2 * Copyright (C) 2007-2012 Argeo GmbH
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
16 package org
.argeo
.cms
.auth
;
18 import java
.security
.AccessController
;
19 import java
.security
.Principal
;
20 import java
.security
.PrivilegedAction
;
21 import java
.security
.PrivilegedActionException
;
22 import java
.security
.PrivilegedExceptionAction
;
23 import java
.security
.acl
.Group
;
24 import java
.util
.Collection
;
25 import java
.util
.HashSet
;
27 import java
.util
.UUID
;
29 import javax
.security
.auth
.Subject
;
30 import javax
.security
.auth
.x500
.X500Principal
;
32 import org
.apache
.commons
.logging
.Log
;
33 import org
.apache
.commons
.logging
.LogFactory
;
34 import org
.argeo
.cms
.CmsException
;
35 import org
.argeo
.cms
.internal
.http
.WebCmsSessionImpl
;
36 import org
.argeo
.eclipse
.ui
.specific
.UiContext
;
37 import org
.argeo
.node
.NodeConstants
;
38 import org
.argeo
.node
.security
.NodeAuthenticated
;
39 import org
.osgi
.framework
.BundleContext
;
40 import org
.osgi
.framework
.FrameworkUtil
;
41 import org
.osgi
.framework
.InvalidSyntaxException
;
42 import org
.osgi
.framework
.ServiceReference
;
43 import org
.osgi
.service
.useradmin
.Authorization
;
46 * Programmatic access to the currently authenticated user, within a CMS
49 public final class CurrentUser
{
50 private final static Log log
= LogFactory
.getLog(CurrentUser
.class);
51 private final static BundleContext bc
= FrameworkUtil
.getBundle(CurrentUser
.class).getBundleContext();
57 * Technical username of the currently authenticated user.
59 * @return the authenticated username or null if not authenticated /
62 public static String
getUsername() {
63 return getUsername(currentSubject());
67 * Human readable name of the currently authenticated user (typically first
68 * name and last name).
70 public static String
getDisplayName() {
71 return getDisplayName(currentSubject());
74 /** Whether a user is currently authenticated. */
75 public static boolean isAnonymous() {
76 return isAnonymous(currentSubject());
79 /** Roles of the currently logged-in user */
80 public final static Set
<String
> roles() {
81 return roles(currentSubject());
84 /** Returns true if the current user is in the specified role */
85 public static boolean isInRole(String role
) {
86 Set
<String
> roles
= roles();
87 return roles
.contains(role
);
90 /** Executes as the current user */
91 public final static <T
> T
doAs(PrivilegedAction
<T
> action
) {
92 return Subject
.doAs(currentSubject(), action
);
95 /** Executes as the current user */
96 public final static <T
> T
tryAs(PrivilegedExceptionAction
<T
> action
) throws PrivilegedActionException
{
97 return Subject
.doAs(currentSubject(), action
);
104 public final static String
getUsername(Subject subject
) {
106 throw new CmsException("Subject cannot be null");
107 if (subject
.getPrincipals(X500Principal
.class).size() != 1)
108 return NodeConstants
.ROLE_ANONYMOUS
;
109 Principal principal
= subject
.getPrincipals(X500Principal
.class).iterator().next();
110 return principal
.getName();
113 public final static String
getDisplayName(Subject subject
) {
114 return getAuthorization(subject
).toString();
117 public final static Set
<String
> roles(Subject subject
) {
118 Set
<String
> roles
= new HashSet
<String
>();
119 roles
.add(getUsername(subject
));
120 for (Principal group
: subject
.getPrincipals(Group
.class)) {
121 roles
.add(group
.getName());
126 /** Whether this user is currently authenticated. */
127 public static boolean isAnonymous(Subject subject
) {
130 String username
= getUsername(subject
);
131 return username
== null || username
.equalsIgnoreCase(NodeConstants
.ROLE_ANONYMOUS
);
137 private static Subject
currentSubject() {
138 NodeAuthenticated cmsView
= getNodeAuthenticated();
140 return cmsView
.getLoginContext().getSubject();
141 Subject subject
= Subject
.getSubject(AccessController
.getContext());
144 throw new CmsException("Cannot find related subject");
148 * The node authenticated component (typically a CMS view) related to this
149 * display, or null if none is available from this call. <b>Not API: Only
150 * for low-level access.</b>
152 private static NodeAuthenticated
getNodeAuthenticated() {
153 return UiContext
.getData(NodeAuthenticated
.KEY
);
156 private static Authorization
getAuthorization(Subject subject
) {
157 return subject
.getPrivateCredentials(Authorization
.class).iterator().next();
160 public static boolean logoutCmsSession(Subject subject
) {
162 if (subject
.getPrivateCredentials(CmsSessionId
.class).size() == 1)
163 nodeSessionId
= subject
.getPrivateCredentials(CmsSessionId
.class).iterator().next().getUuid();
166 Collection
<ServiceReference
<CmsSession
>> srs
;
168 srs
= bc
.getServiceReferences(CmsSession
.class, "(" + CmsSession
.SESSION_UUID
+ "=" + nodeSessionId
+ ")");
169 } catch (InvalidSyntaxException e
) {
170 throw new CmsException("Cannot retrieve CMS session #" + nodeSessionId
, e
);
173 if (srs
.size() == 0) {
174 // if (log.isTraceEnabled())
175 // log.warn("No CMS web session found for http session " +
178 } else if (srs
.size() > 1)
179 throw new CmsException(srs
.size() + " CMS web sessions found for http session " + nodeSessionId
);
181 WebCmsSessionImpl cmsSession
= (WebCmsSessionImpl
) bc
.getService(srs
.iterator().next());
182 cmsSession
.cleanUp();
183 // subject.getPrivateCredentials().removeAll(subject.getPrivateCredentials(CmsSessionId.class));
184 if (log
.isDebugEnabled())
185 log
.debug("Logged out CMS session " + cmsSession
.getUuid());
189 private CurrentUser() {