]> git.argeo.org Git - lgpl/argeo-commons.git/blob - org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java
projects / lgpl / argeo-commons.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Fix MANIFEST generation issues.
[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / auth / CurrentUser.java
1 package org.argeo.cms.auth;
2
3 import java.security.AccessController;
4 import java.security.Principal;
5 import java.security.PrivilegedAction;
6 import java.security.PrivilegedActionException;
7 import java.security.PrivilegedExceptionAction;
8 import java.util.HashSet;
9 import java.util.Locale;
10 import java.util.Set;
11 import java.util.UUID;
12
13 import javax.security.auth.Subject;
14 import javax.security.auth.x500.X500Principal;
15
16 import org.argeo.api.cms.CmsConstants;
17 import org.argeo.api.cms.CmsSession;
18 import org.argeo.api.cms.CmsSessionId;
19 import org.argeo.cms.internal.auth.CmsSessionImpl;
20 import org.argeo.cms.internal.auth.ImpliedByPrincipal;
21 import org.argeo.cms.internal.runtime.CmsContextImpl;
22 import org.osgi.service.useradmin.Authorization;
23
24 /**
25 * Programmatic access to the currently authenticated user, within a CMS
26 * context.
27 */
28 public final class CurrentUser {
29 /*
30 * CURRENT USER API
31 */
32
33 /**
34 * Technical username of the currently authenticated user.
35 *
36 * @return the authenticated username or null if not authenticated / anonymous
37 */
38 public static String getUsername() {
39 return getUsername(currentSubject());
40 }
41
42 /**
43 * Human readable name of the currently authenticated user (typically first name
44 * and last name).
45 */
46 public static String getDisplayName() {
47 return getDisplayName(currentSubject());
48 }
49
50 /** Whether a user is currently authenticated. */
51 public static boolean isAnonymous() {
52 return isAnonymous(currentSubject());
53 }
54
55 /** Locale of the current user */
56 public final static Locale locale() {
57 return locale(currentSubject());
58 }
59
60 /** Roles of the currently logged-in user */
61 public final static Set<String> roles() {
62 return roles(currentSubject());
63 }
64
65 /** Returns true if the current user is in the specified role */
66 public static boolean isInRole(String role) {
67 Set<String> roles = roles();
68 return roles.contains(role);
69 }
70
71 /** Executes as the current user */
72 public final static <T> T doAs(PrivilegedAction<T> action) {
73 return Subject.doAs(currentSubject(), action);
74 }
75
76 /** Executes as the current user */
77 public final static <T> T tryAs(PrivilegedExceptionAction<T> action) throws PrivilegedActionException {
78 return Subject.doAs(currentSubject(), action);
79 }
80
81 /*
82 * WRAPPERS
83 */
84
85 public final static String getUsername(Subject subject) {
86 if (subject == null)
87 throw new IllegalArgumentException("Subject cannot be null");
88 if (subject.getPrincipals(X500Principal.class).size() != 1)
89 return CmsConstants.ROLE_ANONYMOUS;
90 Principal principal = subject.getPrincipals(X500Principal.class).iterator().next();
91 return principal.getName();
92 }
93
94 public final static String getDisplayName(Subject subject) {
95 return getAuthorization(subject).toString();
96 }
97
98 public final static Set<String> roles(Subject subject) {
99 Set<String> roles = new HashSet<String>();
100 roles.add(getUsername(subject));
101 for (Principal group : subject.getPrincipals(ImpliedByPrincipal.class)) {
102 roles.add(group.getName());
103 }
104 return roles;
105 }
106
107 public final static Locale locale(Subject subject) {
108 Set<Locale> locales = subject.getPublicCredentials(Locale.class);
109 if (locales.isEmpty()) {
110 Locale defaultLocale = CmsContextImpl.getCmsContext().getDefaultLocale();
111 return defaultLocale;
112 } else
113 return locales.iterator().next();
114 }
115
116 /** Whether this user is currently authenticated. */
117 public static boolean isAnonymous(Subject subject) {
118 if (subject == null)
119 return true;
120 String username = getUsername(subject);
121 return username == null || username.equalsIgnoreCase(CmsConstants.ROLE_ANONYMOUS);
122 }
123
124 public CmsSession getCmsSession() {
125 Subject subject = currentSubject();
126 CmsSessionId cmsSessionId = subject.getPrivateCredentials(CmsSessionId.class).iterator().next();
127 return CmsSessionImpl.getByUuid(cmsSessionId.getUuid());
128 }
129
130 /*
131 * HELPERS
132 */
133 private static Subject currentSubject() {
134 Subject subject = getAccessControllerSubject();
135 if (subject != null)
136 return subject;
137 throw new IllegalStateException("Cannot find related subject");
138 }
139
140 private static Subject getAccessControllerSubject() {
141 return Subject.getSubject(AccessController.getContext());
142 }
143
144 private static Authorization getAuthorization(Subject subject) {
145 return subject.getPrivateCredentials(Authorization.class).iterator().next();
146 }
147
148 public static boolean logoutCmsSession(Subject subject) {
149 UUID nodeSessionId;
150 if (subject.getPrivateCredentials(CmsSessionId.class).size() == 1)
151 nodeSessionId = subject.getPrivateCredentials(CmsSessionId.class).iterator().next().getUuid();
152 else
153 return false;
154 CmsSessionImpl cmsSession = CmsSessionImpl.getByUuid(nodeSessionId.toString());
155
156 // FIXME logout all views
157 // TODO check why it is sometimes null
158 if (cmsSession != null)
159 cmsSession.close();
160 // if (log.isDebugEnabled())
161 // log.debug("Logged out CMS session " + cmsSession.getUuid());
162 return true;
163 }
164
165 private CurrentUser() {
166 }
167 }
Argeo Commons - Lightweight integration framework in pure Java/OSGi