X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FCurrentUser.java;h=e1425015c1838965df660d6d982238bdacb65ea6;hb=4e5217621733b3f8b9c2427a688a18c68dbc1e5d;hp=3fef3033d6e04a32215cf4116baefa504577b81e;hpb=a847fccbcfed504b2526c137a46d1e0238c28cf5;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java b/org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java index 3fef3033d..e1425015c 100644 --- a/org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java +++ b/org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java @@ -20,17 +20,19 @@ import java.security.Principal; import java.security.PrivilegedAction; import java.security.PrivilegedActionException; import java.security.PrivilegedExceptionAction; -import java.security.acl.Group; import java.util.HashSet; +import java.util.Locale; import java.util.Set; +import java.util.UUID; import javax.security.auth.Subject; import javax.security.auth.x500.X500Principal; +import org.argeo.api.NodeConstants; import org.argeo.cms.CmsException; -import org.argeo.eclipse.ui.specific.UiContext; -import org.argeo.node.NodeConstants; -import org.argeo.node.security.NodeAuthenticated; +import org.argeo.cms.internal.auth.CmsSessionImpl; +import org.argeo.cms.internal.auth.ImpliedByPrincipal; +import org.argeo.cms.internal.kernel.Activator; import org.osgi.service.useradmin.Authorization; /** @@ -38,6 +40,9 @@ import org.osgi.service.useradmin.Authorization; * context. */ public final class CurrentUser { + // private final static Log log = LogFactory.getLog(CurrentUser.class); + // private final static BundleContext bc = + // FrameworkUtil.getBundle(CurrentUser.class).getBundleContext(); /* * CURRENT USER API */ @@ -45,16 +50,15 @@ public final class CurrentUser { /** * Technical username of the currently authenticated user. * - * @return the authenticated username or null if not authenticated / - * anonymous + * @return the authenticated username or null if not authenticated / anonymous */ public static String getUsername() { return getUsername(currentSubject()); } /** - * Human readable name of the currently authenticated user (typically first - * name and last name). + * Human readable name of the currently authenticated user (typically first name + * and last name). */ public static String getDisplayName() { return getDisplayName(currentSubject()); @@ -65,6 +69,11 @@ public final class CurrentUser { return isAnonymous(currentSubject()); } + /** Locale of the current user */ + public final static Locale locale() { + return locale(currentSubject()); + } + /** Roles of the currently logged-in user */ public final static Set roles() { return roles(currentSubject()); @@ -82,7 +91,7 @@ public final class CurrentUser { } /** Executes as the current user */ - public final static T doAs(PrivilegedExceptionAction action) throws PrivilegedActionException { + public final static T tryAs(PrivilegedExceptionAction action) throws PrivilegedActionException { return Subject.doAs(currentSubject(), action); } @@ -106,12 +115,21 @@ public final class CurrentUser { public final static Set roles(Subject subject) { Set roles = new HashSet(); roles.add(getUsername(subject)); - for (Principal group : subject.getPrincipals(Group.class)) { + for (Principal group : subject.getPrincipals(ImpliedByPrincipal.class)) { roles.add(group.getName()); } return roles; } + public final static Locale locale(Subject subject) { + Set locales = subject.getPublicCredentials(Locale.class); + if (locales.isEmpty()) { + Locale defaultLocale = Activator.getNodeState().getDefaultLocale(); + return defaultLocale; + } else + return locales.iterator().next(); + } + /** Whether this user is currently authenticated. */ public static boolean isAnonymous(Subject subject) { if (subject == null) @@ -119,33 +137,60 @@ public final class CurrentUser { String username = getUsername(subject); return username == null || username.equalsIgnoreCase(NodeConstants.ROLE_ANONYMOUS); } + + public CmsSession getCmsSession() { + Subject subject = currentSubject(); + CmsSessionId cmsSessionId = subject.getPrivateCredentials(CmsSessionId.class).iterator().next(); + return CmsSessionImpl.getByUuid(cmsSessionId.getUuid()); + } + /* * HELPERS */ - private static Subject currentSubject() { - NodeAuthenticated cmsView = getNodeAuthenticated(); - if (cmsView != null) - return cmsView.getLoginContext().getSubject(); - Subject subject = Subject.getSubject(AccessController.getContext()); + // CmsAuthenticated cmsView = getNodeAuthenticated(); + // if (cmsView != null) + // return cmsView.getSubject(); + Subject subject = getAccessControllerSubject(); if (subject != null) return subject; throw new CmsException("Cannot find related subject"); } + private static Subject getAccessControllerSubject() { + return Subject.getSubject(AccessController.getContext()); + } + + // public static boolean isAuthenticated() { + // return getAccessControllerSubject() != null; + // } + /** * The node authenticated component (typically a CMS view) related to this - * display, or null if none is available from this call. Not API: Only - * for low-level access. + * display, or null if none is available from this call. Not API: Only for + * low-level access. */ - private static NodeAuthenticated getNodeAuthenticated() { - return UiContext.getData(NodeAuthenticated.KEY); - } + // private static CmsAuthenticated getNodeAuthenticated() { + // return UiContext.getData(CmsAuthenticated.KEY); + // } private static Authorization getAuthorization(Subject subject) { return subject.getPrivateCredentials(Authorization.class).iterator().next(); } + public static boolean logoutCmsSession(Subject subject) { + UUID nodeSessionId; + if (subject.getPrivateCredentials(CmsSessionId.class).size() == 1) + nodeSessionId = subject.getPrivateCredentials(CmsSessionId.class).iterator().next().getUuid(); + else + return false; + CmsSessionImpl cmsSession = CmsSessionImpl.getByUuid(nodeSessionId.toString()); + cmsSession.close(); + // if (log.isDebugEnabled()) + // log.debug("Logged out CMS session " + cmsSession.getUuid()); + return true; + } + private CurrentUser() { } }