X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=security%2Fplugins%2Forg.argeo.security.ui.rap%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fsecurity%2Fui%2Frap%2FSecureEntryPoint.java;h=0dd0d173b0067c95ee8d0fc3d3a13fcd89a17e21;hb=61320e5902070e49d32379aab06faaa1544835ab;hp=dced692949d414a7c9467d99eb234c4bcac45d28;hpb=0c7d4e488bf4e357ca33329c87a29baae63a5be9;p=lgpl%2Fargeo-commons.git diff --git a/security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/SecureEntryPoint.java b/security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/SecureEntryPoint.java index dced69294..0dd0d173b 100644 --- a/security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/SecureEntryPoint.java +++ b/security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/SecureEntryPoint.java @@ -1,3 +1,18 @@ +/* + * Copyright (C) 2007-2012 Mathieu Baudier + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package org.argeo.security.ui.rap; import java.security.PrivilegedAction; @@ -44,12 +59,18 @@ public class SecureEntryPoint implements IEntryPoint { /** Default session timeout is 8 hours (European working day length) */ private Integer sessionTimeout = 8 * 60 * 60; + /** Override to provide an application specific workbench advisor */ + protected RapWorkbenchAdvisor createRapWorkbenchAdvisor(String username) { + return new RapWorkbenchAdvisor(username); + } + @Override - public int createUI() { + public final int createUI() { // Short login timeout so that the modal dialog login doesn't hang // around too long RWT.getRequest().getSession().setMaxInactiveInterval(loginTimeout); + // Try to load security context thanks to the session processing filter HttpServletRequest httpRequest = RWT.getRequest(); HttpSession httpSession = httpRequest.getSession(); Object contextFromSessionObject = httpSession @@ -114,14 +135,13 @@ public class SecureEntryPoint implements IEntryPoint { try { returnCode = Subject.doAs(subject, new PrivilegedAction() { public Integer run() { - RapWorkbenchAdvisor workbenchAdvisor = new RapWorkbenchAdvisor( - username); + RapWorkbenchAdvisor workbenchAdvisor = createRapWorkbenchAdvisor(username); int result = PlatformUI.createAndRunWorkbench(display, workbenchAdvisor); return new Integer(result); } }); - logout(loginContext, username); + // logout(loginContext, username); } finally { display.dispose(); } @@ -175,6 +195,11 @@ public class SecureEntryPoint implements IEntryPoint { protected void logout(ILoginContext secureContext, String username) { try { + HttpServletRequest httpRequest = RWT.getRequest(); + HttpSession httpSession = httpRequest.getSession(); + httpSession.setAttribute(SPRING_SECURITY_CONTEXT_KEY, null); + RWT.getRequest().getSession().setMaxInactiveInterval(1); + SecurityContextHolder.clearContext(); secureContext.logout(); log.info("Logged out " + (username != null ? username : "") + " (THREAD=" + Thread.currentThread().getId() + ")");