X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms.ui%2Fsrc%2Forg%2Fargeo%2Fcms%2Fui%2FAbstractCmsEntryPoint.java;h=9d56e5eae4654072e0a1671ee4238896dd4ccaaa;hb=636529bb7df0774617693e452b04a4c61dda16cb;hp=5072c628dce5b6aa32bfe625a245495a728c7147;hpb=fd8f2c91e47d38445ba9702b40559939162f666d;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms.ui/src/org/argeo/cms/ui/AbstractCmsEntryPoint.java b/org.argeo.cms.ui/src/org/argeo/cms/ui/AbstractCmsEntryPoint.java index 5072c628d..9d56e5eae 100644 --- a/org.argeo.cms.ui/src/org/argeo/cms/ui/AbstractCmsEntryPoint.java +++ b/org.argeo.cms.ui/src/org/argeo/cms/ui/AbstractCmsEntryPoint.java @@ -1,5 +1,7 @@ package org.argeo.cms.ui; +import static org.argeo.naming.SharedSecret.X_SHARED_SECRET; + import java.security.PrivilegedAction; import java.util.HashMap; import java.util.Map; @@ -12,7 +14,6 @@ import javax.jcr.RepositoryException; import javax.jcr.Session; import javax.jcr.nodetype.NodeType; import javax.security.auth.Subject; -import javax.security.auth.login.CredentialNotFoundException; import javax.security.auth.login.LoginContext; import javax.security.auth.login.LoginException; import javax.servlet.http.HttpServletRequest; @@ -20,10 +21,12 @@ import javax.servlet.http.HttpServletRequest; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.argeo.cms.CmsException; +import org.argeo.cms.auth.CurrentUser; import org.argeo.cms.auth.HttpRequestCallbackHandler; import org.argeo.eclipse.ui.specific.UiContext; import org.argeo.jcr.JcrUtils; -import org.argeo.node.NodeAuthenticated; +import org.argeo.naming.AuthPassword; +import org.argeo.naming.SharedSecret; import org.argeo.node.NodeConstants; import org.eclipse.rap.rwt.RWT; import org.eclipse.rap.rwt.application.AbstractEntryPoint; @@ -42,7 +45,7 @@ public abstract class AbstractCmsEntryPoint extends AbstractEntryPoint implement private final Log log = LogFactory.getLog(AbstractCmsEntryPoint.class); - private final Subject subject; + // private final Subject subject; private LoginContext loginContext; private final Repository repository; @@ -55,7 +58,6 @@ public abstract class AbstractCmsEntryPoint extends AbstractEntryPoint implement private Node node; private String nodePath;// useful when changing auth private String state; - private String page; private Throwable exception; // Client services @@ -68,24 +70,23 @@ public abstract class AbstractCmsEntryPoint extends AbstractEntryPoint implement this.workspace = workspace; this.defaultPath = defaultPath; this.factoryProperties = new HashMap(factoryProperties); - subject = new Subject(); + // subject = new Subject(); // Initial login + LoginContext lc; try { - loginContext = new LoginContext(NodeConstants.LOGIN_CONTEXT_USER, subject, - new HttpRequestCallbackHandler(UiContext.getHttpRequest())); - loginContext.login(); - } catch (CredentialNotFoundException e) { + lc = new LoginContext(NodeConstants.LOGIN_CONTEXT_USER, + new HttpRequestCallbackHandler(UiContext.getHttpRequest(), UiContext.getHttpResponse())); + lc.login(); + } catch (LoginException e) { try { - loginContext = new LoginContext(NodeConstants.LOGIN_CONTEXT_ANONYMOUS, subject); - loginContext.login(); + lc = new LoginContext(NodeConstants.LOGIN_CONTEXT_ANONYMOUS); + lc.login(); } catch (LoginException e1) { - throw new CmsException("Cannot log as anonymous", e); + throw new CmsException("Cannot log in as anonymous", e1); } - } catch (LoginException e) { - throw new CmsException("Cannot initialize subject", e); } - authChange(loginContext); + authChange(lc); jsExecutor = RWT.getClient().getService(JavaScriptExecutor.class); browserNavigation = RWT.getClient().getService(BrowserNavigation.class); @@ -111,8 +112,8 @@ public abstract class AbstractCmsEntryPoint extends AbstractEntryPoint implement @Override protected final void createContents(final Composite parent) { - UiContext.setData(NodeAuthenticated.KEY, this); - Subject.doAs(subject, new PrivilegedAction() { + UiContext.setData(CmsView.KEY, this); + Subject.doAs(getSubject(), new PrivilegedAction() { @Override public Void run() { try { @@ -135,9 +136,10 @@ public abstract class AbstractCmsEntryPoint extends AbstractEntryPoint implement * The node to return when no node was found (for authenticated users and * anonymous) */ - protected Node getDefaultNode(Session session) throws RepositoryException { + private Node getDefaultNode(Session session) throws RepositoryException { if (!session.hasPermission(defaultPath, "read")) { - if (session.getUserID().equals(NodeConstants.ROLE_ANONYMOUS)) + String userId = session.getUserID(); + if (userId.equals(NodeConstants.ROLE_ANONYMOUS)) // TODO throw a special exception throw new CmsException("Login required"); else @@ -158,9 +160,22 @@ public abstract class AbstractCmsEntryPoint extends AbstractEntryPoint implement browserNavigation.pushState(state, title); } + // @Override + // public synchronized Subject