X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FRemoteSessionLoginModule.java;h=987c3dd19dfeff760f579d27adf6f41558812a29;hb=54df376a9c2dd458a82eaa09bfbb718fe699dd0d;hp=6bf3fc985a8d1040edfbab0692a4a4e8cd991dae;hpb=c2eb0b8ebd1c9df4923f5fb2298a4ae04237f65d;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/auth/RemoteSessionLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/RemoteSessionLoginModule.java index 6bf3fc985..987c3dd19 100644 --- a/org.argeo.cms/src/org/argeo/cms/auth/RemoteSessionLoginModule.java +++ b/org.argeo.cms/src/org/argeo/cms/auth/RemoteSessionLoginModule.java @@ -16,13 +16,13 @@ import javax.security.auth.spi.LoginModule; import org.argeo.api.cms.CmsLog; import org.argeo.cms.CmsDeployProperty; +import org.argeo.cms.http.HttpHeader; import org.argeo.cms.internal.auth.CmsSessionImpl; import org.argeo.cms.internal.runtime.CmsContextImpl; import org.argeo.cms.internal.runtime.CmsStateImpl; -import org.argeo.util.http.HttpHeader; import org.osgi.service.useradmin.Authorization; -/** Use the HTTP session as the basis for authentication. */ +/** Use a remote session as the basis for authentication. */ public class RemoteSessionLoginModule implements LoginModule { private final static CmsLog log = CmsLog.getLog(RemoteSessionLoginModule.class); @@ -64,8 +64,6 @@ public class RemoteSessionLoginModule implements LoginModule { return false; // TODO factorize with below String httpSessionId = httpSession.getId(); -// if (log.isTraceEnabled()) -// log.trace("HTTP login: " + request.getPathInfo() + " #" + httpSessionId); CmsSessionImpl cmsSession = CmsContextImpl.getCmsContext().getCmsSessionByLocalId(httpSessionId); if (cmsSession != null && !cmsSession.isAnonymous()) { authorization = cmsSession.getAuthorization(); @@ -77,16 +75,8 @@ public class RemoteSessionLoginModule implements LoginModule { authorization = (Authorization) request.getAttribute(RemoteAuthRequest.AUTHORIZATION); if (authorization == null) {// search by session ID RemoteAuthSession httpSession = request.getSession(); -// if (httpSession == null) { -// // TODO make sure this is always safe -// if (log.isTraceEnabled()) -// log.trace("Create http session"); -// httpSession = request.createSession(); -// } if (httpSession != null) { String httpSessionId = httpSession.getId(); -// if (log.isTraceEnabled()) -// log.trace("HTTP login: " + request.getPathInfo() + " #" + httpSessionId); CmsSessionImpl cmsSession = CmsContextImpl.getCmsContext().getCmsSessionByLocalId(httpSessionId); if (cmsSession != null && !cmsSession.isAnonymous()) { authorization = cmsSession.getAuthorization(); @@ -94,6 +84,8 @@ public class RemoteSessionLoginModule implements LoginModule { if (log.isTraceEnabled()) log.trace("Retrieved authorization from " + cmsSession); } + }else { + request.createSession(); } } sharedState.put(CmsAuthUtils.SHARED_STATE_HTTP_REQUEST, request); @@ -116,7 +108,7 @@ public class RemoteSessionLoginModule implements LoginModule { public boolean commit() throws LoginException { byte[] outToken = (byte[]) sharedState.get(CmsAuthUtils.SHARED_STATE_SPNEGO_OUT_TOKEN); if (outToken != null) { - response.setHeader(HttpHeader.WWW_AUTHENTICATE.getName(), + response.setHeader(HttpHeader.WWW_AUTHENTICATE.getHeaderName(), "Negotiate " + java.util.Base64.getEncoder().encodeToString(outToken)); } @@ -154,7 +146,7 @@ public class RemoteSessionLoginModule implements LoginModule { } private void extractHttpAuth(final RemoteAuthRequest httpRequest) { - String authHeader = httpRequest.getHeader(HttpHeader.AUTHORIZATION.getName()); + String authHeader = httpRequest.getHeader(HttpHeader.AUTHORIZATION.getHeaderName()); extractHttpAuth(authHeader); } @@ -189,15 +181,6 @@ public class RemoteSessionLoginModule implements LoginModule { } } } - - // auth token - // String mail = request.getParameter(LdapAttrs.mail.name()); - // String authPassword = request.getParameter(LdapAttrs.authPassword.name()); - // if (authPassword != null) { - // sharedState.put(CmsAuthUtils.SHARED_STATE_PWD, authPassword); - // if (mail != null) - // sharedState.put(CmsAuthUtils.SHARED_STATE_NAME, mail); - // } } private void extractClientCertificate(RemoteAuthRequest req) {