Make Eclipse 4 UI auth more robust

diff --git a/org.argeo.cms.e4/src/org/argeo/cms/e4/addons/AuthAddon.java b/org.argeo.cms.e4/src/org/argeo/cms/e4/addons/AuthAddon.java
index 6f03139ca4d6aaa96c8359ee86d5660c39a6254c..326a67e10d2c884124d29d775ae2109aa63b5928 100644 (file)
--- a/org.argeo.cms.e4/src/org/argeo/cms/e4/addons/AuthAddon.java
+++ b/org.argeo.cms.e4/src/org/argeo/cms/e4/addons/AuthAddon.java
@@ -1,9 +1,15 @@
 package org.argeo.cms.e4.addons;
 
+import java.security.AccessController;
 import java.util.Iterator;
 
 import javax.annotation.PostConstruct;
+import javax.security.auth.Subject;
+import javax.servlet.http.HttpServletRequest;
 
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.argeo.cms.CmsException;
 import org.argeo.cms.auth.CurrentUser;
 import org.eclipse.e4.ui.model.application.MApplication;
 import org.eclipse.e4.ui.model.application.ui.MElementContainer;
@@ -13,19 +19,23 @@ import org.eclipse.e4.ui.model.application.ui.basic.MTrimmedWindow;
 import org.eclipse.e4.ui.model.application.ui.basic.MWindow;
 
 public class AuthAddon {
+       private final static Log log = LogFactory.getLog(AuthAddon.class);
+
        public final static String AUTH = "auth.";
 
        @PostConstruct
        void init(MApplication application) {
                Iterator<MWindow> windows = application.getChildren().iterator();
+               boolean atLeastOneTopLevelWindowVisible = false;
                windows: while (windows.hasNext()) {
                        MWindow window = windows.next();
                        // main window
                        boolean windowVisible = process(window);
                        if (!windowVisible) {
-                               windows.remove();
+//                             windows.remove();
                                continue windows;
                        }
+                       atLeastOneTopLevelWindowVisible = true;
                        // trim bars
                        if (window instanceof MTrimmedWindow) {
                                Iterator<MTrimBar> trimBars = ((MTrimmedWindow) window).getTrimBars().iterator();
@@ -37,6 +47,11 @@ public class AuthAddon {
                                }
                        }
                }
+
+               if (!atLeastOneTopLevelWindowVisible) {
+                       log.warn("No top-level window is authorized for user " + CurrentUser.getUsername() + ", logging out..");
+                       logout();
+               }
        }
 
        protected boolean process(MUIElement element) {
@@ -74,4 +89,17 @@ public class AuthAddon {
 
                return true;
        }
+
+       protected void logout() {
+               Subject subject = Subject.getSubject(AccessController.getContext());
+               try {
+                       CurrentUser.logoutCmsSession(subject);
+               } catch (Exception e) {
+                       throw new CmsException("Cannot log out", e);
+               }
+               HttpServletRequest request = org.argeo.eclipse.ui.specific.UiContext.getHttpRequest();
+               if (request != null)
+                       request.getSession().setMaxInactiveInterval(0);
+       }
+
 }