X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FRemoteSessionLoginModule.java;h=8f05096906e12d613cd77343c120a0235d4765b2;hb=81d9084e2c9fd9d33ca1d864171d28f9564647d8;hp=ecbc844b5141c4c4ef7908fdc3bb1addf1057a09;hpb=4185ff8826f893a4a1f054f61a11b89333c3e85d;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/auth/RemoteSessionLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/RemoteSessionLoginModule.java index ecbc844b5..8f0509690 100644 --- a/org.argeo.cms/src/org/argeo/cms/auth/RemoteSessionLoginModule.java +++ b/org.argeo.cms/src/org/argeo/cms/auth/RemoteSessionLoginModule.java @@ -14,18 +14,16 @@ import javax.security.auth.callback.UnsupportedCallbackException; import javax.security.auth.login.LoginException; import javax.security.auth.spi.LoginModule; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; +import org.argeo.api.cms.CmsLog; +import org.argeo.cms.CmsDeployProperty; import org.argeo.cms.internal.auth.CmsSessionImpl; -import org.argeo.cms.internal.kernel.Activator; -import org.osgi.framework.BundleContext; -import org.osgi.framework.FrameworkUtil; -import org.osgi.service.http.HttpContext; +import org.argeo.cms.internal.runtime.CmsContextImpl; +import org.argeo.cms.internal.runtime.CmsStateImpl; import org.osgi.service.useradmin.Authorization; /** Use the HTTP session as the basis for authentication. */ public class RemoteSessionLoginModule implements LoginModule { - private final static Log log = LogFactory.getLog(RemoteSessionLoginModule.class); + private final static CmsLog log = CmsLog.getLog(RemoteSessionLoginModule.class); private Subject subject = null; private CallbackHandler callbackHandler = null; @@ -34,7 +32,7 @@ public class RemoteSessionLoginModule implements LoginModule { private RemoteAuthRequest request = null; private RemoteAuthResponse response = null; - private BundleContext bc; +// private BundleContext bc; private Authorization authorization; private Locale locale; @@ -43,8 +41,8 @@ public class RemoteSessionLoginModule implements LoginModule { @Override public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) { - bc = FrameworkUtil.getBundle(RemoteSessionLoginModule.class).getBundleContext(); - assert bc != null; +// bc = FrameworkUtil.getBundle(RemoteSessionLoginModule.class).getBundleContext(); +// assert bc != null; this.subject = subject; this.callbackHandler = callbackHandler; this.sharedState = (Map) sharedState; @@ -54,32 +52,32 @@ public class RemoteSessionLoginModule implements LoginModule { public boolean login() throws LoginException { if (callbackHandler == null) return false; - RemoteAuthCallback httpCallback = new RemoteAuthCallback(); + RemoteAuthCallback remoteAuthCallback = new RemoteAuthCallback(); try { - callbackHandler.handle(new Callback[] { httpCallback }); + callbackHandler.handle(new Callback[] { remoteAuthCallback }); } catch (IOException e) { throw new LoginException("Cannot handle http callback: " + e.getMessage()); } catch (UnsupportedCallbackException e) { return false; } - request = httpCallback.getRequest(); + request = remoteAuthCallback.getRequest(); if (request == null) { - RemoteAuthSession httpSession = httpCallback.getHttpSession(); + RemoteAuthSession httpSession = remoteAuthCallback.getHttpSession(); if (httpSession == null) return false; // TODO factorize with below String httpSessionId = httpSession.getId(); // if (log.isTraceEnabled()) // log.trace("HTTP login: " + request.getPathInfo() + " #" + httpSessionId); - CmsSessionImpl cmsSession = CmsAuthUtils.cmsSessionFromHttpSession(bc, httpSessionId); - if (cmsSession != null) { + CmsSessionImpl cmsSession = CmsContextImpl.getCmsContext().getCmsSessionByLocalId(httpSessionId); + if (cmsSession != null && !cmsSession.isAnonymous()) { authorization = cmsSession.getAuthorization(); locale = cmsSession.getLocale(); if (log.isTraceEnabled()) log.trace("Retrieved authorization from " + cmsSession); } } else { - authorization = (Authorization) request.getAttribute(HttpContext.AUTHORIZATION); + authorization = (Authorization) request.getAttribute(RemoteAuthRequest.AUTHORIZATION); if (authorization == null) {// search by session ID RemoteAuthSession httpSession = request.getSession(); if (httpSession == null) { @@ -91,8 +89,8 @@ public class RemoteSessionLoginModule implements LoginModule { String httpSessionId = httpSession.getId(); // if (log.isTraceEnabled()) // log.trace("HTTP login: " + request.getPathInfo() + " #" + httpSessionId); - CmsSessionImpl cmsSession = CmsAuthUtils.cmsSessionFromHttpSession(bc, httpSessionId); - if (cmsSession != null) { + CmsSessionImpl cmsSession = CmsContextImpl.getCmsContext().getCmsSessionByLocalId(httpSessionId); + if (cmsSession != null && !cmsSession.isAnonymous()) { authorization = cmsSession.getAuthorization(); locale = cmsSession.getLocale(); if (log.isTraceEnabled()) @@ -110,7 +108,7 @@ public class RemoteSessionLoginModule implements LoginModule { } else { if (log.isTraceEnabled()) log.trace("HTTP login: " + true); - request.setAttribute(HttpContext.AUTHORIZATION, authorization); + request.setAttribute(RemoteAuthRequest.AUTHORIZATION, authorization); return true; } } @@ -212,7 +210,8 @@ public class RemoteSessionLoginModule implements LoginModule { if (log.isDebugEnabled()) log.debug("Client certificate " + certDn + " verified by servlet container"); } // Reverse proxy verified the client certificate - String clientDnHttpHeader = Activator.getHttpProxySslHeader(); + String clientDnHttpHeader = CmsStateImpl.getDeployProperty(CmsContextImpl.getCmsContext().getCmsState(), + CmsDeployProperty.HTTP_PROXY_SSL_HEADER_DN); if (clientDnHttpHeader != null) { String certDn = req.getHeader(clientDnHttpHeader); // TODO retrieve more cf. https://httpd.apache.org/docs/current/mod/mod_ssl.html