X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FRemoteSessionLoginModule.java;h=6bf3fc985a8d1040edfbab0692a4a4e8cd991dae;hb=c2eb0b8ebd1c9df4923f5fb2298a4ae04237f65d;hp=05c5cf4422de810d817e3c919b4cfd66ee96b9de;hpb=4d675e1c871cfd8e4481e03cd496ab975b8b367d;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/auth/RemoteSessionLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/RemoteSessionLoginModule.java index 05c5cf442..6bf3fc985 100644 --- a/org.argeo.cms/src/org/argeo/cms/auth/RemoteSessionLoginModule.java +++ b/org.argeo.cms/src/org/argeo/cms/auth/RemoteSessionLoginModule.java @@ -14,11 +14,12 @@ import javax.security.auth.callback.UnsupportedCallbackException; import javax.security.auth.login.LoginException; import javax.security.auth.spi.LoginModule; -import org.argeo.api.cms.CmsConstants; import org.argeo.api.cms.CmsLog; +import org.argeo.cms.CmsDeployProperty; import org.argeo.cms.internal.auth.CmsSessionImpl; import org.argeo.cms.internal.runtime.CmsContextImpl; -import org.osgi.service.http.HttpContext; +import org.argeo.cms.internal.runtime.CmsStateImpl; +import org.argeo.util.http.HttpHeader; import org.osgi.service.useradmin.Authorization; /** Use the HTTP session as the basis for authentication. */ @@ -32,8 +33,6 @@ public class RemoteSessionLoginModule implements LoginModule { private RemoteAuthRequest request = null; private RemoteAuthResponse response = null; -// private BundleContext bc; - private Authorization authorization; private Locale locale; @@ -41,8 +40,6 @@ public class RemoteSessionLoginModule implements LoginModule { @Override public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) { -// bc = FrameworkUtil.getBundle(RemoteSessionLoginModule.class).getBundleContext(); -// assert bc != null; this.subject = subject; this.callbackHandler = callbackHandler; this.sharedState = (Map) sharedState; @@ -77,24 +74,26 @@ public class RemoteSessionLoginModule implements LoginModule { log.trace("Retrieved authorization from " + cmsSession); } } else { - authorization = (Authorization) request.getAttribute(HttpContext.AUTHORIZATION); + authorization = (Authorization) request.getAttribute(RemoteAuthRequest.AUTHORIZATION); if (authorization == null) {// search by session ID RemoteAuthSession httpSession = request.getSession(); - if (httpSession == null) { - // TODO make sure this is always safe - if (log.isTraceEnabled()) - log.trace("Create http session"); - httpSession = request.createSession(); - } - String httpSessionId = httpSession.getId(); +// if (httpSession == null) { +// // TODO make sure this is always safe +// if (log.isTraceEnabled()) +// log.trace("Create http session"); +// httpSession = request.createSession(); +// } + if (httpSession != null) { + String httpSessionId = httpSession.getId(); // if (log.isTraceEnabled()) // log.trace("HTTP login: " + request.getPathInfo() + " #" + httpSessionId); - CmsSessionImpl cmsSession = CmsContextImpl.getCmsContext().getCmsSessionByLocalId(httpSessionId); - if (cmsSession != null && !cmsSession.isAnonymous()) { - authorization = cmsSession.getAuthorization(); - locale = cmsSession.getLocale(); - if (log.isTraceEnabled()) - log.trace("Retrieved authorization from " + cmsSession); + CmsSessionImpl cmsSession = CmsContextImpl.getCmsContext().getCmsSessionByLocalId(httpSessionId); + if (cmsSession != null && !cmsSession.isAnonymous()) { + authorization = cmsSession.getAuthorization(); + locale = cmsSession.getLocale(); + if (log.isTraceEnabled()) + log.trace("Retrieved authorization from " + cmsSession); + } } } sharedState.put(CmsAuthUtils.SHARED_STATE_HTTP_REQUEST, request); @@ -108,7 +107,7 @@ public class RemoteSessionLoginModule implements LoginModule { } else { if (log.isTraceEnabled()) log.trace("HTTP login: " + true); - request.setAttribute(HttpContext.AUTHORIZATION, authorization); + request.setAttribute(RemoteAuthRequest.AUTHORIZATION, authorization); return true; } } @@ -117,7 +116,7 @@ public class RemoteSessionLoginModule implements LoginModule { public boolean commit() throws LoginException { byte[] outToken = (byte[]) sharedState.get(CmsAuthUtils.SHARED_STATE_SPNEGO_OUT_TOKEN); if (outToken != null) { - response.setHeader(CmsAuthUtils.HEADER_WWW_AUTHENTICATE, + response.setHeader(HttpHeader.WWW_AUTHENTICATE.getName(), "Negotiate " + java.util.Base64.getEncoder().encodeToString(outToken)); } @@ -155,7 +154,7 @@ public class RemoteSessionLoginModule implements LoginModule { } private void extractHttpAuth(final RemoteAuthRequest httpRequest) { - String authHeader = httpRequest.getHeader(CmsAuthUtils.HEADER_AUTHORIZATION); + String authHeader = httpRequest.getHeader(HttpHeader.AUTHORIZATION.getName()); extractHttpAuth(authHeader); } @@ -164,7 +163,7 @@ public class RemoteSessionLoginModule implements LoginModule { StringTokenizer st = new StringTokenizer(authHeader); if (st.hasMoreTokens()) { String basic = st.nextToken(); - if (basic.equalsIgnoreCase("Basic")) { + if (basic.equalsIgnoreCase(HttpHeader.BASIC)) { try { // TODO manipulate char[] Base64.Decoder decoder = Base64.getDecoder(); @@ -182,7 +181,7 @@ public class RemoteSessionLoginModule implements LoginModule { } catch (Exception e) { throw new IllegalStateException("Couldn't retrieve authentication", e); } - } else if (basic.equalsIgnoreCase("Negotiate")) { + } else if (basic.equalsIgnoreCase(HttpHeader.NEGOTIATE)) { String spnegoToken = st.nextToken(); Base64.Decoder decoder = Base64.getDecoder(); byte[] authToken = decoder.decode(spnegoToken); @@ -210,8 +209,8 @@ public class RemoteSessionLoginModule implements LoginModule { if (log.isDebugEnabled()) log.debug("Client certificate " + certDn + " verified by servlet container"); } // Reverse proxy verified the client certificate - String clientDnHttpHeader = CmsContextImpl.getCmsContext().getCmsState() - .getDeployProperty(CmsConstants.HTTP_PROXY_SSL_DN); + String clientDnHttpHeader = CmsStateImpl.getDeployProperty(CmsContextImpl.getCmsContext().getCmsState(), + CmsDeployProperty.HTTP_PROXY_SSL_HEADER_DN); if (clientDnHttpHeader != null) { String certDn = req.getHeader(clientDnHttpHeader); // TODO retrieve more cf. https://httpd.apache.org/docs/current/mod/mod_ssl.html