From a24df5e9ef0900033b0e431a819432101bdb1fc4 Mon Sep 17 00:00:00 2001 From: Mathieu Baudier Date: Sat, 21 Jan 2017 16:12:19 +0100 Subject: [PATCH] Clarify CurrentUser API. Add doAs(). --- .../src/org/argeo/cms/auth/CurrentUser.java | 100 ++++++++++++------ 1 file changed, 69 insertions(+), 31 deletions(-) diff --git a/org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java b/org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java index a23822b21..33a226737 100644 --- a/org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java +++ b/org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java @@ -17,6 +17,9 @@ package org.argeo.cms.auth; import java.security.AccessController; import java.security.Principal; +import java.security.PrivilegedAction; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; import java.security.acl.Group; import java.util.HashSet; import java.util.Set; @@ -30,10 +33,18 @@ import org.argeo.node.NodeConstants; import org.argeo.node.security.NodeAuthenticated; import org.osgi.service.useradmin.Authorization; -/** Static utilities */ +/** + * Programmatic access to the currently authenticated user, within a CMS + * context. + */ public final class CurrentUser { + /* + * CURRENT USER API + */ /** + * Technical username of the currently authenticated user. + * * @return the authenticated username or null if not authenticated / * anonymous */ @@ -41,41 +52,59 @@ public final class CurrentUser { return getUsername(currentSubject()); } + /** + * Human readable name of the currently authenticated user (typically first + * name and last name). + */ public static String getDisplayName() { return getDisplayName(currentSubject()); } + /** Whether a user is currently authenticated. */ public static boolean isAnonymous() { return isAnonymous(currentSubject()); } + /** + * Whether a user is currently authenticated. @deprecate User !isAnonymous() + * instead. + */ + @Deprecated public static boolean isRegistered() { return !isAnonymous(); } - public static boolean isAnonymous(Subject subject) { - if (subject == null) - return true; - String username = getUsername(subject); - return username == null - || username.equalsIgnoreCase(NodeConstants.ROLE_ANONYMOUS); + /** Roles of the currently logged-in user */ + public final static Set roles() { + return roles(currentSubject()); } - /** - * The node authenticated component (typically a CMS view) related to this - * display, or null if none is available from this call. - */ - public static NodeAuthenticated getNodeAuthenticated() { - return UiContext.getData(NodeAuthenticated.KEY); + /** Returns true if the current user is in the specified role */ + public static boolean isInRole(String role) { + Set roles = roles(); + return roles.contains(role); + } + + /** Executes as the current user */ + public final static T doAs(PrivilegedAction action) { + return Subject.doAs(currentSubject(), action); } + /** Executes as the current user */ + public final static T doAs(PrivilegedExceptionAction action) throws PrivilegedActionException { + return Subject.doAs(currentSubject(), action); + } + + /* + * WRAPPERS + */ + public final static String getUsername(Subject subject) { if (subject == null) throw new CmsException("Subject cannot be null"); if (subject.getPrincipals(X500Principal.class).size() != 1) return NodeConstants.ROLE_ANONYMOUS; - Principal principal = subject.getPrincipals(X500Principal.class) - .iterator().next(); + Principal principal = subject.getPrincipals(X500Principal.class).iterator().next(); return principal.getName(); } @@ -83,14 +112,25 @@ public final class CurrentUser { return getAuthorization(subject).toString(); } - private static Authorization getAuthorization(Subject subject) { - return subject.getPrivateCredentials(Authorization.class).iterator() - .next(); + public final static Set roles(Subject subject) { + Set roles = new HashSet(); + roles.add(getUsername(subject)); + for (Principal group : subject.getPrincipals(Group.class)) { + roles.add(group.getName()); + } + return roles; } - public final static Set roles() { - return roles(currentSubject()); + /** Whether this user is currently authenticated. */ + public static boolean isAnonymous(Subject subject) { + if (subject == null) + return true; + String username = getUsername(subject); + return username == null || username.equalsIgnoreCase(NodeConstants.ROLE_ANONYMOUS); } + /* + * HELPERS + */ private static Subject currentSubject() { NodeAuthenticated cmsView = getNodeAuthenticated(); @@ -102,19 +142,17 @@ public final class CurrentUser { throw new CmsException("Cannot find related subject"); } - /** Returns true if the current user is in the specified role */ - public static boolean isInRole(String role) { - Set roles = roles(); - return roles.contains(role); + /** + * The node authenticated component (typically a CMS view) related to this + * display, or null if none is available from this call. Not API: Only + * for low-level access. + */ + private static NodeAuthenticated getNodeAuthenticated() { + return UiContext.getData(NodeAuthenticated.KEY); } - public final static Set roles(Subject subject) { - Set roles = new HashSet(); - roles.add(getUsername(subject)); - for (Principal group : subject.getPrincipals(Group.class)) { - roles.add(group.getName()); - } - return roles; + private static Authorization getAuthorization(Subject subject) { + return subject.getPrivateCredentials(Authorization.class).iterator().next(); } private CurrentUser() { -- 2.30.2