1 package org
.argeo
.cms
.servlet
;
3 import java
.security
.AccessControlContext
;
4 import java
.security
.AccessController
;
5 import java
.security
.PrivilegedAction
;
6 import java
.util
.function
.Supplier
;
8 import javax
.security
.auth
.Subject
;
9 import javax
.servlet
.http
.HttpServletRequest
;
11 import org
.argeo
.cms
.auth
.CmsSession
;
12 import org
.argeo
.cms
.auth
.CurrentUser
;
13 import org
.osgi
.framework
.BundleContext
;
14 import org
.osgi
.framework
.FrameworkUtil
;
15 import org
.osgi
.service
.http
.HttpContext
;
17 /** Authentications utilities when using servlets. */
18 public class ServletAuthUtils
{
19 private static BundleContext bundleContext
= FrameworkUtil
.getBundle(ServletAuthUtils
.class).getBundleContext();
22 * Execute this supplier, using the CMS class loader as context classloader.
23 * Useful to log in to JCR.
25 public final static <T
> T
doAs(Supplier
<T
> supplier
, HttpServletRequest req
) {
26 ClassLoader currentContextCl
= Thread
.currentThread().getContextClassLoader();
27 Thread
.currentThread().setContextClassLoader(ServletAuthUtils
.class.getClassLoader());
30 Subject
.getSubject((AccessControlContext
) req
.getAttribute(AccessControlContext
.class.getName())),
31 new PrivilegedAction
<T
>() {
35 return supplier
.get();
40 Thread
.currentThread().setContextClassLoader(currentContextCl
);
44 public final static void configureRequestSecurity(HttpServletRequest req
) {
45 if (req
.getAttribute(AccessControlContext
.class.getName()) != null)
46 throw new IllegalStateException("Request already authenticated.");
47 AccessControlContext acc
= AccessController
.getContext();
48 req
.setAttribute(HttpContext
.REMOTE_USER
, CurrentUser
.getUsername());
49 req
.setAttribute(AccessControlContext
.class.getName(), acc
);
52 public final static void clearRequestSecurity(HttpServletRequest req
) {
53 if (req
.getAttribute(AccessControlContext
.class.getName()) == null)
54 throw new IllegalStateException("Cannot clear non-authenticated request.");
55 req
.setAttribute(HttpContext
.REMOTE_USER
, null);
56 req
.setAttribute(AccessControlContext
.class.getName(), null);
59 public static CmsSession
getCmsSession(HttpServletRequest req
) {
60 Subject subject
= Subject
61 .getSubject((AccessControlContext
) req
.getAttribute(AccessControlContext
.class.getName()));
62 CmsSession cmsSession
= CmsSession
.getCmsSession(bundleContext
, subject
);