 				log.trace("HTTP login: " + request.getPathInfo() + " #" + httpSessionId);
-			CmsSession cmsSession = CmsAuthUtils.cmsSessionFromHttpSession(bc, httpSessionId);
+			CmsSessionImpl cmsSession = CmsAuthUtils.cmsSessionFromHttpSession(bc, httpSessionId);
 			if (cmsSession != null) {
 				authorization = cmsSession.getAuthorization();
 				locale = cmsSession.getLocale();
@@ -93,7 +94,7 @@ public class HttpSessionLoginModule implements LoginModule {
 				String httpSessionId = httpSession.getId();
 				if (log.isTraceEnabled())
 					log.trace("HTTP login: " + request.getPathInfo() + " #" + httpSessionId);
-				CmsSession cmsSession = CmsAuthUtils.cmsSessionFromHttpSession(bc, httpSessionId);
+				CmsSessionImpl cmsSession = CmsAuthUtils.cmsSessionFromHttpSession(bc, httpSessionId);
 				if (cmsSession != null) {
 					authorization = cmsSession.getAuthorization();
 					locale = cmsSession.getLocale();
@@ -112,6 +113,7 @@ public class HttpSessionLoginModule implements LoginModule {
 		} else {
 			if (log.isTraceEnabled())
 				log.trace("HTTP login: " + true);
+			request.setAttribute(HttpContext.AUTHORIZATION, authorization);
 			return true;
 		}
 	}
@@ -180,10 +182,10 @@ public class HttpSessionLoginModule implements LoginModule {
 							sharedState.put(CmsAuthUtils.SHARED_STATE_NAME, login);
 							sharedState.put(CmsAuthUtils.SHARED_STATE_PWD, password);
 						} else {
-							throw new CmsException("Invalid authentication token");
+							throw new IllegalStateException("Invalid authentication token");
 						}
 					} catch (Exception e) {
-						throw new CmsException("Couldn't retrieve authentication", e);
+						throw new IllegalStateException("Couldn't retrieve authentication", e);
 					}
 				} else if (basic.equalsIgnoreCase("Negotiate")) {
 					String spnegoToken = st.nextToken();