X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fauth%2FCmsSessionImpl.java;h=4f5a85ddfc998a0bbd24b33d4b4fc567bf21e565;hb=feddb4be70a8304dd4a533efee6e14c22691b500;hp=164d319f197ae92074b2c5965233deb6f7c1be5c;hpb=da9d144b6b241e1526a3bd255dff905a7969a5bc;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/internal/auth/CmsSessionImpl.java b/org.argeo.cms/src/org/argeo/cms/internal/auth/CmsSessionImpl.java
index 164d319f1..4f5a85ddf 100644
--- a/org.argeo.cms/src/org/argeo/cms/internal/auth/CmsSessionImpl.java
+++ b/org.argeo.cms/src/org/argeo/cms/internal/auth/CmsSessionImpl.java
@@ -1,9 +1,6 @@
 package org.argeo.cms.internal.auth;
 
 import java.io.Serializable;
-import java.security.AccessControlContext;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.time.ZonedDateTime;
 import java.util.ArrayList;
 import java.util.Collections;
@@ -12,46 +9,38 @@ import java.util.List;
 import java.util.Locale;
 import java.util.Map;
 import java.util.Objects;
-import java.util.Set;
 import java.util.UUID;
 import java.util.function.Consumer;
 
-import javax.crypto.SecretKey;
-import javax.naming.InvalidNameException;
-import javax.naming.ldap.LdapName;
 import javax.security.auth.Subject;
 import javax.security.auth.login.LoginContext;
 import javax.security.auth.login.LoginException;
 import javax.security.auth.x500.X500Principal;
 
 import org.argeo.api.cms.CmsAuth;
+import org.argeo.api.cms.CmsConstants;
 import org.argeo.api.cms.CmsLog;
 import org.argeo.api.cms.CmsSession;
 import org.argeo.cms.internal.runtime.CmsContextImpl;
-import org.argeo.cms.security.NodeSecurityUtils;
-import org.osgi.framework.ServiceRegistration;
 import org.osgi.service.useradmin.Authorization;
 
 /** Default CMS session implementation. */
 public class CmsSessionImpl implements CmsSession, Serializable {
 	private static final long serialVersionUID = 1867719354246307225L;
-//	private final static BundleContext bc = FrameworkUtil.getBundle(CmsSessionImpl.class).getBundleContext();
 	private final static CmsLog log = CmsLog.getLog(CmsSessionImpl.class);
 
-	// private final Subject initialSubject;
-	private transient AccessControlContext accessControlContext;
+	private transient Subject subject;
 	private final UUID uuid;
 	private final String localSessionId;
 	private Authorization authorization;
-	private final LdapName userDn;
+//	private final LdapName userDn;
+	private final String userDn;
 	private final boolean anonymous;
 
 	private final ZonedDateTime creationTime;
 	private ZonedDateTime end;
 	private final Locale locale;
 
-	private ServiceRegistration<CmsSession> serviceRegistration;
-
 	private Map<String, Object> views = new HashMap<>();
 
 	private List<Consumer<CmsSession>> onCloseCallbacks = Collections.synchronizedList(new ArrayList<>());
@@ -62,26 +51,14 @@ public class CmsSessionImpl implements CmsSession, Serializable {
 
 		this.creationTime = ZonedDateTime.now();
 		this.locale = locale;
-		this.accessControlContext = Subject.doAs(initialSubject, new PrivilegedAction<AccessControlContext>() {
-
-			@Override
-			public AccessControlContext run() {
-				return AccessController.getContext();
-			}
-
-		});
-		// this.initialSubject = initialSubject;
+		this.subject = initialSubject;
 		this.localSessionId = localSessionId;
 		this.authorization = authorization;
-		if (authorization.getName() != null)
-			try {
-				this.userDn = new LdapName(authorization.getName());
-				this.anonymous = false;
-			} catch (InvalidNameException e) {
-				throw new IllegalArgumentException("Invalid user name " + authorization.getName(), e);
-			}
-		else {
-			this.userDn = NodeSecurityUtils.ROLE_ANONYMOUS_NAME;
+		if (authorization.getName() != null) {
+			this.userDn = authorization.getName();
+			this.anonymous = false;
+		} else {
+			this.userDn = CmsConstants.ROLE_ANONYMOUS;
 			this.anonymous = true;
 		}
 		this.uuid = uuid;
@@ -99,15 +76,15 @@ public class CmsSessionImpl implements CmsSession, Serializable {
 		try {
 			LoginContext lc;
 			if (isAnonymous()) {
-				lc = new LoginContext(CmsAuth.LOGIN_CONTEXT_ANONYMOUS, getSubject());
+				lc = CmsAuth.ANONYMOUS.newLoginContext(getSubject());
 			} else {
-				lc = new LoginContext(CmsAuth.LOGIN_CONTEXT_USER, getSubject());
+				lc = CmsAuth.USER.newLoginContext(getSubject());
 			}
 			lc.logout();
 		} catch (LoginException e) {
 			log.warn("Could not logout " + getSubject() + ": " + e);
 		} finally {
-			accessControlContext = null;
+			subject = null;
 		}
 		log.debug("Closed " + this);
 	}
@@ -118,13 +95,13 @@ public class CmsSessionImpl implements CmsSession, Serializable {
 	}
 
 	public Subject getSubject() {
-		return Subject.getSubject(accessControlContext);
+		return subject;
 	}
 
-	public Set<SecretKey> getSecretKeys() {
-		checkValid();
-		return getSubject().getPrivateCredentials(SecretKey.class);
-	}
+//	public Set<SecretKey> getSecretKeys() {
+//		checkValid();
+//		return getSubject().getPrivateCredentials(SecretKey.class);
+//	}
 
 	@Override
 	public boolean isValid() {
@@ -156,7 +133,7 @@ public class CmsSessionImpl implements CmsSession, Serializable {
 	}
 
 	@Override
-	public LdapName getUserDn() {
+	public String getUserDn() {
 		return userDn;
 	}