import java.io.IOException;
import java.net.URL;
+import java.security.PrivilegedAction;
import java.util.Map;
+import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.servlet.http.HttpServletRequest;
import org.osgi.service.http.context.ServletContextHelper;
/**
- * Default servlet context degrading to anonymous if the the sesison is not
+ * Default servlet context degrading to anonymous if the the session is not
* pre-authenticated.
*/
public class CmsServletContext extends ServletContextHelper {
if (lc == null)
return false;
}
+
+ Subject subject = lc.getSubject();
+ //log.debug("SERVLET CONTEXT: "+subject);
+ Subject.doAs(subject, new PrivilegedAction<Void>() {
+
+ @Override
+ public Void run() {
+ // TODO also set login context in order to log out ?
+ ServletAuthUtils.configureRequestSecurity(request);
+ return null;
+ }
+
+ });
return true;
}
+ @Override
+ public void finishSecurity(HttpServletRequest request, HttpServletResponse response) {
+ ServletAuthUtils.clearRequestSecurity(request);
+ }
+
protected LoginContext processUnauthorized(HttpServletRequest request, HttpServletResponse response) {
// anonymous
try {
projects / lgpl / argeo-commons.git / blobdiff