org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java

   1 /*
   2  * Copyright (C) 2007-2012 Argeo GmbH
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *         http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16 package org.argeo.cms.auth;
  17
  18 import java.security.AccessController;
  19 import java.security.Principal;
  20 import java.security.acl.Group;
  21 import java.util.HashSet;
  22 import java.util.Set;
  23
  24 import javax.security.auth.Subject;
  25 import javax.security.auth.x500.X500Principal;
  26
  27 import org.argeo.cms.CmsException;
  28 import org.argeo.eclipse.ui.specific.UiContext;
  29 import org.argeo.node.NodeConstants;
  30 import org.argeo.node.security.NodeAuthenticated;
  31 import org.osgi.service.useradmin.Authorization;
  32
  33 /** Static utilities */
  34 public final class CurrentUser {
  35
  36         /**
  37          * @return the authenticated username or null if not authenticated /
  38          *         anonymous
  39          */
  40         public static String getUsername() {
  41                 return getUsername(currentSubject());
  42         }
  43
  44         public static String getDisplayName() {
  45                 return getDisplayName(currentSubject());
  46         }
  47
  48         public static boolean isAnonymous() {
  49                 return isAnonymous(currentSubject());
  50         }
  51
  52         public static boolean isRegistered() {
  53                 return !isAnonymous();
  54         }
  55
  56         public static boolean isAnonymous(Subject subject) {
  57                 if (subject == null)
  58                         return true;
  59                 String username = getUsername(subject);
  60                 return username == null
  61                                 || username.equalsIgnoreCase(NodeConstants.ROLE_ANONYMOUS);
  62         }
  63
  64         /**
  65          * The node authenticated component (typically a CMS view) related to this
  66          * display, or null if none is available from this call.
  67          */
  68         public static NodeAuthenticated getNodeAuthenticated() {
  69                 return UiContext.getData(NodeAuthenticated.KEY);
  70         }
  71
  72         public final static String getUsername(Subject subject) {
  73                 if (subject == null)
  74                         throw new CmsException("Subject cannot be null");
  75                 if (subject.getPrincipals(X500Principal.class).size() != 1)
  76                         return NodeConstants.ROLE_ANONYMOUS;
  77                 Principal principal = subject.getPrincipals(X500Principal.class)
  78                                 .iterator().next();
  79                 return principal.getName();
  80         }
  81
  82         public final static String getDisplayName(Subject subject) {
  83                 return getAuthorization(subject).toString();
  84         }
  85
  86         private static Authorization getAuthorization(Subject subject) {
  87                 return subject.getPrivateCredentials(Authorization.class).iterator()
  88                                 .next();
  89         }
  90
  91         public final static Set<String> roles() {
  92                 return roles(currentSubject());
  93         }
  94
  95         private static Subject currentSubject() {
  96                 NodeAuthenticated cmsView = getNodeAuthenticated();
  97                 if (cmsView != null)
  98                         return cmsView.getLoginContext().getSubject();
  99                 Subject subject = Subject.getSubject(AccessController.getContext());
 100                 if (subject != null)
 101                         return subject;
 102                 throw new CmsException("Cannot find related subject");
 103         }
 104
 105         /** Returns true if the current user is in the specified role */
 106         public static boolean isInRole(String role) {
 107                 Set<String> roles = roles();
 108                 return roles.contains(role);
 109         }
 110
 111         public final static Set<String> roles(Subject subject) {
 112                 Set<String> roles = new HashSet<String>();
 113                 roles.add(getUsername(subject));
 114                 for (Principal group : subject.getPrincipals(Group.class)) {
 115                         roles.add(group.getName());
 116                 }
 117                 return roles;
 118         }
 119
 120         private CurrentUser() {
 121         }
 122 }