org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java

   1 package org.argeo.cms.auth;
   2
   3 import java.security.Principal;
   4 import java.security.PrivilegedAction;
   5 import java.security.PrivilegedActionException;
   6 import java.security.PrivilegedExceptionAction;
   7 import java.util.HashSet;
   8 import java.util.Iterator;
   9 import java.util.Locale;
  10 import java.util.Set;
  11 import java.util.UUID;
  12
  13 import javax.security.auth.Subject;
  14 import javax.security.auth.x500.X500Principal;
  15
  16 import org.argeo.api.acr.NamespaceUtils;
  17 import org.argeo.api.cms.CmsConstants;
  18 import org.argeo.api.cms.CmsSession;
  19 import org.argeo.api.cms.CmsSessionId;
  20 import org.argeo.cms.internal.auth.CmsSessionImpl;
  21 import org.argeo.cms.internal.auth.ImpliedByPrincipal;
  22 import org.argeo.cms.internal.runtime.CmsContextImpl;
  23 import org.argeo.util.CurrentSubject;
  24 import org.osgi.service.useradmin.Authorization;
  25
  26 /**
  27  * Programmatic access to the currently authenticated user, within a CMS
  28  * context.
  29  */
  30 public final class CurrentUser {
  31         /*
  32          * CURRENT USER API
  33          */
  34
  35         /**
  36          * Technical username of the currently authenticated user.
  37          *
  38          * @return the authenticated username or null if not authenticated / anonymous
  39          */
  40         public static String getUsername() {
  41                 return getUsername(currentSubject());
  42         }
  43
  44         /**
  45          * Human readable name of the currently authenticated user (typically first name
  46          * and last name).
  47          */
  48         public static String getDisplayName() {
  49                 return getDisplayName(currentSubject());
  50         }
  51
  52         /** Whether a user is currently authenticated. */
  53         public static boolean isAnonymous() {
  54                 return isAnonymous(currentSubject());
  55         }
  56
  57         /** Locale of the current user */
  58         public final static Locale locale() {
  59                 return locale(currentSubject());
  60         }
  61
  62         /** Roles of the currently logged-in user */
  63         public final static Set<String> roles() {
  64                 return roles(currentSubject());
  65         }
  66
  67         /** Returns true if the current user is in the specified role */
  68         public static boolean isInRole(String role) {
  69                 Set<String> roles = roles();
  70                 return roles.contains(role);
  71         }
  72
  73         /** Implies this {@link SystemRole} in this context. */
  74         public final static boolean implies(SystemRole role, String context) {
  75                 return role.implied(currentSubject(), context);
  76         }
  77
  78         /** Implies this {@link SystemRole} in this context. */
  79         public final static boolean implies(String role, String context) {
  80                 return SystemRole.implied(NamespaceUtils.parsePrefixedName(role), currentSubject(), context);
  81         }
  82
  83         /** Executes as the current user */
  84         public final static <T> T doAs(PrivilegedAction<T> action) {
  85                 return Subject.doAs(currentSubject(), action);
  86         }
  87
  88         /** Executes as the current user */
  89         public final static <T> T tryAs(PrivilegedExceptionAction<T> action) throws PrivilegedActionException {
  90                 return Subject.doAs(currentSubject(), action);
  91         }
  92
  93         /*
  94          * WRAPPERS
  95          */
  96
  97         public final static String getUsername(Subject subject) {
  98                 if (subject == null)
  99                         throw new IllegalArgumentException("Subject cannot be null");
 100                 if (subject.getPrincipals(X500Principal.class).size() != 1)
 101                         return CmsConstants.ROLE_ANONYMOUS;
 102                 Principal principal = subject.getPrincipals(X500Principal.class).iterator().next();
 103                 return principal.getName();
 104         }
 105
 106         public final static String getDisplayName(Subject subject) {
 107                 return getAuthorization(subject).toString();
 108         }
 109
 110         public final static Set<String> roles(Subject subject) {
 111                 Set<String> roles = new HashSet<String>();
 112                 roles.add(getUsername(subject));
 113                 for (Principal group : subject.getPrincipals(ImpliedByPrincipal.class)) {
 114                         roles.add(group.getName());
 115                 }
 116                 return roles;
 117         }
 118
 119         public final static Locale locale(Subject subject) {
 120                 Set<Locale> locales = subject.getPublicCredentials(Locale.class);
 121                 if (locales.isEmpty()) {
 122                         Locale defaultLocale = CmsContextImpl.getCmsContext().getDefaultLocale();
 123                         return defaultLocale;
 124                 } else
 125                         return locales.iterator().next();
 126         }
 127
 128         /** Whether this user is currently authenticated. */
 129         public static boolean isAnonymous(Subject subject) {
 130                 if (subject == null)
 131                         return true;
 132                 String username = getUsername(subject);
 133                 return username == null || username.equalsIgnoreCase(CmsConstants.ROLE_ANONYMOUS);
 134         }
 135
 136         public static CmsSession getCmsSession() {
 137                 Subject subject = currentSubject();
 138                 Iterator<CmsSessionId> it = subject.getPrivateCredentials(CmsSessionId.class).iterator();
 139                 if (!it.hasNext())
 140                         throw new IllegalStateException("No CMS session id available for " + subject);
 141                 CmsSessionId cmsSessionId = it.next();
 142                 if (it.hasNext())
 143                         throw new IllegalStateException("More than one CMS session id available for " + subject);
 144                 return CmsContextImpl.getCmsContext().getCmsSessionByUuid(cmsSessionId.getUuid());
 145         }
 146
 147         public static boolean isAvailable() {
 148                 return CurrentSubject.current() != null;
 149         }
 150
 151         /*
 152          * HELPERS
 153          */
 154         private static Subject currentSubject() {
 155                 Subject subject = CurrentSubject.current();
 156                 if (subject == null)
 157                         throw new IllegalStateException("Cannot find related subject");
 158                 return subject;
 159         }
 160
 161         private static Authorization getAuthorization(Subject subject) {
 162                 return subject.getPrivateCredentials(Authorization.class).iterator().next();
 163         }
 164
 165         public static boolean logoutCmsSession(Subject subject) {
 166                 UUID nodeSessionId;
 167                 if (subject.getPrivateCredentials(CmsSessionId.class).size() == 1)
 168                         nodeSessionId = subject.getPrivateCredentials(CmsSessionId.class).iterator().next().getUuid();
 169                 else
 170                         return false;
 171                 CmsSessionImpl cmsSession = CmsContextImpl.getCmsContext().getCmsSessionByUuid(nodeSessionId);
 172
 173                 // FIXME logout all views
 174                 // TODO check why it is sometimes null
 175                 if (cmsSession != null)
 176                         cmsSession.close();
 177                 // if (log.isDebugEnabled())
 178                 // log.debug("Logged out CMS session " + cmsSession.getUuid());
 179                 return true;
 180         }
 181
 182         /** singleton */
 183         private CurrentUser() {
 184         }
 185 }