Fix various issues raised when adapting upper layers

[lgpl/argeo-commons.git] / org.argeo.cms.servlet / src / org / argeo / cms / servlet / ServletAuthUtils.java

diff --git a/org.argeo.cms.servlet/src/org/argeo/cms/servlet/ServletAuthUtils.java b/org.argeo.cms.servlet/src/org/argeo/cms/servlet/ServletAuthUtils.java
index 67db467ce25a62f19a5aec82821e0e4d41efd729..7719658d706df89320689a672a9b60354d69e938 100644 (file)
--- a/org.argeo.cms.servlet/src/org/argeo/cms/servlet/ServletAuthUtils.java
+++ b/org.argeo.cms.servlet/src/org/argeo/cms/servlet/ServletAuthUtils.java
@@ -6,24 +6,24 @@ import java.security.PrivilegedAction;
 import java.util.function.Supplier;
 
 import javax.security.auth.Subject;
-import javax.servlet.http.HttpServletRequest;
 
 import org.argeo.api.cms.CmsSession;
 import org.argeo.cms.auth.CurrentUser;
+import org.argeo.cms.auth.HttpRequest;
 import org.argeo.cms.osgi.CmsOsgiUtils;
 import org.osgi.framework.BundleContext;
 import org.osgi.framework.FrameworkUtil;
-import org.osgi.service.http.HttpContext;
 
 /** Authentications utilities when using servlets. */
 public class ServletAuthUtils {
+       static final String REMOTE_USER = "org.osgi.service.http.authentication.remote.user";
        private static BundleContext bundleContext = FrameworkUtil.getBundle(ServletAuthUtils.class).getBundleContext();
 
        /**
         * Execute this supplier, using the CMS class loader as context classloader.
         * Useful to log in to JCR.
         */
-       public final static <T> T doAs(Supplier<T> supplier, HttpServletRequest req) {
+       public final static <T> T doAs(Supplier<T> supplier, HttpRequest req) {
                ClassLoader currentContextCl = Thread.currentThread().getContextClassLoader();
                Thread.currentThread().setContextClassLoader(ServletAuthUtils.class.getClassLoader());
                try {
@@ -42,22 +42,22 @@ public class ServletAuthUtils {
                }
        }
 
-       public final static void configureRequestSecurity(HttpServletRequest req) {
+       public final static void configureRequestSecurity(HttpRequest req) {
                if (req.getAttribute(AccessControlContext.class.getName()) != null)
                        throw new IllegalStateException("Request already authenticated.");
                AccessControlContext acc = AccessController.getContext();
-               req.setAttribute(HttpContext.REMOTE_USER, CurrentUser.getUsername());
+               req.setAttribute(REMOTE_USER, CurrentUser.getUsername());
                req.setAttribute(AccessControlContext.class.getName(), acc);
        }
 
-       public final static void clearRequestSecurity(HttpServletRequest req) {
+       public final static void clearRequestSecurity(HttpRequest req) {
                if (req.getAttribute(AccessControlContext.class.getName()) == null)
                        throw new IllegalStateException("Cannot clear non-authenticated request.");
-               req.setAttribute(HttpContext.REMOTE_USER, null);
+               req.setAttribute(REMOTE_USER, null);
                req.setAttribute(AccessControlContext.class.getName(), null);
        }
 
-       public static CmsSession getCmsSession(HttpServletRequest req) {
+       public static CmsSession getCmsSession(HttpRequest req) {
                Subject subject = Subject
                                .getSubject((AccessControlContext) req.getAttribute(AccessControlContext.class.getName()));
                CmsSession cmsSession = CmsOsgiUtils.getCmsSession(bundleContext, subject);