]> git.argeo.org Git - lgpl/argeo-commons.git/blob - org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java
projects / lgpl / argeo-commons.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Store UI context data in CMS View.
[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / auth / CurrentUser.java
1 package org.argeo.cms.auth;
2
3 import java.security.AccessController;
4 import java.security.Principal;
5 import java.security.PrivilegedAction;
6 import java.security.PrivilegedActionException;
7 import java.security.PrivilegedExceptionAction;
8 import java.util.HashSet;
9 import java.util.Locale;
10 import java.util.Set;
11 import java.util.UUID;
12
13 import javax.security.auth.Subject;
14 import javax.security.auth.x500.X500Principal;
15
16 import org.argeo.api.NodeConstants;
17 import org.argeo.cms.internal.auth.CmsSessionImpl;
18 import org.argeo.cms.internal.auth.ImpliedByPrincipal;
19 import org.argeo.cms.internal.kernel.Activator;
20 import org.osgi.service.useradmin.Authorization;
21
22 /**
23 * Programmatic access to the currently authenticated user, within a CMS
24 * context.
25 */
26 public final class CurrentUser {
27 /*
28 * CURRENT USER API
29 */
30
31 /**
32 * Technical username of the currently authenticated user.
33 *
34 * @return the authenticated username or null if not authenticated / anonymous
35 */
36 public static String getUsername() {
37 return getUsername(currentSubject());
38 }
39
40 /**
41 * Human readable name of the currently authenticated user (typically first name
42 * and last name).
43 */
44 public static String getDisplayName() {
45 return getDisplayName(currentSubject());
46 }
47
48 /** Whether a user is currently authenticated. */
49 public static boolean isAnonymous() {
50 return isAnonymous(currentSubject());
51 }
52
53 /** Locale of the current user */
54 public final static Locale locale() {
55 return locale(currentSubject());
56 }
57
58 /** Roles of the currently logged-in user */
59 public final static Set<String> roles() {
60 return roles(currentSubject());
61 }
62
63 /** Returns true if the current user is in the specified role */
64 public static boolean isInRole(String role) {
65 Set<String> roles = roles();
66 return roles.contains(role);
67 }
68
69 /** Executes as the current user */
70 public final static <T> T doAs(PrivilegedAction<T> action) {
71 return Subject.doAs(currentSubject(), action);
72 }
73
74 /** Executes as the current user */
75 public final static <T> T tryAs(PrivilegedExceptionAction<T> action) throws PrivilegedActionException {
76 return Subject.doAs(currentSubject(), action);
77 }
78
79 /*
80 * WRAPPERS
81 */
82
83 public final static String getUsername(Subject subject) {
84 if (subject == null)
85 throw new IllegalArgumentException("Subject cannot be null");
86 if (subject.getPrincipals(X500Principal.class).size() != 1)
87 return NodeConstants.ROLE_ANONYMOUS;
88 Principal principal = subject.getPrincipals(X500Principal.class).iterator().next();
89 return principal.getName();
90 }
91
92 public final static String getDisplayName(Subject subject) {
93 return getAuthorization(subject).toString();
94 }
95
96 public final static Set<String> roles(Subject subject) {
97 Set<String> roles = new HashSet<String>();
98 roles.add(getUsername(subject));
99 for (Principal group : subject.getPrincipals(ImpliedByPrincipal.class)) {
100 roles.add(group.getName());
101 }
102 return roles;
103 }
104
105 public final static Locale locale(Subject subject) {
106 Set<Locale> locales = subject.getPublicCredentials(Locale.class);
107 if (locales.isEmpty()) {
108 Locale defaultLocale = Activator.getNodeState().getDefaultLocale();
109 return defaultLocale;
110 } else
111 return locales.iterator().next();
112 }
113
114 /** Whether this user is currently authenticated. */
115 public static boolean isAnonymous(Subject subject) {
116 if (subject == null)
117 return true;
118 String username = getUsername(subject);
119 return username == null || username.equalsIgnoreCase(NodeConstants.ROLE_ANONYMOUS);
120 }
121
122 public CmsSession getCmsSession() {
123 Subject subject = currentSubject();
124 CmsSessionId cmsSessionId = subject.getPrivateCredentials(CmsSessionId.class).iterator().next();
125 return CmsSessionImpl.getByUuid(cmsSessionId.getUuid());
126 }
127
128 /*
129 * HELPERS
130 */
131 private static Subject currentSubject() {
132 Subject subject = getAccessControllerSubject();
133 if (subject != null)
134 return subject;
135 throw new IllegalStateException("Cannot find related subject");
136 }
137
138 private static Subject getAccessControllerSubject() {
139 return Subject.getSubject(AccessController.getContext());
140 }
141
142 private static Authorization getAuthorization(Subject subject) {
143 return subject.getPrivateCredentials(Authorization.class).iterator().next();
144 }
145
146 public static boolean logoutCmsSession(Subject subject) {
147 UUID nodeSessionId;
148 if (subject.getPrivateCredentials(CmsSessionId.class).size() == 1)
149 nodeSessionId = subject.getPrivateCredentials(CmsSessionId.class).iterator().next().getUuid();
150 else
151 return false;
152 CmsSessionImpl cmsSession = CmsSessionImpl.getByUuid(nodeSessionId.toString());
153 cmsSession.close();
154 // if (log.isDebugEnabled())
155 // log.debug("Logged out CMS session " + cmsSession.getUuid());
156 return true;
157 }
158
159 private CurrentUser() {
160 }
161 }
Argeo Commons - Lightweight integration framework in pure Java/OSGi