X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fservlet%2FCmsServletContext.java;h=c88ee7f93c1a7b86994c504360dd6c915121147c;hb=10b2c4bc42cac27c316825ef4f01e53d1fc4d9f9;hp=03a7551f01c568c84449fe3f44163c8600be4616;hpb=c7e195eb2bad923662e6aa116359ca473dee337f;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/servlet/CmsServletContext.java b/org.argeo.cms/src/org/argeo/cms/servlet/CmsServletContext.java index 03a7551f0..c88ee7f93 100644 --- a/org.argeo.cms/src/org/argeo/cms/servlet/CmsServletContext.java +++ b/org.argeo.cms/src/org/argeo/cms/servlet/CmsServletContext.java @@ -2,8 +2,10 @@ package org.argeo.cms.servlet; import java.io.IOException; import java.net.URL; +import java.security.PrivilegedAction; import java.util.Map; +import javax.security.auth.Subject; import javax.security.auth.login.LoginContext; import javax.security.auth.login.LoginException; import javax.servlet.http.HttpServletRequest; @@ -19,7 +21,7 @@ import org.osgi.framework.FrameworkUtil; import org.osgi.service.http.context.ServletContextHelper; /** - * Default servlet context degrading to anonymous if the the sesison is not + * Default servlet context degrading to anonymous if the the session is not * pre-authenticated. */ public class CmsServletContext extends ServletContextHelper { @@ -50,9 +52,27 @@ public class CmsServletContext extends ServletContextHelper { if (lc == null) return false; } + + Subject subject = lc.getSubject(); + //log.debug("SERVLET CONTEXT: "+subject); + Subject.doAs(subject, new PrivilegedAction() { + + @Override + public Void run() { + // TODO also set login context in order to log out ? + ServletAuthUtils.configureRequestSecurity(request); + return null; + } + + }); return true; } + @Override + public void finishSecurity(HttpServletRequest request, HttpServletResponse response) { + ServletAuthUtils.clearRequestSecurity(request); + } + protected LoginContext processUnauthorized(HttpServletRequest request, HttpServletResponse response) { // anonymous try {