1 package org
.argeo
.cms
.auth
;
3 import java
.security
.AccessControlContext
;
4 import java
.security
.AccessController
;
5 import java
.security
.PrivilegedAction
;
6 import java
.util
.function
.Supplier
;
8 import javax
.security
.auth
.Subject
;
10 import org
.argeo
.api
.cms
.CmsSession
;
11 import org
.argeo
.cms
.osgi
.CmsOsgiUtils
;
12 import org
.osgi
.framework
.BundleContext
;
13 import org
.osgi
.framework
.FrameworkUtil
;
15 /** Remote authentication utilities. */
16 public class RemoteAuthUtils
{
17 static final String REMOTE_USER
= "org.osgi.service.http.authentication.remote.user";
18 private static BundleContext bundleContext
= FrameworkUtil
.getBundle(RemoteAuthUtils
.class).getBundleContext();
21 * Execute this supplier, using the CMS class loader as context classloader.
22 * Useful to log in to JCR.
24 public final static <T
> T
doAs(Supplier
<T
> supplier
, RemoteAuthRequest req
) {
25 ClassLoader currentContextCl
= Thread
.currentThread().getContextClassLoader();
26 Thread
.currentThread().setContextClassLoader(RemoteAuthUtils
.class.getClassLoader());
29 Subject
.getSubject((AccessControlContext
) req
.getAttribute(AccessControlContext
.class.getName())),
30 new PrivilegedAction
<T
>() {
34 return supplier
.get();
39 Thread
.currentThread().setContextClassLoader(currentContextCl
);
43 public final static void configureRequestSecurity(RemoteAuthRequest req
) {
44 if (req
.getAttribute(AccessControlContext
.class.getName()) != null)
45 throw new IllegalStateException("Request already authenticated.");
46 AccessControlContext acc
= AccessController
.getContext();
47 req
.setAttribute(REMOTE_USER
, CurrentUser
.getUsername());
48 req
.setAttribute(AccessControlContext
.class.getName(), acc
);
51 public final static void clearRequestSecurity(RemoteAuthRequest req
) {
52 if (req
.getAttribute(AccessControlContext
.class.getName()) == null)
53 throw new IllegalStateException("Cannot clear non-authenticated request.");
54 req
.setAttribute(REMOTE_USER
, null);
55 req
.setAttribute(AccessControlContext
.class.getName(), null);
58 public static CmsSession
getCmsSession(RemoteAuthRequest req
) {
59 Subject subject
= Subject
60 .getSubject((AccessControlContext
) req
.getAttribute(AccessControlContext
.class.getName()));
61 CmsSession cmsSession
= CmsOsgiUtils
.getCmsSession(bundleContext
, subject
);