1 package org
.argeo
.cms
.auth
;
3 import java
.security
.AccessController
;
4 import java
.security
.Principal
;
5 import java
.security
.PrivilegedAction
;
6 import java
.security
.PrivilegedActionException
;
7 import java
.security
.PrivilegedExceptionAction
;
8 import java
.util
.HashSet
;
9 import java
.util
.Locale
;
11 import java
.util
.UUID
;
13 import javax
.security
.auth
.Subject
;
14 import javax
.security
.auth
.x500
.X500Principal
;
16 import org
.argeo
.api
.NodeConstants
;
17 import org
.argeo
.cms
.CmsException
;
18 import org
.argeo
.cms
.internal
.auth
.CmsSessionImpl
;
19 import org
.argeo
.cms
.internal
.auth
.ImpliedByPrincipal
;
20 import org
.argeo
.cms
.internal
.kernel
.Activator
;
21 import org
.osgi
.service
.useradmin
.Authorization
;
24 * Programmatic access to the currently authenticated user, within a CMS
27 public final class CurrentUser
{
28 // private final static Log log = LogFactory.getLog(CurrentUser.class);
29 // private final static BundleContext bc =
30 // FrameworkUtil.getBundle(CurrentUser.class).getBundleContext();
36 * Technical username of the currently authenticated user.
38 * @return the authenticated username or null if not authenticated / anonymous
40 public static String
getUsername() {
41 return getUsername(currentSubject());
45 * Human readable name of the currently authenticated user (typically first name
48 public static String
getDisplayName() {
49 return getDisplayName(currentSubject());
52 /** Whether a user is currently authenticated. */
53 public static boolean isAnonymous() {
54 return isAnonymous(currentSubject());
57 /** Locale of the current user */
58 public final static Locale
locale() {
59 return locale(currentSubject());
62 /** Roles of the currently logged-in user */
63 public final static Set
<String
> roles() {
64 return roles(currentSubject());
67 /** Returns true if the current user is in the specified role */
68 public static boolean isInRole(String role
) {
69 Set
<String
> roles
= roles();
70 return roles
.contains(role
);
73 /** Executes as the current user */
74 public final static <T
> T
doAs(PrivilegedAction
<T
> action
) {
75 return Subject
.doAs(currentSubject(), action
);
78 /** Executes as the current user */
79 public final static <T
> T
tryAs(PrivilegedExceptionAction
<T
> action
) throws PrivilegedActionException
{
80 return Subject
.doAs(currentSubject(), action
);
87 public final static String
getUsername(Subject subject
) {
89 throw new CmsException("Subject cannot be null");
90 if (subject
.getPrincipals(X500Principal
.class).size() != 1)
91 return NodeConstants
.ROLE_ANONYMOUS
;
92 Principal principal
= subject
.getPrincipals(X500Principal
.class).iterator().next();
93 return principal
.getName();
96 public final static String
getDisplayName(Subject subject
) {
97 return getAuthorization(subject
).toString();
100 public final static Set
<String
> roles(Subject subject
) {
101 Set
<String
> roles
= new HashSet
<String
>();
102 roles
.add(getUsername(subject
));
103 for (Principal group
: subject
.getPrincipals(ImpliedByPrincipal
.class)) {
104 roles
.add(group
.getName());
109 public final static Locale
locale(Subject subject
) {
110 Set
<Locale
> locales
= subject
.getPublicCredentials(Locale
.class);
111 if (locales
.isEmpty()) {
112 Locale defaultLocale
= Activator
.getNodeState().getDefaultLocale();
113 return defaultLocale
;
115 return locales
.iterator().next();
118 /** Whether this user is currently authenticated. */
119 public static boolean isAnonymous(Subject subject
) {
122 String username
= getUsername(subject
);
123 return username
== null || username
.equalsIgnoreCase(NodeConstants
.ROLE_ANONYMOUS
);
126 public CmsSession
getCmsSession() {
127 Subject subject
= currentSubject();
128 CmsSessionId cmsSessionId
= subject
.getPrivateCredentials(CmsSessionId
.class).iterator().next();
129 return CmsSessionImpl
.getByUuid(cmsSessionId
.getUuid());
135 private static Subject
currentSubject() {
136 // CmsAuthenticated cmsView = getNodeAuthenticated();
137 // if (cmsView != null)
138 // return cmsView.getSubject();
139 Subject subject
= getAccessControllerSubject();
142 throw new CmsException("Cannot find related subject");
145 private static Subject
getAccessControllerSubject() {
146 return Subject
.getSubject(AccessController
.getContext());
149 // public static boolean isAuthenticated() {
150 // return getAccessControllerSubject() != null;
154 * The node authenticated component (typically a CMS view) related to this
155 * display, or null if none is available from this call. <b>Not API: Only for
156 * low-level access.</b>
158 // private static CmsAuthenticated getNodeAuthenticated() {
159 // return UiContext.getData(CmsAuthenticated.KEY);
162 private static Authorization
getAuthorization(Subject subject
) {
163 return subject
.getPrivateCredentials(Authorization
.class).iterator().next();
166 public static boolean logoutCmsSession(Subject subject
) {
168 if (subject
.getPrivateCredentials(CmsSessionId
.class).size() == 1)
169 nodeSessionId
= subject
.getPrivateCredentials(CmsSessionId
.class).iterator().next().getUuid();
172 CmsSessionImpl cmsSession
= CmsSessionImpl
.getByUuid(nodeSessionId
.toString());
174 // if (log.isDebugEnabled())
175 // log.debug("Logged out CMS session " + cmsSession.getUuid());
179 private CurrentUser() {