X-Git-Url: https://git.argeo.org/?p=lgpl%2Fargeo-commons.git;a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FCmsAuthUtils.java;h=f5503d5c5d74185b4dfbb18b2c2c102efdd8a08e;hp=e9462c3add31cb7dbd0ef16f48afb00e2225a611;hb=a4dac2851e23533c64a23a056da0d82574d8e300;hpb=ecf8ab7382eadecab5a93261f261d0fd2168ffa8

diff --git a/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java b/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java
index e9462c3ad..f5503d5c5 100644
--- a/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java
@@ -123,6 +123,7 @@ class CmsAuthUtils {
 		// subject.getPrincipals().removeAll(subject.getPrincipals(AnonymousPrincipal.class));
 	}
 
+	@SuppressWarnings("unused")
 	synchronized static void registerSessionAuthorization(HttpServletRequest request, Subject subject,
 			Authorization authorization, Locale locale) {
 		// synchronized in order to avoid multiple registrations
@@ -131,46 +132,54 @@ class CmsAuthUtils {
 			HttpSession httpSession = request.getSession(false);
 			assert httpSession != null;
 			String httpSessId = httpSession.getId();
-			String remoteUser = authorization.getName() != null ? authorization.getName()
-					: NodeConstants.ROLE_ANONYMOUS;
+			boolean anonymous = authorization.getName() == null;
+			String remoteUser = !anonymous ? authorization.getName() : NodeConstants.ROLE_ANONYMOUS;
 			request.setAttribute(HttpContext.REMOTE_USER, remoteUser);
 			request.setAttribute(HttpContext.AUTHORIZATION, authorization);
 
-			CmsSessionImpl cmsSession = CmsSessionImpl.getByLocalId(httpSessId);
-			if (cmsSession != null) {
-				if (authorization.getName() != null) {
-					if (cmsSession.getAuthorization().getName() == null) {
-						cmsSession.close();
-						cmsSession = null;
-					} else if (!authorization.getName().equals(cmsSession.getAuthorization().getName())) {
+			CmsSessionImpl cmsSession;
+			CmsSessionImpl currentLocalSession = CmsSessionImpl.getByLocalId(httpSessId);
+			if (currentLocalSession != null) {
+				boolean currentLocalSessionAnonymous = currentLocalSession.getAuthorization().getName() == null;
+				if (!anonymous) {
+					if (currentLocalSessionAnonymous) {
+						currentLocalSession.close();
+						// new CMS session
+						cmsSession = new WebCmsSessionImpl(subject, authorization, locale, request);
+					} else if (!authorization.getName().equals(currentLocalSession.getAuthorization().getName())) {
 						throw new IllegalStateException("Inconsistent user " + authorization.getName()
-								+ " for existing CMS session " + cmsSession);
-					}
-					// keyring
-					if (cmsSession != null)
+								+ " for existing CMS session " + currentLocalSession);
+					} else {
+						// keep current session
+						cmsSession = currentLocalSession;
+						// keyring
 						subject.getPrivateCredentials().addAll(cmsSession.getSecretKeys());
+					}
 				} else {// anonymous
-					if (cmsSession.getAuthorization().getName() != null) {
-						cmsSession.close();
-						// TODO rather throw an exception ? log a warning ?
-						cmsSession = null;
+					if (!currentLocalSessionAnonymous) {
+						currentLocalSession.close();
+						throw new IllegalStateException(
+								"Existing CMS session " + currentLocalSession + " was not logged out properly.");
 					}
+					// keep current session
+					cmsSession = currentLocalSession;
 				}
-			} else if (cmsSession == null) {
+			} else {
+				// new CMS session
 				cmsSession = new WebCmsSessionImpl(subject, authorization, locale, request);
 			}
-			// request.setAttribute(CmsSession.class.getName(), cmsSession);
-			if (cmsSession != null) {
-				CmsSessionId nodeSessionId = new CmsSessionId(cmsSession.getUuid());
-				if (subject.getPrivateCredentials(CmsSessionId.class).size() == 0)
-					subject.getPrivateCredentials().add(nodeSessionId);
-				else {
-					UUID storedSessionId = subject.getPrivateCredentials(CmsSessionId.class).iterator().next()
-							.getUuid();
-					// if (storedSessionId.equals(httpSessionId.getValue()))
-					throw new IllegalStateException(
-							"Subject already logged with session " + storedSessionId + " (not " + nodeSessionId + ")");
-				}
+
+			if (cmsSession == null)// should be dead code (cf. SuppressWarning of the method)
+				throw new IllegalStateException("CMS session cannot be null");
+
+			CmsSessionId nodeSessionId = new CmsSessionId(cmsSession.getUuid());
+			if (subject.getPrivateCredentials(CmsSessionId.class).size() == 0) {
+				subject.getPrivateCredentials().add(nodeSessionId);
+			} else {
+				UUID storedSessionId = subject.getPrivateCredentials(CmsSessionId.class).iterator().next().getUuid();
+				// if (storedSessionId.equals(httpSessionId.getValue()))
+				throw new IllegalStateException(
+						"Subject already logged with session " + storedSessionId + " (not " + nodeSessionId + ")");
 			}
 		} else {
 			// TODO desktop, CLI