package org.argeo.cms.auth;
-import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.HashSet;
+import java.util.Iterator;
import java.util.Locale;
import java.util.Set;
import java.util.UUID;
-import java.util.concurrent.Callable;
-import java.util.concurrent.CompletionException;
import javax.security.auth.Subject;
import javax.security.auth.x500.X500Principal;
+import org.argeo.api.acr.NamespaceUtils;
import org.argeo.api.cms.CmsConstants;
import org.argeo.api.cms.CmsSession;
import org.argeo.api.cms.CmsSessionId;
import org.argeo.cms.internal.auth.CmsSessionImpl;
import org.argeo.cms.internal.auth.ImpliedByPrincipal;
import org.argeo.cms.internal.runtime.CmsContextImpl;
+import org.argeo.cms.util.CurrentSubject;
import org.osgi.service.useradmin.Authorization;
/**
return roles.contains(role);
}
+ /** Implies this {@link SystemRole} in this context. */
+ public final static boolean implies(SystemRole role, String context) {
+ return role.implied(currentSubject(), context);
+ }
+
+ /** Implies this {@link SystemRole} in this context. */
+ public final static boolean implies(String role, String context) {
+ return SystemRole.implied(NamespaceUtils.parsePrefixedName(role), currentSubject(), context);
+ }
+
/** Executes as the current user */
public final static <T> T doAs(PrivilegedAction<T> action) {
return Subject.doAs(currentSubject(), action);
public static CmsSession getCmsSession() {
Subject subject = currentSubject();
- CmsSessionId cmsSessionId = subject.getPrivateCredentials(CmsSessionId.class).iterator().next();
+ Iterator<CmsSessionId> it = subject.getPrivateCredentials(CmsSessionId.class).iterator();
+ if (!it.hasNext())
+ throw new IllegalStateException("No CMS session id available for " + subject);
+ CmsSessionId cmsSessionId = it.next();
+ if (it.hasNext())
+ throw new IllegalStateException("More than one CMS session id available for " + subject);
return CmsContextImpl.getCmsContext().getCmsSessionByUuid(cmsSessionId.getUuid());
}
+ public static boolean isAvailable() {
+ return CurrentSubject.current() != null;
+ }
+
/*
* HELPERS
*/
private static Subject currentSubject() {
- Subject subject = getAccessControllerSubject();
- if (subject != null)
- return subject;
- throw new IllegalStateException("Cannot find related subject");
- }
-
- private static Subject getAccessControllerSubject() {
- return Subject.getSubject(AccessController.getContext());
+ Subject subject = CurrentSubject.current();
+ if (subject == null)
+ throw new IllegalStateException("Cannot find related subject");
+ return subject;
}
private static Authorization getAuthorization(Subject subject) {
return true;
}
- /*
- * PREPARE EVOLUTION OF JAVA APIs INTRODUCED IN JDK 18
- * The following static methods will be added to Subject
- */
- public Subject current() {
- return currentSubject();
- }
-
- public static <T> T callAs(Subject subject, Callable<T> action) {
- try {
- return Subject.doAs(subject, new PrivilegedExceptionAction<T>() {
-
- @Override
- public T run() throws Exception {
- return action.call();
- }
-
- });
- } catch (PrivilegedActionException e) {
- throw new CompletionException("Failed to execute action for " + subject, e.getCause());
- }
- }
-
+ /** singleton */
private CurrentUser() {
}
}
projects / lgpl / argeo-commons.git / blobdiff