-/*
- * Copyright (C) 2007-2012 Argeo GmbH
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
package org.argeo.cms.auth;
-import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.HashSet;
+import java.util.Iterator;
import java.util.Locale;
import java.util.Set;
import java.util.UUID;
import javax.security.auth.Subject;
import javax.security.auth.x500.X500Principal;
-import org.argeo.api.NodeConstants;
-import org.argeo.cms.CmsException;
+import org.argeo.api.cms.CmsConstants;
+import org.argeo.api.cms.CmsSession;
+import org.argeo.api.cms.CmsSessionId;
import org.argeo.cms.internal.auth.CmsSessionImpl;
import org.argeo.cms.internal.auth.ImpliedByPrincipal;
-import org.argeo.cms.internal.kernel.Activator;
+import org.argeo.cms.internal.runtime.CmsContextImpl;
+import org.argeo.util.CurrentSubject;
import org.osgi.service.useradmin.Authorization;
/**
* context.
*/
public final class CurrentUser {
- // private final static Log log = LogFactory.getLog(CurrentUser.class);
- // private final static BundleContext bc =
- // FrameworkUtil.getBundle(CurrentUser.class).getBundleContext();
/*
* CURRENT USER API
*/
return roles.contains(role);
}
+ /** Implies this {@link SystemRole} in this context. */
+ public final static boolean implies(SystemRole role, String context) {
+ return role.implied(currentSubject(), context);
+ }
+
/** Executes as the current user */
public final static <T> T doAs(PrivilegedAction<T> action) {
return Subject.doAs(currentSubject(), action);
public final static String getUsername(Subject subject) {
if (subject == null)
- throw new CmsException("Subject cannot be null");
+ throw new IllegalArgumentException("Subject cannot be null");
if (subject.getPrincipals(X500Principal.class).size() != 1)
- return NodeConstants.ROLE_ANONYMOUS;
+ return CmsConstants.ROLE_ANONYMOUS;
Principal principal = subject.getPrincipals(X500Principal.class).iterator().next();
return principal.getName();
}
public final static Locale locale(Subject subject) {
Set<Locale> locales = subject.getPublicCredentials(Locale.class);
if (locales.isEmpty()) {
- Locale defaultLocale = Activator.getNodeState().getDefaultLocale();
+ Locale defaultLocale = CmsContextImpl.getCmsContext().getDefaultLocale();
return defaultLocale;
} else
return locales.iterator().next();
if (subject == null)
return true;
String username = getUsername(subject);
- return username == null || username.equalsIgnoreCase(NodeConstants.ROLE_ANONYMOUS);
+ return username == null || username.equalsIgnoreCase(CmsConstants.ROLE_ANONYMOUS);
}
- public CmsSession getCmsSession() {
+ public static CmsSession getCmsSession() {
Subject subject = currentSubject();
- CmsSessionId cmsSessionId = subject.getPrivateCredentials(CmsSessionId.class).iterator().next();
- return CmsSessionImpl.getByUuid(cmsSessionId.getUuid());
+ Iterator<CmsSessionId> it = subject.getPrivateCredentials(CmsSessionId.class).iterator();
+ if (!it.hasNext())
+ throw new IllegalStateException("No CMS session id available for " + subject);
+ CmsSessionId cmsSessionId = it.next();
+ if (it.hasNext())
+ throw new IllegalStateException("More than one CMS session id available for " + subject);
+ return CmsContextImpl.getCmsContext().getCmsSessionByUuid(cmsSessionId.getUuid());
}
/*
* HELPERS
*/
private static Subject currentSubject() {
- // CmsAuthenticated cmsView = getNodeAuthenticated();
- // if (cmsView != null)
- // return cmsView.getSubject();
- Subject subject = getAccessControllerSubject();
- if (subject != null)
- return subject;
- throw new CmsException("Cannot find related subject");
- }
-
- private static Subject getAccessControllerSubject() {
- return Subject.getSubject(AccessController.getContext());
+ return CurrentSubject.current();
}
- // public static boolean isAuthenticated() {
- // return getAccessControllerSubject() != null;
- // }
-
- /**
- * The node authenticated component (typically a CMS view) related to this
- * display, or null if none is available from this call. <b>Not API: Only for
- * low-level access.</b>
- */
- // private static CmsAuthenticated getNodeAuthenticated() {
- // return UiContext.getData(CmsAuthenticated.KEY);
- // }
-
private static Authorization getAuthorization(Subject subject) {
return subject.getPrivateCredentials(Authorization.class).iterator().next();
}
nodeSessionId = subject.getPrivateCredentials(CmsSessionId.class).iterator().next().getUuid();
else
return false;
- CmsSessionImpl cmsSession = CmsSessionImpl.getByUuid(nodeSessionId.toString());
- cmsSession.close();
+ CmsSessionImpl cmsSession = CmsContextImpl.getCmsContext().getCmsSessionByUuid(nodeSessionId);
+
+ // FIXME logout all views
+ // TODO check why it is sometimes null
+ if (cmsSession != null)
+ cmsSession.close();
// if (log.isDebugEnabled())
// log.debug("Logged out CMS session " + cmsSession.getUuid());
return true;
}
+ /** singleton */
private CurrentUser() {
}
}