CurrentUser.java

   1 /*
   2  * Copyright (C) 2007-2012 Argeo GmbH
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *         http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16 package org.argeo.cms.auth;
  17
  18 import java.security.AccessController;
  19 import java.security.Principal;
  20 import java.security.PrivilegedAction;
  21 import java.security.PrivilegedActionException;
  22 import java.security.PrivilegedExceptionAction;
  23 import java.security.acl.Group;
  24 import java.util.HashSet;
  25 import java.util.Set;
  26 import java.util.UUID;
  27
  28 import javax.security.auth.Subject;
  29 import javax.security.auth.x500.X500Principal;
  30
  31 import org.argeo.cms.CmsException;
  32 import org.argeo.cms.internal.auth.CmsSessionImpl;
  33 import org.argeo.node.NodeConstants;
  34 import org.osgi.service.useradmin.Authorization;
  35
  36 /**
  37  * Programmatic access to the currently authenticated user, within a CMS
  38  * context.
  39  */
  40 public final class CurrentUser {
  41 //      private final static Log log = LogFactory.getLog(CurrentUser.class);
  42         // private final static BundleContext bc =
  43         // FrameworkUtil.getBundle(CurrentUser.class).getBundleContext();
  44         /*
  45          * CURRENT USER API
  46          */
  47
  48         /**
  49          * Technical username of the currently authenticated user.
  50          *
  51          * @return the authenticated username or null if not authenticated /
  52          *         anonymous
  53          */
  54         public static String getUsername() {
  55                 return getUsername(currentSubject());
  56         }
  57
  58         /**
  59          * Human readable name of the currently authenticated user (typically first
  60          * name and last name).
  61          */
  62         public static String getDisplayName() {
  63                 return getDisplayName(currentSubject());
  64         }
  65
  66         /** Whether a user is currently authenticated. */
  67         public static boolean isAnonymous() {
  68                 return isAnonymous(currentSubject());
  69         }
  70
  71         /** Roles of the currently logged-in user */
  72         public final static Set<String> roles() {
  73                 return roles(currentSubject());
  74         }
  75
  76         /** Returns true if the current user is in the specified role */
  77         public static boolean isInRole(String role) {
  78                 Set<String> roles = roles();
  79                 return roles.contains(role);
  80         }
  81
  82         /** Executes as the current user */
  83         public final static <T> T doAs(PrivilegedAction<T> action) {
  84                 return Subject.doAs(currentSubject(), action);
  85         }
  86
  87         /** Executes as the current user */
  88         public final static <T> T tryAs(PrivilegedExceptionAction<T> action) throws PrivilegedActionException {
  89                 return Subject.doAs(currentSubject(), action);
  90         }
  91
  92         /*
  93          * WRAPPERS
  94          */
  95
  96         public final static String getUsername(Subject subject) {
  97                 if (subject == null)
  98                         throw new CmsException("Subject cannot be null");
  99                 if (subject.getPrincipals(X500Principal.class).size() != 1)
 100                         return NodeConstants.ROLE_ANONYMOUS;
 101                 Principal principal = subject.getPrincipals(X500Principal.class).iterator().next();
 102                 return principal.getName();
 103         }
 104
 105         public final static String getDisplayName(Subject subject) {
 106                 return getAuthorization(subject).toString();
 107         }
 108
 109         public final static Set<String> roles(Subject subject) {
 110                 Set<String> roles = new HashSet<String>();
 111                 roles.add(getUsername(subject));
 112                 for (Principal group : subject.getPrincipals(Group.class)) {
 113                         roles.add(group.getName());
 114                 }
 115                 return roles;
 116         }
 117
 118         /** Whether this user is currently authenticated. */
 119         public static boolean isAnonymous(Subject subject) {
 120                 if (subject == null)
 121                         return true;
 122                 String username = getUsername(subject);
 123                 return username == null || username.equalsIgnoreCase(NodeConstants.ROLE_ANONYMOUS);
 124         }
 125
 126         public CmsSession getCmsSession() {
 127                 Subject subject = currentSubject();
 128                 CmsSessionId cmsSessionId = subject.getPrivateCredentials(CmsSessionId.class).iterator().next();
 129                 return CmsSessionImpl.getByUuid(cmsSessionId.getUuid());
 130         }
 131
 132         /*
 133          * HELPERS
 134          */
 135         private static Subject currentSubject() {
 136                 // CmsAuthenticated cmsView = getNodeAuthenticated();
 137                 // if (cmsView != null)
 138                 // return cmsView.getSubject();
 139                 Subject subject = getAccessControllerSubject();
 140                 if (subject != null)
 141                         return subject;
 142                 throw new CmsException("Cannot find related subject");
 143         }
 144
 145         private static Subject getAccessControllerSubject() {
 146                 return Subject.getSubject(AccessController.getContext());
 147         }
 148
 149         // public static boolean isAuthenticated() {
 150         // return getAccessControllerSubject() != null;
 151         // }
 152
 153         /**
 154          * The node authenticated component (typically a CMS view) related to this
 155          * display, or null if none is available from this call. <b>Not API: Only
 156          * for low-level access.</b>
 157          */
 158         // private static CmsAuthenticated getNodeAuthenticated() {
 159         // return UiContext.getData(CmsAuthenticated.KEY);
 160         // }
 161
 162         private static Authorization getAuthorization(Subject subject) {
 163                 return subject.getPrivateCredentials(Authorization.class).iterator().next();
 164         }
 165
 166         public static boolean logoutCmsSession(Subject subject) {
 167                 UUID nodeSessionId;
 168                 if (subject.getPrivateCredentials(CmsSessionId.class).size() == 1)
 169                         nodeSessionId = subject.getPrivateCredentials(CmsSessionId.class).iterator().next().getUuid();
 170                 else
 171                         return false;
 172                 CmsSessionImpl cmsSession = CmsSessionImpl.getByUuid(nodeSessionId.toString());
 173                 cmsSession.close();
 174 //              if (log.isDebugEnabled())
 175 //                      log.debug("Logged out CMS session " + cmsSession.getUuid());
 176                 return true;
 177         }
 178
 179         private CurrentUser() {
 180         }
 181 }