1 package org
.argeo
.cms
.auth
;
3 import java
.security
.AccessControlContext
;
4 import java
.security
.AccessController
;
5 import java
.security
.PrivilegedAction
;
6 import java
.util
.function
.Supplier
;
8 import javax
.security
.auth
.Subject
;
10 import org
.argeo
.api
.cms
.CmsSession
;
11 import org
.argeo
.cms
.internal
.runtime
.CmsContextImpl
;
13 /** Remote authentication utilities. */
14 public class RemoteAuthUtils
{
15 static final String REMOTE_USER
= "org.osgi.service.http.authentication.remote.user";
16 // private static BundleContext bundleContext = FrameworkUtil.getBundle(RemoteAuthUtils.class).getBundleContext();
19 * Execute this supplier, using the CMS class loader as context classloader.
20 * Useful to log in to JCR.
22 public final static <T
> T
doAs(Supplier
<T
> supplier
, RemoteAuthRequest req
) {
23 ClassLoader currentContextCl
= Thread
.currentThread().getContextClassLoader();
24 Thread
.currentThread().setContextClassLoader(RemoteAuthUtils
.class.getClassLoader());
27 Subject
.getSubject((AccessControlContext
) req
.getAttribute(AccessControlContext
.class.getName())),
28 new PrivilegedAction
<T
>() {
32 return supplier
.get();
37 Thread
.currentThread().setContextClassLoader(currentContextCl
);
41 public final static void configureRequestSecurity(RemoteAuthRequest req
) {
42 if (req
.getAttribute(AccessControlContext
.class.getName()) != null)
43 throw new IllegalStateException("Request already authenticated.");
44 AccessControlContext acc
= AccessController
.getContext();
45 req
.setAttribute(REMOTE_USER
, CurrentUser
.getUsername());
46 req
.setAttribute(AccessControlContext
.class.getName(), acc
);
49 public final static void clearRequestSecurity(RemoteAuthRequest req
) {
50 if (req
.getAttribute(AccessControlContext
.class.getName()) == null)
51 throw new IllegalStateException("Cannot clear non-authenticated request.");
52 req
.setAttribute(REMOTE_USER
, null);
53 req
.setAttribute(AccessControlContext
.class.getName(), null);
56 public static CmsSession
getCmsSession(RemoteAuthRequest req
) {
57 Subject subject
= Subject
58 .getSubject((AccessControlContext
) req
.getAttribute(AccessControlContext
.class.getName()));
59 CmsSession cmsSession
= CmsContextImpl
.getCmsContext().getCmsSession(subject
);