org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java

   1 /*
   2  * Copyright (C) 2007-2012 Argeo GmbH
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *         http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16 package org.argeo.cms.auth;
  17
  18 import java.security.AccessController;
  19 import java.security.Principal;
  20 import java.security.PrivilegedAction;
  21 import java.security.PrivilegedActionException;
  22 import java.security.PrivilegedExceptionAction;
  23 import java.security.acl.Group;
  24 import java.util.HashSet;
  25 import java.util.Set;
  26
  27 import javax.security.auth.Subject;
  28 import javax.security.auth.x500.X500Principal;
  29
  30 import org.argeo.cms.CmsException;
  31 import org.argeo.eclipse.ui.specific.UiContext;
  32 import org.argeo.node.NodeConstants;
  33 import org.argeo.node.security.NodeAuthenticated;
  34 import org.osgi.service.useradmin.Authorization;
  35
  36 /**
  37  * Programmatic access to the currently authenticated user, within a CMS
  38  * context.
  39  */
  40 public final class CurrentUser {
  41         /*
  42          * CURRENT USER API
  43          */
  44
  45         /**
  46          * Technical username of the currently authenticated user.
  47          *
  48          * @return the authenticated username or null if not authenticated /
  49          *         anonymous
  50          */
  51         public static String getUsername() {
  52                 return getUsername(currentSubject());
  53         }
  54
  55         /**
  56          * Human readable name of the currently authenticated user (typically first
  57          * name and last name).
  58          */
  59         public static String getDisplayName() {
  60                 return getDisplayName(currentSubject());
  61         }
  62
  63         /** Whether a user is currently authenticated. */
  64         public static boolean isAnonymous() {
  65                 return isAnonymous(currentSubject());
  66         }
  67
  68         /** Roles of the currently logged-in user */
  69         public final static Set<String> roles() {
  70                 return roles(currentSubject());
  71         }
  72
  73         /** Returns true if the current user is in the specified role */
  74         public static boolean isInRole(String role) {
  75                 Set<String> roles = roles();
  76                 return roles.contains(role);
  77         }
  78
  79         /** Executes as the current user */
  80         public final static <T> T doAs(PrivilegedAction<T> action) {
  81                 return Subject.doAs(currentSubject(), action);
  82         }
  83
  84         /** Executes as the current user */
  85         public final static <T> T tryAs(PrivilegedExceptionAction<T> action) throws PrivilegedActionException {
  86                 return Subject.doAs(currentSubject(), action);
  87         }
  88
  89         /*
  90          * WRAPPERS
  91          */
  92
  93         public final static String getUsername(Subject subject) {
  94                 if (subject == null)
  95                         throw new CmsException("Subject cannot be null");
  96                 if (subject.getPrincipals(X500Principal.class).size() != 1)
  97                         return NodeConstants.ROLE_ANONYMOUS;
  98                 Principal principal = subject.getPrincipals(X500Principal.class).iterator().next();
  99                 return principal.getName();
 100         }
 101
 102         public final static String getDisplayName(Subject subject) {
 103                 return getAuthorization(subject).toString();
 104         }
 105
 106         public final static Set<String> roles(Subject subject) {
 107                 Set<String> roles = new HashSet<String>();
 108                 roles.add(getUsername(subject));
 109                 for (Principal group : subject.getPrincipals(Group.class)) {
 110                         roles.add(group.getName());
 111                 }
 112                 return roles;
 113         }
 114
 115         /** Whether this user is currently authenticated. */
 116         public static boolean isAnonymous(Subject subject) {
 117                 if (subject == null)
 118                         return true;
 119                 String username = getUsername(subject);
 120                 return username == null || username.equalsIgnoreCase(NodeConstants.ROLE_ANONYMOUS);
 121         }
 122         /*
 123          * HELPERS
 124          */
 125
 126         private static Subject currentSubject() {
 127                 NodeAuthenticated cmsView = getNodeAuthenticated();
 128                 if (cmsView != null)
 129                         return cmsView.getLoginContext().getSubject();
 130                 Subject subject = Subject.getSubject(AccessController.getContext());
 131                 if (subject != null)
 132                         return subject;
 133                 throw new CmsException("Cannot find related subject");
 134         }
 135
 136         /**
 137          * The node authenticated component (typically a CMS view) related to this
 138          * display, or null if none is available from this call. <b>Not API: Only
 139          * for low-level access.</b>
 140          */
 141         private static NodeAuthenticated getNodeAuthenticated() {
 142                 return UiContext.getData(NodeAuthenticated.KEY);
 143         }
 144
 145         private static Authorization getAuthorization(Subject subject) {
 146                 return subject.getPrivateCredentials(Authorization.class).iterator().next();
 147         }
 148
 149         private CurrentUser() {
 150         }
 151 }