From beec30ca4ad6e0a27b3fe984d987b98988e14e76 Mon Sep 17 00:00:00 2001 From: Mathieu Baudier Date: Wed, 5 Jan 2022 10:10:35 +0100 Subject: [PATCH] Fix various issues raised when adapting upper layers --- dep/pom.xml | 2 +- dist/argeo-init/pom.xml | 2 +- .../argeo/cms/servlet/CmsServletContext.java | 4 +-- .../argeo/cms/servlet/ServletAuthUtils.java | 16 +++++------ .../argeo/cms/servlet/ServletHttpRequest.java | 24 ++-------------- .../argeo/cms/servlet/ServletHttpSession.java | 28 +++++++++++++++++++ 6 files changed, 42 insertions(+), 34 deletions(-) create mode 100644 org.argeo.cms.servlet/src/org/argeo/cms/servlet/ServletHttpSession.java diff --git a/dep/pom.xml b/dep/pom.xml index afbc3ea58..bc9065c24 100644 --- a/dep/pom.xml +++ b/dep/pom.xml @@ -119,7 +119,7 @@ org.argeo.commons - org.argeo.osgi.boot + org.argeo.init 2.3-SNAPSHOT test diff --git a/dist/argeo-init/pom.xml b/dist/argeo-init/pom.xml index 39f3dd3ed..5aeaa5e07 100644 --- a/dist/argeo-init/pom.xml +++ b/dist/argeo-init/pom.xml @@ -95,7 +95,7 @@ true - org.argeo.commons:org.argeo.osgi.boot + org.argeo.commons:org.argeo.init diff --git a/org.argeo.cms.servlet/src/org/argeo/cms/servlet/CmsServletContext.java b/org.argeo.cms.servlet/src/org/argeo/cms/servlet/CmsServletContext.java index ff341a25a..a5ba6ef82 100644 --- a/org.argeo.cms.servlet/src/org/argeo/cms/servlet/CmsServletContext.java +++ b/org.argeo.cms.servlet/src/org/argeo/cms/servlet/CmsServletContext.java @@ -61,7 +61,7 @@ public class CmsServletContext extends ServletContextHelper { @Override public Void run() { // TODO also set login context in order to log out ? - ServletAuthUtils.configureRequestSecurity(request); + ServletAuthUtils.configureRequestSecurity(new ServletHttpRequest(request)); return null; } @@ -71,7 +71,7 @@ public class CmsServletContext extends ServletContextHelper { @Override public void finishSecurity(HttpServletRequest request, HttpServletResponse response) { - ServletAuthUtils.clearRequestSecurity(request); + ServletAuthUtils.clearRequestSecurity(new ServletHttpRequest(request)); } protected LoginContext processUnauthorized(HttpServletRequest request, HttpServletResponse response) { diff --git a/org.argeo.cms.servlet/src/org/argeo/cms/servlet/ServletAuthUtils.java b/org.argeo.cms.servlet/src/org/argeo/cms/servlet/ServletAuthUtils.java index 67db467ce..7719658d7 100644 --- a/org.argeo.cms.servlet/src/org/argeo/cms/servlet/ServletAuthUtils.java +++ b/org.argeo.cms.servlet/src/org/argeo/cms/servlet/ServletAuthUtils.java @@ -6,24 +6,24 @@ import java.security.PrivilegedAction; import java.util.function.Supplier; import javax.security.auth.Subject; -import javax.servlet.http.HttpServletRequest; import org.argeo.api.cms.CmsSession; import org.argeo.cms.auth.CurrentUser; +import org.argeo.cms.auth.HttpRequest; import org.argeo.cms.osgi.CmsOsgiUtils; import org.osgi.framework.BundleContext; import org.osgi.framework.FrameworkUtil; -import org.osgi.service.http.HttpContext; /** Authentications utilities when using servlets. */ public class ServletAuthUtils { + static final String REMOTE_USER = "org.osgi.service.http.authentication.remote.user"; private static BundleContext bundleContext = FrameworkUtil.getBundle(ServletAuthUtils.class).getBundleContext(); /** * Execute this supplier, using the CMS class loader as context classloader. * Useful to log in to JCR. */ - public final static T doAs(Supplier supplier, HttpServletRequest req) { + public final static T doAs(Supplier supplier, HttpRequest req) { ClassLoader currentContextCl = Thread.currentThread().getContextClassLoader(); Thread.currentThread().setContextClassLoader(ServletAuthUtils.class.getClassLoader()); try { @@ -42,22 +42,22 @@ public class ServletAuthUtils { } } - public final static void configureRequestSecurity(HttpServletRequest req) { + public final static void configureRequestSecurity(HttpRequest req) { if (req.getAttribute(AccessControlContext.class.getName()) != null) throw new IllegalStateException("Request already authenticated."); AccessControlContext acc = AccessController.getContext(); - req.setAttribute(HttpContext.REMOTE_USER, CurrentUser.getUsername()); + req.setAttribute(REMOTE_USER, CurrentUser.getUsername()); req.setAttribute(AccessControlContext.class.getName(), acc); } - public final static void clearRequestSecurity(HttpServletRequest req) { + public final static void clearRequestSecurity(HttpRequest req) { if (req.getAttribute(AccessControlContext.class.getName()) == null) throw new IllegalStateException("Cannot clear non-authenticated request."); - req.setAttribute(HttpContext.REMOTE_USER, null); + req.setAttribute(REMOTE_USER, null); req.setAttribute(AccessControlContext.class.getName(), null); } - public static CmsSession getCmsSession(HttpServletRequest req) { + public static CmsSession getCmsSession(HttpRequest req) { Subject subject = Subject .getSubject((AccessControlContext) req.getAttribute(AccessControlContext.class.getName())); CmsSession cmsSession = CmsOsgiUtils.getCmsSession(bundleContext, subject); diff --git a/org.argeo.cms.servlet/src/org/argeo/cms/servlet/ServletHttpRequest.java b/org.argeo.cms.servlet/src/org/argeo/cms/servlet/ServletHttpRequest.java index 523f7b757..75a0d8782 100644 --- a/org.argeo.cms.servlet/src/org/argeo/cms/servlet/ServletHttpRequest.java +++ b/org.argeo.cms.servlet/src/org/argeo/cms/servlet/ServletHttpRequest.java @@ -18,13 +18,12 @@ public class ServletHttpRequest implements HttpRequest { @Override public HttpSession getSession() { - return new ServletHttpSession(); + return new ServletHttpSession(request.getSession(false)); } @Override public HttpSession createSession() { - request.getSession(true); - return new ServletHttpSession(); + return new ServletHttpSession(request.getSession(true)); } @Override @@ -61,23 +60,4 @@ public class ServletHttpRequest implements HttpRequest { public int getRemotePort() { return request.getRemotePort(); } - - private class ServletHttpSession implements HttpSession { - - @Override - public boolean isValid() { - try {// test http session - request.getSession(false).getCreationTime(); - return true; - } catch (IllegalStateException ise) { - return false; - } - } - - @Override - public String getId() { - return request.getSession(false).getId(); - } - - } } diff --git a/org.argeo.cms.servlet/src/org/argeo/cms/servlet/ServletHttpSession.java b/org.argeo.cms.servlet/src/org/argeo/cms/servlet/ServletHttpSession.java new file mode 100644 index 000000000..16537648b --- /dev/null +++ b/org.argeo.cms.servlet/src/org/argeo/cms/servlet/ServletHttpSession.java @@ -0,0 +1,28 @@ +package org.argeo.cms.servlet; + +import org.argeo.cms.auth.HttpSession; + +public class ServletHttpSession implements HttpSession { + private javax.servlet.http.HttpSession session; + + public ServletHttpSession(javax.servlet.http.HttpSession session) { + super(); + this.session = session; + } + + @Override + public boolean isValid() { + try {// test http session + session.getCreationTime(); + return true; + } catch (IllegalStateException ise) { + return false; + } + } + + @Override + public String getId() { + return session.getId(); + } + +} -- 2.30.2