X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FCurrentUser.java;h=ef56adc33a318773941ac56a69d3fec202e6e862;hb=faf5a48ce8b1d78fb812e0a525f8e20e84d690ad;hp=68848f7df7bc7b658efbd1b14fcb17f215f5a4ba;hpb=7e333073d07b780efe681306a1842a750cbea83c;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java b/org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java index 68848f7df..ef56adc33 100644 --- a/org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java +++ b/org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java @@ -17,22 +17,37 @@ package org.argeo.cms.auth; import java.security.AccessController; import java.security.Principal; +import java.security.PrivilegedAction; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; import java.security.acl.Group; import java.util.HashSet; import java.util.Set; +import java.util.UUID; import javax.security.auth.Subject; import javax.security.auth.x500.X500Principal; import org.argeo.cms.CmsException; -import org.argeo.eclipse.ui.specific.UiContext; +import org.argeo.cms.internal.auth.CmsSessionImpl; import org.argeo.node.NodeConstants; -import org.argeo.node.security.NodeAuthenticated; import org.osgi.service.useradmin.Authorization; -/** Static utilities */ +/** + * Programmatic access to the currently authenticated user, within a CMS + * context. + */ public final class CurrentUser { +// private final static Log log = LogFactory.getLog(CurrentUser.class); + // private final static BundleContext bc = + // FrameworkUtil.getBundle(CurrentUser.class).getBundleContext(); + /* + * CURRENT USER API + */ + /** + * Technical username of the currently authenticated user. + * * @return the authenticated username or null if not authenticated / * anonymous */ @@ -40,39 +55,44 @@ public final class CurrentUser { return getUsername(currentSubject()); } + /** + * Human readable name of the currently authenticated user (typically first + * name and last name). + */ public static String getDisplayName() { return getDisplayName(currentSubject()); } + /** Whether a user is currently authenticated. */ public static boolean isAnonymous() { return isAnonymous(currentSubject()); } - public static boolean isAnonymous(Subject subject) { - if (subject == null) - return true; - String username = getUsername(subject); - return username == null || username.equalsIgnoreCase(NodeConstants.ROLE_ANONYMOUS); + /** Roles of the currently logged-in user */ + public final static Set roles() { + return roles(currentSubject()); } - private static Subject currentSubject() { - NodeAuthenticated cmsView = getNodeAuthenticated(); - if (cmsView != null) - return cmsView.getLoginContext().getSubject(); - Subject subject = Subject.getSubject(AccessController.getContext()); - if (subject != null) - return subject; - throw new CmsException("Cannot find related subject"); + /** Returns true if the current user is in the specified role */ + public static boolean isInRole(String role) { + Set roles = roles(); + return roles.contains(role); } - /** - * The node authenticated component (typically a CMS view) related to this - * display, or null if none is available from this call. - */ - public static NodeAuthenticated getNodeAuthenticated() { - return UiContext.getData(NodeAuthenticated.KEY); + /** Executes as the current user */ + public final static T doAs(PrivilegedAction action) { + return Subject.doAs(currentSubject(), action); } + /** Executes as the current user */ + public final static T tryAs(PrivilegedExceptionAction action) throws PrivilegedActionException { + return Subject.doAs(currentSubject(), action); + } + + /* + * WRAPPERS + */ + public final static String getUsername(Subject subject) { if (subject == null) throw new CmsException("Subject cannot be null"); @@ -86,14 +106,6 @@ public final class CurrentUser { return getAuthorization(subject).toString(); } - private static Authorization getAuthorization(Subject subject) { - return subject.getPrivateCredentials(Authorization.class).iterator().next(); - } - - public final static Set roles() { - return roles(currentSubject()); - } - public final static Set roles(Subject subject) { Set roles = new HashSet(); roles.add(getUsername(subject)); @@ -103,6 +115,67 @@ public final class CurrentUser { return roles; } + /** Whether this user is currently authenticated. */ + public static boolean isAnonymous(Subject subject) { + if (subject == null) + return true; + String username = getUsername(subject); + return username == null || username.equalsIgnoreCase(NodeConstants.ROLE_ANONYMOUS); + } + + public CmsSession getCmsSession() { + Subject subject = currentSubject(); + CmsSessionId cmsSessionId = subject.getPrivateCredentials(CmsSessionId.class).iterator().next(); + return CmsSessionImpl.getByUuid(cmsSessionId.getUuid()); + } + + /* + * HELPERS + */ + private static Subject currentSubject() { + // CmsAuthenticated cmsView = getNodeAuthenticated(); + // if (cmsView != null) + // return cmsView.getSubject(); + Subject subject = getAccessControllerSubject(); + if (subject != null) + return subject; + throw new CmsException("Cannot find related subject"); + } + + private static Subject getAccessControllerSubject() { + return Subject.getSubject(AccessController.getContext()); + } + + // public static boolean isAuthenticated() { + // return getAccessControllerSubject() != null; + // } + + /** + * The node authenticated component (typically a CMS view) related to this + * display, or null if none is available from this call. Not API: Only + * for low-level access. + */ + // private static CmsAuthenticated getNodeAuthenticated() { + // return UiContext.getData(CmsAuthenticated.KEY); + // } + + private static Authorization getAuthorization(Subject subject) { + return subject.getPrivateCredentials(Authorization.class).iterator().next(); + } + + public static boolean logoutCmsSession(Subject subject) { + UUID nodeSessionId; + if (subject.getPrivateCredentials(CmsSessionId.class).size() == 1) + nodeSessionId = subject.getPrivateCredentials(CmsSessionId.class).iterator().next().getUuid(); + else + return false; + CmsSessionImpl cmsSession = CmsSessionImpl.getByUuid(nodeSessionId.toString()); + cmsSession.close(); +// if (log.isDebugEnabled()) +// log.debug("Logged out CMS session " + cmsSession.getUuid()); + return true; + } + private CurrentUser() { } }