X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.security.core%2Fsrc%2Forg%2Fargeo%2Fsecurity%2FSecurityUtils.java;h=b3b0f37f3687d7f66fea691e46083f3617e909b4;hb=86140b8db15a11cfd942892eface6a4f90329a41;hp=44ddeac865a00b8c436d1ef795b2855986358c65;hpb=b3b39d5606a0c48d64a804f4aff5459ea3addc31;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.security.core/src/org/argeo/security/SecurityUtils.java b/org.argeo.security.core/src/org/argeo/security/SecurityUtils.java index 44ddeac86..b3b0f37f3 100644 --- a/org.argeo.security.core/src/org/argeo/security/SecurityUtils.java +++ b/org.argeo.security.core/src/org/argeo/security/SecurityUtils.java @@ -15,35 +15,26 @@ */ package org.argeo.security; -import java.util.ArrayList; -import java.util.Collection; +import java.security.AccessController; +import java.security.Principal; +import java.security.acl.Group; import java.util.Collections; -import java.util.List; +import java.util.HashSet; +import java.util.Set; -import org.springframework.security.authentication.AnonymousAuthenticationToken; -import org.springframework.security.core.Authentication; -import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.core.context.SecurityContext; -import org.springframework.security.core.context.SecurityContextHolder; +import javax.security.auth.Subject; +import javax.security.auth.x500.X500Principal; -/** Static utilities */ -public class SecurityUtils { +import org.argeo.ArgeoException; +/** Static utilities */ +public final class SecurityUtils { private SecurityUtils() { } /** Whether the current thread has the admin role */ public static boolean hasCurrentThreadAuthority(String authority) { - SecurityContext securityContext = SecurityContextHolder.getContext(); - if (securityContext != null) { - Authentication authentication = securityContext.getAuthentication(); - if (authentication != null) { - for (GrantedAuthority ga : authentication.getAuthorities()) - if (ga.getAuthority().equals(authority)) - return true; - } - } - return false; + return roles().contains(authority); } /** @@ -51,49 +42,32 @@ public class SecurityUtils { * anonymous */ public static String getCurrentThreadUsername() { - SecurityContext securityContext = SecurityContextHolder.getContext(); - if (securityContext != null) { - Authentication authentication = securityContext.getAuthentication(); - if (authentication != null) { - if (authentication instanceof AnonymousAuthenticationToken) { - return null; - } - return authentication.getName(); - } - } - return null; + return getUsername(); } - /** - * Returns the display name of the user details (by calling toString() on - * it) - */ - public static String getUserDetailsDisplayName() { - SecurityContext securityContext = SecurityContextHolder.getContext(); - if (securityContext != null) { - Authentication authentication = securityContext.getAuthentication(); - if (authentication != null) { - if (authentication instanceof AnonymousAuthenticationToken) { - return null; - } - Object details = authentication.getDetails(); - if (details != null) - return details.toString(); - return authentication.getName(); - } - } - return null; + public final static String getUsername() { + Subject subject = Subject.getSubject(AccessController.getContext()); + if (subject == null) + return null; + if (subject.getPrincipals(X500Principal.class).size() != 1) + return null; + Principal principal = subject.getPrincipals(X500Principal.class) + .iterator().next(); + return principal.getName(); + } - /** - * Converts an array of Spring Security {@link GrantedAuthority} to a - * read-only list of strings, for portability and integration - */ - public static List authoritiesToStringList( - Collection authorities) { - List lst = new ArrayList(); - for (GrantedAuthority ga : authorities) - lst.add(ga.getAuthority()); - return Collections.unmodifiableList(lst); + public final static Set roles() { + Set roles = Collections.synchronizedSet(new HashSet()); + Subject subject = Subject.getSubject(AccessController.getContext()); + if (subject == null) + throw new ArgeoException("Not authenticated."); + X500Principal userPrincipal = subject + .getPrincipals(X500Principal.class).iterator().next(); + roles.add(userPrincipal.getName()); + for (Principal group : subject.getPrincipals(Group.class)) { + roles.add(group.getName()); + } + return roles; } }