Improve and clean authentication. Reintroduce anonymous login context.

[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / auth / CurrentUser.java

diff --git a/org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java b/org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java
index 5b4ab174e59be0d57a2ce986e78d94fc643c7b7f..375600ad275406c71f36404f4fa8e43c852360ec 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java
@@ -21,16 +21,25 @@ import java.security.PrivilegedAction;
 import java.security.PrivilegedActionException;
 import java.security.PrivilegedExceptionAction;
 import java.security.acl.Group;
+import java.util.Collection;
 import java.util.HashSet;
 import java.util.Set;
+import java.util.UUID;
 
 import javax.security.auth.Subject;
 import javax.security.auth.x500.X500Principal;
 
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
 import org.argeo.cms.CmsException;
+import org.argeo.cms.internal.http.WebCmsSessionImpl;
 import org.argeo.eclipse.ui.specific.UiContext;
 import org.argeo.node.NodeConstants;
 import org.argeo.node.security.NodeAuthenticated;
+import org.osgi.framework.BundleContext;
+import org.osgi.framework.FrameworkUtil;
+import org.osgi.framework.InvalidSyntaxException;
+import org.osgi.framework.ServiceReference;
 import org.osgi.service.useradmin.Authorization;
 
 /**
@@ -38,6 +47,8 @@ import org.osgi.service.useradmin.Authorization;
  * context.
  */
 public final class CurrentUser {
+       private final static Log log = LogFactory.getLog(CurrentUser.class);
+       private final static BundleContext bc = FrameworkUtil.getBundle(CurrentUser.class).getBundleContext();
        /*
         * CURRENT USER API
         */
@@ -146,6 +157,35 @@ public final class CurrentUser {
                return subject.getPrivateCredentials(Authorization.class).iterator().next();
        }
 
+       public static boolean logoutCmsSession(Subject subject) {
+               UUID nodeSessionId;
+               if (subject.getPrivateCredentials(CmsSessionId.class).size() == 1)
+                       nodeSessionId = subject.getPrivateCredentials(CmsSessionId.class).iterator().next().getUuid();
+               else
+                       return false;
+               Collection<ServiceReference<CmsSession>> srs;
+               try {
+                       srs = bc.getServiceReferences(CmsSession.class, "(" + CmsSession.SESSION_UUID + "=" + nodeSessionId + ")");
+               } catch (InvalidSyntaxException e) {
+                       throw new CmsException("Cannot retrieve CMS session #" + nodeSessionId, e);
+               }
+
+               if (srs.size() == 0) {
+                       // if (log.isTraceEnabled())
+                       // log.warn("No CMS web session found for http session " +
+                       // nodeSessionId);
+                       return false;
+               } else if (srs.size() > 1)
+                       throw new CmsException(srs.size() + " CMS web sessions found for http session " + nodeSessionId);
+
+               WebCmsSessionImpl cmsSession = (WebCmsSessionImpl) bc.getService(srs.iterator().next());
+               cmsSession.cleanUp();
+//             subject.getPrivateCredentials().removeAll(subject.getPrivateCredentials(CmsSessionId.class));
+               if (log.isDebugEnabled())
+                       log.debug("Logged out CMS session " + cmsSession.getUuid());
+               return true;
+       }
+
        private CurrentUser() {
        }
 }