X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fintegration%2FCmsPrivateServletContext.java;h=a97f4133fdbdc2cd3191a6164136ef9a1d703e5f;hb=d4cd517a9ff39f08ab28c129775de19c5c0ec02a;hp=4c7c8997af3f2dfff96dfd81bd8e2451206f7ba3;hpb=a2590cf3e2ad039f004f13ef6c97a9f702841e5b;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/integration/CmsPrivateServletContext.java b/org.argeo.cms/src/org/argeo/cms/integration/CmsPrivateServletContext.java
index 4c7c8997a..a97f4133f 100644
--- a/org.argeo.cms/src/org/argeo/cms/integration/CmsPrivateServletContext.java
+++ b/org.argeo.cms/src/org/argeo/cms/integration/CmsPrivateServletContext.java
@@ -4,7 +4,6 @@ import static org.argeo.api.NodeConstants.LOGIN_CONTEXT_USER;
 
 import java.io.IOException;
 import java.security.AccessControlContext;
-import java.security.AccessController;
 import java.security.PrivilegedAction;
 import java.util.Map;
 
@@ -15,6 +14,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.argeo.cms.auth.HttpRequestCallbackHandler;
+import org.argeo.cms.auth.ServletAuthUtils;
 import org.osgi.service.http.context.ServletContextHelper;
 
 /** Manages security access to servlets. */
@@ -53,7 +53,8 @@ public class CmsPrivateServletContext extends ServletContextHelper {
 
 			@Override
 			public Void run() {
-				request.setAttribute(REMOTE_USER, AccessController.getContext());
+				// TODO also set login context in order to log out ?
+				ServletAuthUtils.configureRequestSecurity(request);
 				return null;
 			}
 
@@ -62,6 +63,11 @@ public class CmsPrivateServletContext extends ServletContextHelper {
 		return true;
 	}
 
+	@Override
+	public void finishSecurity(HttpServletRequest request, HttpServletResponse response) {
+		ServletAuthUtils.clearRequestSecurity(request);
+	}
+
 	protected LoginContext processUnauthorized(HttpServletRequest request, HttpServletResponse response) {
 		try {
 			response.sendRedirect(loginPage);