1 package org
.argeo
.cms
.servlet
;
3 import java
.security
.AccessControlContext
;
4 import java
.security
.AccessController
;
5 import java
.security
.PrivilegedAction
;
6 import java
.util
.function
.Supplier
;
8 import javax
.security
.auth
.Subject
;
10 import org
.argeo
.api
.cms
.CmsSession
;
11 import org
.argeo
.cms
.auth
.CurrentUser
;
12 import org
.argeo
.cms
.auth
.HttpRequest
;
13 import org
.argeo
.cms
.osgi
.CmsOsgiUtils
;
14 import org
.osgi
.framework
.BundleContext
;
15 import org
.osgi
.framework
.FrameworkUtil
;
17 /** Authentications utilities when using servlets. */
18 public class ServletAuthUtils
{
19 static final String REMOTE_USER
= "org.osgi.service.http.authentication.remote.user";
20 private static BundleContext bundleContext
= FrameworkUtil
.getBundle(ServletAuthUtils
.class).getBundleContext();
23 * Execute this supplier, using the CMS class loader as context classloader.
24 * Useful to log in to JCR.
26 public final static <T
> T
doAs(Supplier
<T
> supplier
, HttpRequest req
) {
27 ClassLoader currentContextCl
= Thread
.currentThread().getContextClassLoader();
28 Thread
.currentThread().setContextClassLoader(ServletAuthUtils
.class.getClassLoader());
31 Subject
.getSubject((AccessControlContext
) req
.getAttribute(AccessControlContext
.class.getName())),
32 new PrivilegedAction
<T
>() {
36 return supplier
.get();
41 Thread
.currentThread().setContextClassLoader(currentContextCl
);
45 public final static void configureRequestSecurity(HttpRequest req
) {
46 if (req
.getAttribute(AccessControlContext
.class.getName()) != null)
47 throw new IllegalStateException("Request already authenticated.");
48 AccessControlContext acc
= AccessController
.getContext();
49 req
.setAttribute(REMOTE_USER
, CurrentUser
.getUsername());
50 req
.setAttribute(AccessControlContext
.class.getName(), acc
);
53 public final static void clearRequestSecurity(HttpRequest req
) {
54 if (req
.getAttribute(AccessControlContext
.class.getName()) == null)
55 throw new IllegalStateException("Cannot clear non-authenticated request.");
56 req
.setAttribute(REMOTE_USER
, null);
57 req
.setAttribute(AccessControlContext
.class.getName(), null);
60 public static CmsSession
getCmsSession(HttpRequest req
) {
61 Subject subject
= Subject
62 .getSubject((AccessControlContext
) req
.getAttribute(AccessControlContext
.class.getName()));
63 CmsSession cmsSession
= CmsOsgiUtils
.getCmsSession(bundleContext
, subject
);