import java.util.function.Supplier;
import javax.security.auth.Subject;
-import javax.servlet.http.HttpServletRequest;
import org.argeo.api.cms.CmsSession;
import org.argeo.cms.auth.CurrentUser;
+import org.argeo.cms.auth.HttpRequest;
import org.argeo.cms.osgi.CmsOsgiUtils;
import org.osgi.framework.BundleContext;
import org.osgi.framework.FrameworkUtil;
-import org.osgi.service.http.HttpContext;
/** Authentications utilities when using servlets. */
public class ServletAuthUtils {
+ static final String REMOTE_USER = "org.osgi.service.http.authentication.remote.user";
private static BundleContext bundleContext = FrameworkUtil.getBundle(ServletAuthUtils.class).getBundleContext();
/**
* Execute this supplier, using the CMS class loader as context classloader.
* Useful to log in to JCR.
*/
- public final static <T> T doAs(Supplier<T> supplier, HttpServletRequest req) {
+ public final static <T> T doAs(Supplier<T> supplier, HttpRequest req) {
ClassLoader currentContextCl = Thread.currentThread().getContextClassLoader();
Thread.currentThread().setContextClassLoader(ServletAuthUtils.class.getClassLoader());
try {
}
}
- public final static void configureRequestSecurity(HttpServletRequest req) {
+ public final static void configureRequestSecurity(HttpRequest req) {
if (req.getAttribute(AccessControlContext.class.getName()) != null)
throw new IllegalStateException("Request already authenticated.");
AccessControlContext acc = AccessController.getContext();
- req.setAttribute(HttpContext.REMOTE_USER, CurrentUser.getUsername());
+ req.setAttribute(REMOTE_USER, CurrentUser.getUsername());
req.setAttribute(AccessControlContext.class.getName(), acc);
}
- public final static void clearRequestSecurity(HttpServletRequest req) {
+ public final static void clearRequestSecurity(HttpRequest req) {
if (req.getAttribute(AccessControlContext.class.getName()) == null)
throw new IllegalStateException("Cannot clear non-authenticated request.");
- req.setAttribute(HttpContext.REMOTE_USER, null);
+ req.setAttribute(REMOTE_USER, null);
req.setAttribute(AccessControlContext.class.getName(), null);
}
- public static CmsSession getCmsSession(HttpServletRequest req) {
+ public static CmsSession getCmsSession(HttpRequest req) {
Subject subject = Subject
.getSubject((AccessControlContext) req.getAttribute(AccessControlContext.class.getName()));
CmsSession cmsSession = CmsOsgiUtils.getCmsSession(bundleContext, subject);