RemoteAuthUtils.java

   1 package org.argeo.cms.auth;
   2
   3 import java.security.AccessControlContext;
   4 import java.security.AccessController;
   5 import java.security.PrivilegedAction;
   6 import java.util.function.Supplier;
   7
   8 import javax.security.auth.Subject;
   9
  10 import org.argeo.api.cms.CmsSession;
  11 import org.argeo.cms.internal.runtime.CmsContextImpl;
  12
  13 /** Remote authentication utilities. */
  14 public class RemoteAuthUtils {
  15         static final String REMOTE_USER = "org.osgi.service.http.authentication.remote.user";
  16 //      private static BundleContext bundleContext = FrameworkUtil.getBundle(RemoteAuthUtils.class).getBundleContext();
  17
  18         /**
  19          * Execute this supplier, using the CMS class loader as context classloader.
  20          * Useful to log in to JCR.
  21          */
  22         public final static <T> T doAs(Supplier<T> supplier, RemoteAuthRequest req) {
  23                 ClassLoader currentContextCl = Thread.currentThread().getContextClassLoader();
  24                 Thread.currentThread().setContextClassLoader(RemoteAuthUtils.class.getClassLoader());
  25                 try {
  26                         return Subject.doAs(
  27                                         Subject.getSubject((AccessControlContext) req.getAttribute(AccessControlContext.class.getName())),
  28                                         new PrivilegedAction<T>() {
  29
  30                                                 @Override
  31                                                 public T run() {
  32                                                         return supplier.get();
  33                                                 }
  34
  35                                         });
  36                 } finally {
  37                         Thread.currentThread().setContextClassLoader(currentContextCl);
  38                 }
  39         }
  40
  41         public final static void configureRequestSecurity(RemoteAuthRequest req) {
  42                 if (req.getAttribute(AccessControlContext.class.getName()) != null)
  43                         throw new IllegalStateException("Request already authenticated.");
  44                 AccessControlContext acc = AccessController.getContext();
  45                 req.setAttribute(REMOTE_USER, CurrentUser.getUsername());
  46                 req.setAttribute(AccessControlContext.class.getName(), acc);
  47         }
  48
  49         public final static void clearRequestSecurity(RemoteAuthRequest req) {
  50                 if (req.getAttribute(AccessControlContext.class.getName()) == null)
  51                         throw new IllegalStateException("Cannot clear non-authenticated request.");
  52                 req.setAttribute(REMOTE_USER, null);
  53                 req.setAttribute(AccessControlContext.class.getName(), null);
  54         }
  55
  56         public static CmsSession getCmsSession(RemoteAuthRequest req) {
  57                 Subject subject = Subject
  58                                 .getSubject((AccessControlContext) req.getAttribute(AccessControlContext.class.getName()));
  59                 CmsSession cmsSession = CmsContextImpl.getCmsContext().getCmsSession(subject);
  60                 return cmsSession;
  61         }
  62 }