import org.argeo.api.cms.AnonymousPrincipal;
import org.argeo.api.cms.CmsConstants;
+import org.argeo.api.cms.CmsSession;
import org.argeo.api.cms.CmsSessionId;
import org.argeo.api.cms.DataAdminPrincipal;
import org.argeo.cms.internal.auth.CmsSessionImpl;
import org.argeo.cms.internal.auth.ImpliedByPrincipal;
import org.argeo.cms.internal.auth.RemoteCmsSessionImpl;
import org.argeo.cms.internal.runtime.CmsContextImpl;
-import org.argeo.osgi.useradmin.AuthenticatingUser;
+import org.argeo.cms.osgi.useradmin.AuthenticatingUser;
import org.osgi.service.useradmin.Authorization;
/** Centralises security related registrations. */
// Standard
final static String SHARED_STATE_NAME = AuthenticatingUser.SHARED_STATE_NAME;
final static String SHARED_STATE_PWD = AuthenticatingUser.SHARED_STATE_PWD;
- final static String HEADER_AUTHORIZATION = "Authorization";
- final static String HEADER_WWW_AUTHENTICATE = "WWW-Authenticate";
+// final static String HEADER_AUTHORIZATION = "Authorization";
+// final static String HEADER_WWW_AUTHENTICATE = "WWW-Authenticate";
// Argeo specific
final static String SHARED_STATE_HTTP_REQUEST = "org.argeo.cms.auth.http.request";
final static String SHARED_STATE_CERTIFICATE_CHAIN = "org.argeo.cms.auth.certificateChain";
final static String SHARED_STATE_REMOTE_ADDR = "org.argeo.cms.auth.remote.addr";
final static String SHARED_STATE_REMOTE_PORT = "org.argeo.cms.auth.remote.port";
+ final static String SHARED_STATE_OS_USERNAME = "org.argeo.cms.os.username";
final static String SINGLE_USER_LOCAL_ID = "single-user";
// TODO move it to a service in order to avoid static synchronization
if (request != null) {
RemoteAuthSession httpSession = request.getSession();
- assert httpSession != null;
- String httpSessId = httpSession.getId();
+ String httpSessId = httpSession != null ? httpSession.getId() : null;
boolean anonymous = authorization.getName() == null;
String remoteUser = !anonymous ? authorization.getName() : CmsConstants.ROLE_ANONYMOUS;
request.setAttribute(RemoteAuthRequest.REMOTE_USER, remoteUser);
CmsSessionImpl cmsSession;
CmsSessionImpl currentLocalSession = CmsContextImpl.getCmsContext().getCmsSessionByLocalId(httpSessId);
if (currentLocalSession != null) {
- boolean currentLocalSessionAnonymous = currentLocalSession.getAuthorization().getName() == null;
+ boolean currentLocalSessionAnonymous = currentLocalSession.isAnonymous();
if (!anonymous) {
if (currentLocalSessionAnonymous) {
currentLocalSession.close();
throw new IllegalStateException(
"Subject already logged with session " + storedSessionId + " (not " + nodeSessionId + ")");
}
+ request.setAttribute(CmsSession.class.getName(), cmsSession);
} else {
CmsSessionImpl cmsSession = CmsContextImpl.getCmsContext().getCmsSessionByLocalId(SINGLE_USER_LOCAL_ID);
if (cmsSession == null) {
projects / lgpl / argeo-commons.git / blobdiff