import java.util.function.Supplier;
import javax.security.auth.Subject;
-import javax.servlet.http.HttpServletRequest;
import org.argeo.api.cms.CmsSession;
import org.argeo.cms.auth.CurrentUser;
+import org.argeo.cms.auth.HttpRequest;
import org.argeo.cms.osgi.CmsOsgiUtils;
import org.osgi.framework.BundleContext;
import org.osgi.framework.FrameworkUtil;
-import org.osgi.service.http.HttpContext;
/** Authentications utilities when using servlets. */
public class ServletAuthUtils {
+ static final String REMOTE_USER = "org.osgi.service.http.authentication.remote.user";
private static BundleContext bundleContext = FrameworkUtil.getBundle(ServletAuthUtils.class).getBundleContext();
/**
* Execute this supplier, using the CMS class loader as context classloader.
* Useful to log in to JCR.
*/
- public final static <T> T doAs(Supplier<T> supplier, HttpServletRequest req) {
+ public final static <T> T doAs(Supplier<T> supplier, HttpRequest req) {
ClassLoader currentContextCl = Thread.currentThread().getContextClassLoader();
Thread.currentThread().setContextClassLoader(ServletAuthUtils.class.getClassLoader());
try {
}
}
- public final static void configureRequestSecurity(HttpServletRequest req) {
+ public final static void configureRequestSecurity(HttpRequest req) {
if (req.getAttribute(AccessControlContext.class.getName()) != null)
throw new IllegalStateException("Request already authenticated.");
AccessControlContext acc = AccessController.getContext();
- req.setAttribute(HttpContext.REMOTE_USER, CurrentUser.getUsername());
+ req.setAttribute(REMOTE_USER, CurrentUser.getUsername());
req.setAttribute(AccessControlContext.class.getName(), acc);
}
- public final static void clearRequestSecurity(HttpServletRequest req) {
+ public final static void clearRequestSecurity(HttpRequest req) {
if (req.getAttribute(AccessControlContext.class.getName()) == null)
throw new IllegalStateException("Cannot clear non-authenticated request.");
- req.setAttribute(HttpContext.REMOTE_USER, null);
+ req.setAttribute(REMOTE_USER, null);
req.setAttribute(AccessControlContext.class.getName(), null);
}
- public static CmsSession getCmsSession(HttpServletRequest req) {
+ public static CmsSession getCmsSession(HttpRequest req) {
Subject subject = Subject
.getSubject((AccessControlContext) req.getAttribute(AccessControlContext.class.getName()));
CmsSession cmsSession = CmsOsgiUtils.getCmsSession(bundleContext, subject);
@Override
public HttpSession getSession() {
- return new ServletHttpSession();
+ return new ServletHttpSession(request.getSession(false));
}
@Override
public HttpSession createSession() {
- request.getSession(true);
- return new ServletHttpSession();
+ return new ServletHttpSession(request.getSession(true));
}
@Override
public int getRemotePort() {
return request.getRemotePort();
}
-
- private class ServletHttpSession implements HttpSession {
-
- @Override
- public boolean isValid() {
- try {// test http session
- request.getSession(false).getCreationTime();
- return true;
- } catch (IllegalStateException ise) {
- return false;
- }
- }
-
- @Override
- public String getId() {
- return request.getSession(false).getId();
- }
-
- }
}
--- /dev/null
+package org.argeo.cms.servlet;
+
+import org.argeo.cms.auth.HttpSession;
+
+public class ServletHttpSession implements HttpSession {
+ private javax.servlet.http.HttpSession session;
+
+ public ServletHttpSession(javax.servlet.http.HttpSession session) {
+ super();
+ this.session = session;
+ }
+
+ @Override
+ public boolean isValid() {
+ try {// test http session
+ session.getCreationTime();
+ return true;
+ } catch (IllegalStateException ise) {
+ return false;
+ }
+ }
+
+ @Override
+ public String getId() {
+ return session.getId();
+ }
+
+}