getSubject() { + // return subject; + // } + + // @Override + // public LoginContext getLoginContext() { + // return loginContext; + // } + protected Subject getSubject() { + return loginContext.getSubject(); + } + @Override - public synchronized Subject getSubject() { - return subject; + public boolean isAnonymous() { + return CurrentUser.isAnonymous(getSubject()); } @Override @@ -168,21 +183,29 @@ public abstract class AbstractCmsEntryPoint extends AbstractEntryPoint implement if (loginContext == null) throw new CmsException("Login context should not be null"); try { + CurrentUser.logoutCmsSession(loginContext.getSubject()); loginContext.logout(); - LoginContext anonymousLc = new LoginContext(NodeConstants.LOGIN_CONTEXT_ANONYMOUS, subject); + LoginContext anonymousLc = new LoginContext(NodeConstants.LOGIN_CONTEXT_ANONYMOUS); anonymousLc.login(); authChange(anonymousLc); } catch (LoginException e) { - throw new CmsException("Cannot logout", e); + log.error("Cannot logout", e); } } @Override - public synchronized void authChange(LoginContext loginContext) { - if (loginContext == null) + public synchronized void authChange(LoginContext lc) { + if (lc == null) throw new CmsException("Login context cannot be null"); - this.loginContext = loginContext; - Subject.doAs(loginContext.getSubject(), new PrivilegedAction() { + // logout previous login context + if (this.loginContext != null) + try { + this.loginContext.logout(); + } catch (LoginException e1) { + log.warn("Could not log out: " + e1); + } + this.loginContext = lc; + Subject.doAs(getSubject(), new PrivilegedAction() { @Override public Void run() { @@ -205,7 +228,6 @@ public abstract class AbstractCmsEntryPoint extends AbstractEntryPoint implement } }); - } @Override @@ -216,7 +238,7 @@ public abstract class AbstractCmsEntryPoint extends AbstractEntryPoint implement } protected synchronized void doRefresh() { - Subject.doAs(subject, new PrivilegedAction() { + Subject.doAs(getSubject(), new PrivilegedAction() { @Override public Void run() { refresh(); @@ -229,8 +251,8 @@ public abstract class AbstractCmsEntryPoint extends AbstractEntryPoint implement protected synchronized String setState(String newState) { String previousState = this.state; - Node node = null; - page = null; + String newNodePath = null; + String prefix = null; this.state = newState; if (newState.equals("~")) this.state = ""; @@ -238,25 +260,57 @@ public abstract class AbstractCmsEntryPoint extends AbstractEntryPoint implement try { int firstSlash = state.indexOf('/'); if (firstSlash == 0) { - node = session.getNode(state); - page = ""; + newNodePath = state; + prefix = ""; } else if (firstSlash > 0) { - String prefix = state.substring(0, firstSlash); - String path = state.substring(firstSlash); - if (session.nodeExists(path)) - node = session.getNode(path); - else - throw new CmsException("Data " + path + " does not exist"); - page = prefix; + prefix = state.substring(0, firstSlash); + newNodePath = state.substring(firstSlash); } else { - node = getDefaultNode(session); - page = state; + newNodePath = defaultPath; + prefix = state; + + } + + // auth + int colonIndex = prefix.indexOf('$'); + if (colonIndex > 0) { + // String user = prefix.substring(0, colonIndex); + // // if (isAnonymous()) { + // String token = prefix.substring(colonIndex + 1); + // LoginContext lc = new LoginContext(NodeConstants.LOGIN_CONTEXT_USER, new + // CallbackHandler() { + // + // @Override + // public void handle(Callback[] callbacks) throws IOException, + // UnsupportedCallbackException { + // for (Callback callback : callbacks) { + // if (callback instanceof NameCallback) + // ((NameCallback) callback).setName(user); + // else if (callback instanceof PasswordCallback) + // ((PasswordCallback) callback).setPassword(token.toCharArray()); + // } + // + // } + // }); + SharedSecret token = new SharedSecret(new AuthPassword(X_SHARED_SECRET + '$' + prefix)); + LoginContext lc = new LoginContext(NodeConstants.LOGIN_CONTEXT_USER, token); + lc.login(); + authChange(lc);// sets the node as well + // } else { + // // TODO check consistency + // } + } else { + Node newNode = null; + if (session.nodeExists(newNodePath)) + newNode = session.getNode(newNodePath); + else + throw new CmsException("Data " + newNodePath + " does not exist"); + setNode(newNode); } - setNode(node); - String title = publishMetaData(node); + String title = publishMetaData(getNode()); if (log.isTraceEnabled()) - log.trace("node=" + node + ", state=" + state + " (page=" + page + ")"); + log.trace("node=" + newNodePath + ", state=" + state + " (prefix=" + prefix + ")"); return title; } catch (Exception e) { @@ -326,7 +380,7 @@ public abstract class AbstractCmsEntryPoint extends AbstractEntryPoint implement @Override public void navigated(BrowserNavigationEvent event) { setState(event.getState()); - refresh(); + doRefresh(); } } } \ No newline at end of file