X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fauth%2FAbstractLoginModule.java;h=89312a3dca2d1c7c95ee0df20875c6cd42e39a0b;hb=97c5b44699e82757f57ad19b74f9d9d362aee2d0;hp=f464ebad9c37669f16c41c28c078f36b5441fe0b;hpb=0aace113e5cd3c265f2a1c7aeec5bac565fe581a;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/internal/auth/AbstractLoginModule.java b/org.argeo.cms/src/org/argeo/cms/internal/auth/AbstractLoginModule.java
index f464ebad9..89312a3dc 100644
--- a/org.argeo.cms/src/org/argeo/cms/internal/auth/AbstractLoginModule.java
+++ b/org.argeo.cms/src/org/argeo/cms/internal/auth/AbstractLoginModule.java
@@ -77,17 +77,25 @@ public abstract class AbstractLoginModule implements LoginModule {
 			Authentication currentAuth = SecurityContextHolder.getContext()
 					.getAuthentication();
 
-			if (currentAuth == null && Display.getCurrent() != null) {
-				// try to load authentication from session
-				HttpServletRequest httpRequest = RWT.getRequest();
-				HttpSession httpSession = httpRequest.getSession();
-				// log.debug(httpSession.getId());
-				Object contextFromSessionObject = httpSession
-						.getAttribute(SPRING_SECURITY_CONTEXT_KEY);
-				if (contextFromSessionObject != null) {
-					currentAuth = (Authentication) contextFromSessionObject;
-					SecurityContextHolder.getContext().setAuthentication(
-							currentAuth);
+			if (currentAuth == null) {
+				// Pre-auth
+				// TODO Do it at Spring Security level?
+				try {
+					// try to load authentication from session
+					HttpServletRequest httpRequest = RWT.getRequest();
+					HttpSession httpSession = httpRequest.getSession();
+					// log.debug(httpSession.getId());
+					Object contextFromSessionObject = httpSession
+							.getAttribute(SPRING_SECURITY_CONTEXT_KEY);
+					if (contextFromSessionObject != null) {
+						currentAuth = (Authentication) contextFromSessionObject;
+						SecurityContextHolder.getContext().setAuthentication(
+								currentAuth);
+					}
+				} catch (Exception e) {
+					if (log.isTraceEnabled())
+						log.trace("Could not get session", e);
+					// silent
 				}
 			}
 
@@ -118,12 +126,16 @@ public abstract class AbstractLoginModule implements LoginModule {
 				SecurityContext securityContext = SecurityContextHolder
 						.getContext();
 				securityContext.setAuthentication(authentication);
-				if (Display.getCurrent() != null) {
+				try {
 					HttpServletRequest httpRequest = RWT.getRequest();
 					HttpSession httpSession = httpRequest.getSession();
 					if (httpSession.getAttribute(SPRING_SECURITY_CONTEXT_KEY) == null)
 						httpSession.setAttribute(SPRING_SECURITY_CONTEXT_KEY,
 								authentication);
+				} catch (Exception e) {
+					if (log.isTraceEnabled())
+						log.trace("Could not add security context to session",
+								e);
 				}
 				return true;
 			} else {
@@ -149,9 +161,13 @@ public abstract class AbstractLoginModule implements LoginModule {
 		SecurityContextHolder.getContext().setAuthentication(null);
 		if (Display.getCurrent() != null) {
 			HttpServletRequest httpRequest = RWT.getRequest();
-			HttpSession httpSession = httpRequest.getSession();
-			if (httpSession.getAttribute(SPRING_SECURITY_CONTEXT_KEY) != null)
-				httpSession.setAttribute(SPRING_SECURITY_CONTEXT_KEY, null);
+			if (httpRequest != null) {
+				HttpSession httpSession = httpRequest.getSession();
+				if (httpSession.getAttribute(SPRING_SECURITY_CONTEXT_KEY) != null)
+					httpSession.setAttribute(SPRING_SECURITY_CONTEXT_KEY, null);
+				// expire session
+				httpSession.setMaxInactiveInterval(0);
+			}
 		}
 		return true;
 	}