org.argeo.cms/src/org/argeo/cms/auth/RemoteAuthUtils.java

   1 package org.argeo.cms.auth;
   2
   3 import java.security.AccessControlContext;
   4 import java.security.AccessController;
   5 import java.security.PrivilegedAction;
   6 import java.util.function.Supplier;
   7
   8 import javax.security.auth.Subject;
   9
  10 import org.argeo.api.cms.CmsSession;
  11 import org.argeo.cms.osgi.CmsOsgiUtils;
  12 import org.osgi.framework.BundleContext;
  13 import org.osgi.framework.FrameworkUtil;
  14
  15 /** Remote authentication utilities. */
  16 public class RemoteAuthUtils {
  17         static final String REMOTE_USER = "org.osgi.service.http.authentication.remote.user";
  18         private static BundleContext bundleContext = FrameworkUtil.getBundle(RemoteAuthUtils.class).getBundleContext();
  19
  20         /**
  21          * Execute this supplier, using the CMS class loader as context classloader.
  22          * Useful to log in to JCR.
  23          */
  24         public final static <T> T doAs(Supplier<T> supplier, RemoteAuthRequest req) {
  25                 ClassLoader currentContextCl = Thread.currentThread().getContextClassLoader();
  26                 Thread.currentThread().setContextClassLoader(RemoteAuthUtils.class.getClassLoader());
  27                 try {
  28                         return Subject.doAs(
  29                                         Subject.getSubject((AccessControlContext) req.getAttribute(AccessControlContext.class.getName())),
  30                                         new PrivilegedAction<T>() {
  31
  32                                                 @Override
  33                                                 public T run() {
  34                                                         return supplier.get();
  35                                                 }
  36
  37                                         });
  38                 } finally {
  39                         Thread.currentThread().setContextClassLoader(currentContextCl);
  40                 }
  41         }
  42
  43         public final static void configureRequestSecurity(RemoteAuthRequest req) {
  44                 if (req.getAttribute(AccessControlContext.class.getName()) != null)
  45                         throw new IllegalStateException("Request already authenticated.");
  46                 AccessControlContext acc = AccessController.getContext();
  47                 req.setAttribute(REMOTE_USER, CurrentUser.getUsername());
  48                 req.setAttribute(AccessControlContext.class.getName(), acc);
  49         }
  50
  51         public final static void clearRequestSecurity(RemoteAuthRequest req) {
  52                 if (req.getAttribute(AccessControlContext.class.getName()) == null)
  53                         throw new IllegalStateException("Cannot clear non-authenticated request.");
  54                 req.setAttribute(REMOTE_USER, null);
  55                 req.setAttribute(AccessControlContext.class.getName(), null);
  56         }
  57
  58         public static CmsSession getCmsSession(RemoteAuthRequest req) {
  59                 Subject subject = Subject
  60                                 .getSubject((AccessControlContext) req.getAttribute(AccessControlContext.class.getName()));
  61                 CmsSession cmsSession = CmsOsgiUtils.getCmsSession(bundleContext, subject);
  62                 return cmsSession;
  63         }
  64 }