X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;ds=sidebyside;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FRemoteAuthUtils.java;fp=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FRemoteAuthUtils.java;h=d51997d74fca518340fc5f601e649c7e30dd6480;hb=4185ff8826f893a4a1f054f61a11b89333c3e85d;hp=0000000000000000000000000000000000000000;hpb=beec30ca4ad6e0a27b3fe984d987b98988e14e76;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/auth/RemoteAuthUtils.java b/org.argeo.cms/src/org/argeo/cms/auth/RemoteAuthUtils.java new file mode 100644 index 000000000..d51997d74 --- /dev/null +++ b/org.argeo.cms/src/org/argeo/cms/auth/RemoteAuthUtils.java @@ -0,0 +1,64 @@ +package org.argeo.cms.auth; + +import java.security.AccessControlContext; +import java.security.AccessController; +import java.security.PrivilegedAction; +import java.util.function.Supplier; + +import javax.security.auth.Subject; + +import org.argeo.api.cms.CmsSession; +import org.argeo.cms.osgi.CmsOsgiUtils; +import org.osgi.framework.BundleContext; +import org.osgi.framework.FrameworkUtil; + +/** Remote authentication utilities. */ +public class RemoteAuthUtils { + static final String REMOTE_USER = "org.osgi.service.http.authentication.remote.user"; + private static BundleContext bundleContext = FrameworkUtil.getBundle(RemoteAuthUtils.class).getBundleContext(); + + /** + * Execute this supplier, using the CMS class loader as context classloader. + * Useful to log in to JCR. + */ + public final static T doAs(Supplier supplier, RemoteAuthRequest req) { + ClassLoader currentContextCl = Thread.currentThread().getContextClassLoader(); + Thread.currentThread().setContextClassLoader(RemoteAuthUtils.class.getClassLoader()); + try { + return Subject.doAs( + Subject.getSubject((AccessControlContext) req.getAttribute(AccessControlContext.class.getName())), + new PrivilegedAction() { + + @Override + public T run() { + return supplier.get(); + } + + }); + } finally { + Thread.currentThread().setContextClassLoader(currentContextCl); + } + } + + public final static void configureRequestSecurity(RemoteAuthRequest req) { + if (req.getAttribute(AccessControlContext.class.getName()) != null) + throw new IllegalStateException("Request already authenticated."); + AccessControlContext acc = AccessController.getContext(); + req.setAttribute(REMOTE_USER, CurrentUser.getUsername()); + req.setAttribute(AccessControlContext.class.getName(), acc); + } + + public final static void clearRequestSecurity(RemoteAuthRequest req) { + if (req.getAttribute(AccessControlContext.class.getName()) == null) + throw new IllegalStateException("Cannot clear non-authenticated request."); + req.setAttribute(REMOTE_USER, null); + req.setAttribute(AccessControlContext.class.getName(), null); + } + + public static CmsSession getCmsSession(RemoteAuthRequest req) { + Subject subject = Subject + .getSubject((AccessControlContext) req.getAttribute(AccessControlContext.class.getName())); + CmsSession cmsSession = CmsOsgiUtils.getCmsSession(bundleContext, subject); + return cmsSession; + } +}