X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fauth%2FAbstractLoginModule.java;h=baf6b63175eb3b952bedee3cca530e2d00103196;hb=85ced0e58ded00f296948b6dff51f84994855080;hp=f464ebad9c37669f16c41c28c078f36b5441fe0b;hpb=0aace113e5cd3c265f2a1c7aeec5bac565fe581a;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/internal/auth/AbstractLoginModule.java b/org.argeo.cms/src/org/argeo/cms/internal/auth/AbstractLoginModule.java
index f464ebad9..baf6b6317 100644
--- a/org.argeo.cms/src/org/argeo/cms/internal/auth/AbstractLoginModule.java
+++ b/org.argeo.cms/src/org/argeo/cms/internal/auth/AbstractLoginModule.java
@@ -77,17 +77,25 @@ public abstract class AbstractLoginModule implements LoginModule {
 			Authentication currentAuth = SecurityContextHolder.getContext()
 					.getAuthentication();
 
-			if (currentAuth == null && Display.getCurrent() != null) {
-				// try to load authentication from session
-				HttpServletRequest httpRequest = RWT.getRequest();
-				HttpSession httpSession = httpRequest.getSession();
-				// log.debug(httpSession.getId());
-				Object contextFromSessionObject = httpSession
-						.getAttribute(SPRING_SECURITY_CONTEXT_KEY);
-				if (contextFromSessionObject != null) {
-					currentAuth = (Authentication) contextFromSessionObject;
-					SecurityContextHolder.getContext().setAuthentication(
-							currentAuth);
+			if (currentAuth == null) {
+				// Pre-auth
+				// TODO Do it at Spring Security level?
+				try {
+					// try to load authentication from session
+					HttpServletRequest httpRequest = RWT.getRequest();
+					HttpSession httpSession = httpRequest.getSession();
+					// log.debug(httpSession.getId());
+					Object contextFromSessionObject = httpSession
+							.getAttribute(SPRING_SECURITY_CONTEXT_KEY);
+					if (contextFromSessionObject != null) {
+						currentAuth = (Authentication) contextFromSessionObject;
+						SecurityContextHolder.getContext().setAuthentication(
+								currentAuth);
+					}
+				} catch (Exception e) {
+					if (log.isTraceEnabled())
+						log.trace("Could not get session", e);
+					// silent
 				}
 			}
 
@@ -118,12 +126,16 @@ public abstract class AbstractLoginModule implements LoginModule {
 				SecurityContext securityContext = SecurityContextHolder
 						.getContext();
 				securityContext.setAuthentication(authentication);
-				if (Display.getCurrent() != null) {
+				try {
 					HttpServletRequest httpRequest = RWT.getRequest();
 					HttpSession httpSession = httpRequest.getSession();
 					if (httpSession.getAttribute(SPRING_SECURITY_CONTEXT_KEY) == null)
 						httpSession.setAttribute(SPRING_SECURITY_CONTEXT_KEY,
 								authentication);
+				} catch (Exception e) {
+					if (log.isTraceEnabled())
+						log.trace("Could not add security context to session",
+								e);
 				}
 				return true;
 			} else {
@@ -152,6 +164,8 @@ public abstract class AbstractLoginModule implements LoginModule {
 			HttpSession httpSession = httpRequest.getSession();
 			if (httpSession.getAttribute(SPRING_SECURITY_CONTEXT_KEY) != null)
 				httpSession.setAttribute(SPRING_SECURITY_CONTEXT_KEY, null);
+			// expire session
+			httpSession.setMaxInactiveInterval(0);
 		}
 		return true;
 	}