X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms.ee%2Fsrc%2Forg%2Fargeo%2Fcms%2Fservlet%2FCmsServletContext.java;h=6a5208730fdd4af179afbc1de536367629365b28;hb=6254373e6005cf77f218ab5b8c54fdc72bb97ca4;hp=dd6467216f3340c67e2a3c20a2d7cc9525aacd7a;hpb=c2eb0b8ebd1c9df4923f5fb2298a4ae04237f65d;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms.ee/src/org/argeo/cms/servlet/CmsServletContext.java b/org.argeo.cms.ee/src/org/argeo/cms/servlet/CmsServletContext.java index dd6467216..6a5208730 100644 --- a/org.argeo.cms.ee/src/org/argeo/cms/servlet/CmsServletContext.java +++ b/org.argeo.cms.ee/src/org/argeo/cms/servlet/CmsServletContext.java @@ -2,6 +2,7 @@ package org.argeo.cms.servlet; import java.io.IOException; import java.net.URL; +import java.net.http.HttpHeaders; import java.security.PrivilegedAction; import java.util.Map; @@ -18,6 +19,7 @@ import org.argeo.cms.auth.RemoteAuthRequest; import org.argeo.cms.auth.RemoteAuthResponse; import org.argeo.cms.auth.RemoteAuthUtils; import org.argeo.cms.servlet.internal.HttpUtils; +import org.argeo.util.http.HttpHeader; import org.osgi.framework.Bundle; import org.osgi.framework.FrameworkUtil; import org.osgi.service.http.context.ServletContextHelper; @@ -55,9 +57,10 @@ public class CmsServletContext extends ServletContextHelper { lc = CmsAuth.USER.newLoginContext(new RemoteAuthCallbackHandler(remoteAuthRequest, remoteAuthResponse)); lc.login(); } catch (LoginException e) { - // FIXME better analyse failure so as not to try endlessly if (authIsRequired(remoteAuthRequest, remoteAuthResponse)) { - int statusCode = RemoteAuthUtils.askForWwwAuth(remoteAuthResponse, httpAuthRealm, forceBasic); + int statusCode = RemoteAuthUtils.askForWwwAuth(remoteAuthRequest, + remoteAuthResponse, httpAuthRealm, + forceBasic); response.setStatus(statusCode); return false; @@ -70,24 +73,24 @@ public class CmsServletContext extends ServletContextHelper { Thread.currentThread().setContextClassLoader(currentThreadContextClassLoader); } - Subject subject = lc.getSubject(); - Subject.doAs(subject, new PrivilegedAction() { - - @Override - public Void run() { - // TODO also set login context in order to log out ? - RemoteAuthUtils.configureRequestSecurity(remoteAuthRequest); - return null; - } - - }); +// Subject subject = lc.getSubject(); +// Subject.doAs(subject, new PrivilegedAction() { +// +// @Override +// public Void run() { +// // TODO also set login context in order to log out ? +// RemoteAuthUtils.configureRequestSecurity(remoteAuthRequest); +// return null; +// } +// +// }); return true; } - @Override - public void finishSecurity(HttpServletRequest request, HttpServletResponse response) { - RemoteAuthUtils.clearRequestSecurity(new ServletHttpRequest(request)); - } +// @Override +// public void finishSecurity(HttpServletRequest request, HttpServletResponse response) { +// RemoteAuthUtils.clearRequestSecurity(new ServletHttpRequest(request)); +// } protected boolean authIsRequired(RemoteAuthRequest remoteAuthRequest, RemoteAuthResponse remoteAuthResponse) { return false;