X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.security.core%2Fsrc%2Forg%2Fargeo%2Fsecurity%2FSecurityUtils.java;h=e1f7899a5f52227515f0e24b3157e64e7c32446d;hb=9dba7b01008499bdaf15c754190906d3200713fe;hp=8c6715446a96ec78cff35bd0176f3584ffadab69;hpb=759a7c0396796565b231738b855c8b0a8413be6b;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.security.core/src/org/argeo/security/SecurityUtils.java b/org.argeo.security.core/src/org/argeo/security/SecurityUtils.java
index 8c6715446..e1f7899a5 100644
--- a/org.argeo.security.core/src/org/argeo/security/SecurityUtils.java
+++ b/org.argeo.security.core/src/org/argeo/security/SecurityUtils.java
@@ -15,45 +15,27 @@
  */
 package org.argeo.security;
 
-import java.util.ArrayList;
-import java.util.Collection;
+import java.security.AccessController;
+import java.security.Principal;
+import java.security.acl.Group;
 import java.util.Collections;
-import java.util.List;
-import java.util.UUID;
+import java.util.HashSet;
+import java.util.Set;
 
-import org.springframework.security.authentication.AnonymousAuthenticationToken;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.context.SecurityContext;
-import org.springframework.security.core.context.SecurityContextHolder;
+import javax.security.auth.Subject;
+import javax.security.auth.x500.X500Principal;
+
+import org.argeo.ArgeoException;
+import org.osgi.service.useradmin.Authorization;
 
 /** Static utilities */
 public final class SecurityUtils {
-	private final static String systemKey = UUID.randomUUID().toString();
-
 	private SecurityUtils() {
 	}
 
-	/**
-	 * @return a String which is guaranteed to be unique between and constant
-	 *         within a Java static context (typically a VM launch)
-	 */
-	public final static String getStaticKey() {
-		return systemKey;
-	}
-
 	/** Whether the current thread has the admin role */
 	public static boolean hasCurrentThreadAuthority(String authority) {
-		SecurityContext securityContext = SecurityContextHolder.getContext();
-		if (securityContext != null) {
-			Authentication authentication = securityContext.getAuthentication();
-			if (authentication != null) {
-				for (GrantedAuthority ga : authentication.getAuthorities())
-					if (ga.getAuthority().equals(authority))
-						return true;
-			}
-		}
-		return false;
+		return roles().contains(authority);
 	}
 
 	/**
@@ -61,49 +43,44 @@ public final class SecurityUtils {
 	 *         anonymous
 	 */
 	public static String getCurrentThreadUsername() {
-		SecurityContext securityContext = SecurityContextHolder.getContext();
-		if (securityContext != null) {
-			Authentication authentication = securityContext.getAuthentication();
-			if (authentication != null) {
-				if (authentication instanceof AnonymousAuthenticationToken) {
-					return null;
-				}
-				return authentication.getName();
-			}
-		}
-		return null;
+		Subject subject = Subject.getSubject(AccessController.getContext());
+		if (subject == null)
+			return null;
+		return getUsername(subject);
 	}
 
-	/**
-	 * Returns the display name of the user details (by calling toString() on
-	 * it)
-	 */
-	public static String getUserDetailsDisplayName() {
-		SecurityContext securityContext = SecurityContextHolder.getContext();
-		if (securityContext != null) {
-			Authentication authentication = securityContext.getAuthentication();
-			if (authentication != null) {
-				if (authentication instanceof AnonymousAuthenticationToken) {
-					return null;
-				}
-				Object details = authentication.getDetails();
-				if (details != null)
-					return details.toString();
-				return authentication.getName();
-			}
-		}
-		return null;
+	public final static String getUsername(Subject subject) {
+		// Subject subject = Subject.getSubject(AccessController.getContext());
+		// if (subject == null)
+		// return null;
+		if (subject.getPrincipals(X500Principal.class).size() != 1)
+			return null;
+		Principal principal = subject.getPrincipals(X500Principal.class)
+				.iterator().next();
+		return principal.getName();
+
 	}
 
-	/**
-	 * Converts an array of Spring Security {@link GrantedAuthority} to a
-	 * read-only list of strings, for portability and integration
-	 */
-	public static List<String> authoritiesToStringList(
-			Collection<? extends GrantedAuthority> authorities) {
-		List<String> lst = new ArrayList<String>();
-		for (GrantedAuthority ga : authorities)
-			lst.add(ga.getAuthority());
-		return Collections.unmodifiableList(lst);
+	public final static String getDisplayName(Subject subject) {
+		return getAuthorization(subject).toString();
+	}
+
+	public final static Authorization getAuthorization(Subject subject) {
+		return subject.getPrivateCredentials(Authorization.class).iterator()
+				.next();
+	}
+
+	public final static Set<String> roles() {
+		Set<String> roles = Collections.synchronizedSet(new HashSet<String>());
+		Subject subject = Subject.getSubject(AccessController.getContext());
+		if (subject == null)
+			throw new ArgeoException("Not authenticated.");
+		X500Principal userPrincipal = subject
+				.getPrincipals(X500Principal.class).iterator().next();
+		roles.add(userPrincipal.getName());
+		for (Principal group : subject.getPrincipals(Group.class)) {
+			roles.add(group.getName());
+		}
+		return roles;
 	}
 }