X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms.ee%2Fsrc%2Forg%2Fargeo%2Fcms%2Fintegration%2FCmsPrivateServletContext.java;h=09f17ae02cea7274d0fc5e116505f0c6ee250934;hb=6254373e6005cf77f218ab5b8c54fdc72bb97ca4;hp=cec04d230714edda51cefe4fcc0f575fdfd14138;hpb=c980726ff1af1b9474dac9b2605cd558e94b4606;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms.ee/src/org/argeo/cms/integration/CmsPrivateServletContext.java b/org.argeo.cms.ee/src/org/argeo/cms/integration/CmsPrivateServletContext.java index cec04d230..09f17ae02 100644 --- a/org.argeo.cms.ee/src/org/argeo/cms/integration/CmsPrivateServletContext.java +++ b/org.argeo.cms.ee/src/org/argeo/cms/integration/CmsPrivateServletContext.java @@ -2,10 +2,8 @@ package org.argeo.cms.integration; import java.io.IOException; import java.security.AccessControlContext; -import java.security.PrivilegedAction; import java.util.Map; -import javax.security.auth.Subject; import javax.security.auth.login.LoginContext; import javax.security.auth.login.LoginException; import javax.servlet.http.HttpServletRequest; @@ -45,31 +43,31 @@ public class CmsPrivateServletContext extends ServletContextHelper { if ((pathInfo != null && (servletPath + pathInfo).equals(loginPage)) || servletPath.contentEquals(loginServlet)) return true; try { - lc = new LoginContext(CmsAuth.LOGIN_CONTEXT_USER, new RemoteAuthCallbackHandler(request, response)); + lc = CmsAuth.USER.newLoginContext(new RemoteAuthCallbackHandler(request, response)); lc.login(); } catch (LoginException e) { lc = processUnauthorized(req, resp); if (lc == null) return false; } - Subject.doAs(lc.getSubject(), new PrivilegedAction() { - - @Override - public Void run() { - // TODO also set login context in order to log out ? - RemoteAuthUtils.configureRequestSecurity(request); - return null; - } - - }); +// Subject.doAs(lc.getSubject(), new PrivilegedAction() { +// +// @Override +// public Void run() { +// // TODO also set login context in order to log out ? +// RemoteAuthUtils.configureRequestSecurity(request); +// return null; +// } +// +// }); return true; } - @Override - public void finishSecurity(HttpServletRequest req, HttpServletResponse resp) { - RemoteAuthUtils.clearRequestSecurity(new ServletHttpRequest(req)); - } +// @Override +// public void finishSecurity(HttpServletRequest req, HttpServletResponse resp) { +// RemoteAuthUtils.clearRequestSecurity(new ServletHttpRequest(req)); +// } protected LoginContext processUnauthorized(HttpServletRequest request, HttpServletResponse response) { try {