org.argeo.security.core/src/org/argeo/security/SecurityUtils.java

   1 /*
   2  * Copyright (C) 2007-2012 Argeo GmbH
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *         http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16 package org.argeo.security;
  17
  18 import java.security.AccessController;
  19 import java.security.Principal;
  20 import java.security.acl.Group;
  21 import java.util.Collections;
  22 import java.util.HashSet;
  23 import java.util.Set;
  24
  25 import javax.security.auth.Subject;
  26 import javax.security.auth.x500.X500Principal;
  27
  28 import org.argeo.ArgeoException;
  29 import org.osgi.service.useradmin.Authorization;
  30
  31 /** Static utilities */
  32 public final class SecurityUtils {
  33         private SecurityUtils() {
  34         }
  35
  36         /** Whether the current thread has the admin role */
  37         public static boolean hasCurrentThreadAuthority(String authority) {
  38                 return roles().contains(authority);
  39         }
  40
  41         /**
  42          * @return the authenticated username or null if not authenticated /
  43          *         anonymous
  44          */
  45         public static String getCurrentThreadUsername() {
  46                 Subject subject = Subject.getSubject(AccessController.getContext());
  47                 if (subject == null)
  48                         return null;
  49                 return getUsername(subject);
  50         }
  51
  52         public final static String getUsername(Subject subject) {
  53                 // Subject subject = Subject.getSubject(AccessController.getContext());
  54                 // if (subject == null)
  55                 // return null;
  56                 if (subject.getPrincipals(X500Principal.class).size() != 1)
  57                         return null;
  58                 Principal principal = subject.getPrincipals(X500Principal.class)
  59                                 .iterator().next();
  60                 return principal.getName();
  61
  62         }
  63
  64         public final static String getDisplayName(Subject subject) {
  65                 return getAuthorization(subject).toString();
  66         }
  67
  68         public final static Authorization getAuthorization(Subject subject) {
  69                 return subject.getPrivateCredentials(Authorization.class).iterator()
  70                                 .next();
  71         }
  72
  73         public final static Set<String> roles() {
  74                 Set<String> roles = Collections.synchronizedSet(new HashSet<String>());
  75                 Subject subject = Subject.getSubject(AccessController.getContext());
  76                 if (subject == null)
  77                         throw new ArgeoException("Not authenticated.");
  78                 X500Principal userPrincipal = subject
  79                                 .getPrincipals(X500Principal.class).iterator().next();
  80                 roles.add(userPrincipal.getName());
  81                 for (Principal group : subject.getPrincipals(Group.class)) {
  82                         roles.add(group.getName());
  83                 }
  84                 return roles;
  85         }
  86 }