X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fintegration%2FCmsPrivateServletContext.java;h=862d7ee08eda8eab931b31a8c65d987df28e27ac;hb=55f74279d7d684988be6e2752dbaa658c76f11e7;hp=c968d779d49e0d1ddbb284102d054cec5de43edd;hpb=a940a66aca249a1ce7dea66d43b0e2816845d7d1;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/integration/CmsPrivateServletContext.java b/org.argeo.cms/src/org/argeo/cms/integration/CmsPrivateServletContext.java
index c968d779d..862d7ee08 100644
--- a/org.argeo.cms/src/org/argeo/cms/integration/CmsPrivateServletContext.java
+++ b/org.argeo.cms/src/org/argeo/cms/integration/CmsPrivateServletContext.java
@@ -1,10 +1,9 @@
 package org.argeo.cms.integration;
 
-import static org.argeo.node.NodeConstants.LOGIN_CONTEXT_USER;
+import static org.argeo.api.NodeConstants.LOGIN_CONTEXT_USER;
 
 import java.io.IOException;
 import java.security.AccessControlContext;
-import java.security.AccessController;
 import java.security.PrivilegedAction;
 import java.util.Map;
 
@@ -15,6 +14,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.argeo.cms.auth.HttpRequestCallbackHandler;
+import org.argeo.cms.servlet.ServletAuthUtils;
 import org.osgi.service.http.context.ServletContextHelper;
 
 /** Manages security access to servlets. */
@@ -53,7 +53,8 @@ public class CmsPrivateServletContext extends ServletContextHelper {
 
 			@Override
 			public Void run() {
-				request.setAttribute(REMOTE_USER, AccessController.getContext());
+				// TODO also set login context in order to log out ?
+				ServletAuthUtils.configureRequestSecurity(request);
 				return null;
 			}
 
@@ -62,6 +63,11 @@ public class CmsPrivateServletContext extends ServletContextHelper {
 		return true;
 	}
 
+	@Override
+	public void finishSecurity(HttpServletRequest request, HttpServletResponse response) {
+		ServletAuthUtils.clearRequestSecurity(request);
+	}
+
 	protected LoginContext processUnauthorized(HttpServletRequest request, HttpServletResponse response) {
 		try {
 			response.sendRedirect(loginPage);