X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FCurrentUser.java;h=41a6a880d438297a0a3260d0d26a0da045240dd8;hb=e018ad9078249a806f2e2ef86a6adcbd8cca3188;hp=450abd3cf6fd1ab736185593a413a90e5cd301ce;hpb=d66d81530f1da58e2e2c5d25e0a5dc30ad32b848;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java b/org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java index 450abd3cf..41a6a880d 100644 --- a/org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java +++ b/org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java @@ -1,38 +1,27 @@ -/* - * Copyright (C) 2007-2012 Argeo GmbH - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ package org.argeo.cms.auth; -import java.security.AccessController; import java.security.Principal; import java.security.PrivilegedAction; import java.security.PrivilegedActionException; import java.security.PrivilegedExceptionAction; -import java.security.acl.Group; import java.util.HashSet; +import java.util.Iterator; +import java.util.Locale; import java.util.Set; import java.util.UUID; import javax.security.auth.Subject; import javax.security.auth.x500.X500Principal; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.argeo.cms.CmsException; +import org.argeo.api.acr.NamespaceUtils; +import org.argeo.api.cms.CmsConstants; +import org.argeo.api.cms.CmsSession; +import org.argeo.api.cms.CmsSessionId; +import org.argeo.cms.SystemRole; import org.argeo.cms.internal.auth.CmsSessionImpl; -import org.argeo.node.NodeConstants; +import org.argeo.cms.internal.auth.ImpliedByPrincipal; +import org.argeo.cms.internal.runtime.CmsContextImpl; +import org.argeo.cms.util.CurrentSubject; import org.osgi.service.useradmin.Authorization; /** @@ -40,9 +29,6 @@ import org.osgi.service.useradmin.Authorization; * context. */ public final class CurrentUser { - private final static Log log = LogFactory.getLog(CurrentUser.class); - // private final static BundleContext bc = - // FrameworkUtil.getBundle(CurrentUser.class).getBundleContext(); /* * CURRENT USER API */ @@ -50,16 +36,15 @@ public final class CurrentUser { /** * Technical username of the currently authenticated user. * - * @return the authenticated username or null if not authenticated / - * anonymous + * @return the authenticated username or null if not authenticated / anonymous */ public static String getUsername() { return getUsername(currentSubject()); } /** - * Human readable name of the currently authenticated user (typically first - * name and last name). + * Human readable name of the currently authenticated user (typically first name + * and last name). */ public static String getDisplayName() { return getDisplayName(currentSubject()); @@ -70,6 +55,11 @@ public final class CurrentUser { return isAnonymous(currentSubject()); } + /** Locale of the current user */ + public final static Locale locale() { + return locale(currentSubject()); + } + /** Roles of the currently logged-in user */ public final static Set roles() { return roles(currentSubject()); @@ -81,6 +71,16 @@ public final class CurrentUser { return roles.contains(role); } + /** Implies this {@link SystemRole} in this context. */ + public final static boolean implies(SystemRole role, String context) { + return role.implied(currentSubject(), context); + } + + /** Implies this role name, also independently of the context. */ + public final static boolean implies(String role, String context) { + return SystemRole.implied(NamespaceUtils.parsePrefixedName(role), currentSubject(), context); + } + /** Executes as the current user */ public final static T doAs(PrivilegedAction action) { return Subject.doAs(currentSubject(), action); @@ -97,9 +97,9 @@ public final class CurrentUser { public final static String getUsername(Subject subject) { if (subject == null) - throw new CmsException("Subject cannot be null"); + throw new IllegalArgumentException("Subject cannot be null"); if (subject.getPrincipals(X500Principal.class).size() != 1) - return NodeConstants.ROLE_ANONYMOUS; + return CmsConstants.ROLE_ANONYMOUS; Principal principal = subject.getPrincipals(X500Principal.class).iterator().next(); return principal.getName(); } @@ -111,56 +111,54 @@ public final class CurrentUser { public final static Set roles(Subject subject) { Set roles = new HashSet(); roles.add(getUsername(subject)); - for (Principal group : subject.getPrincipals(Group.class)) { + for (Principal group : subject.getPrincipals(ImpliedByPrincipal.class)) { roles.add(group.getName()); } return roles; } + public final static Locale locale(Subject subject) { + Set locales = subject.getPublicCredentials(Locale.class); + if (locales.isEmpty()) { + Locale defaultLocale = CmsContextImpl.getCmsContext().getDefaultLocale(); + return defaultLocale; + } else + return locales.iterator().next(); + } + /** Whether this user is currently authenticated. */ public static boolean isAnonymous(Subject subject) { if (subject == null) return true; String username = getUsername(subject); - return username == null || username.equalsIgnoreCase(NodeConstants.ROLE_ANONYMOUS); + return username == null || username.equalsIgnoreCase(CmsConstants.ROLE_ANONYMOUS); } - public CmsSession getCmsSession() { + public static CmsSession getCmsSession() { Subject subject = currentSubject(); - CmsSessionId cmsSessionId = subject.getPrivateCredentials(CmsSessionId.class).iterator().next(); - return CmsSessionImpl.getByUuid(cmsSessionId.getUuid()); + Iterator it = subject.getPrivateCredentials(CmsSessionId.class).iterator(); + if (!it.hasNext()) + throw new IllegalStateException("No CMS session id available for " + subject); + CmsSessionId cmsSessionId = it.next(); + if (it.hasNext()) + throw new IllegalStateException("More than one CMS session id available for " + subject); + return CmsContextImpl.getCmsContext().getCmsSessionByUuid(cmsSessionId.getUuid()); + } + + public static boolean isAvailable() { + return CurrentSubject.current() != null; } /* * HELPERS */ private static Subject currentSubject() { - // CmsAuthenticated cmsView = getNodeAuthenticated(); - // if (cmsView != null) - // return cmsView.getSubject(); - Subject subject = getAccessControllerSubject(); - if (subject != null) - return subject; - throw new CmsException("Cannot find related subject"); - } - - private static Subject getAccessControllerSubject() { - return Subject.getSubject(AccessController.getContext()); + Subject subject = CurrentSubject.current(); + if (subject == null) + throw new IllegalStateException("Cannot find related subject"); + return subject; } - // public static boolean isAuthenticated() { - // return getAccessControllerSubject() != null; - // } - - /** - * The node authenticated component (typically a CMS view) related to this - * display, or null if none is available from this call. Not API: Only - * for low-level access. - */ - // private static CmsAuthenticated getNodeAuthenticated() { - // return UiContext.getData(CmsAuthenticated.KEY); - // } - private static Authorization getAuthorization(Subject subject) { return subject.getPrivateCredentials(Authorization.class).iterator().next(); } @@ -171,13 +169,18 @@ public final class CurrentUser { nodeSessionId = subject.getPrivateCredentials(CmsSessionId.class).iterator().next().getUuid(); else return false; - CmsSessionImpl cmsSession = CmsSessionImpl.getByUuid(nodeSessionId.toString()); - cmsSession.close(); - if (log.isDebugEnabled()) - log.debug("Logged out CMS session " + cmsSession.getUuid()); + CmsSessionImpl cmsSession = CmsContextImpl.getCmsContext().getCmsSessionByUuid(nodeSessionId); + + // FIXME logout all views + // TODO check why it is sometimes null + if (cmsSession != null) + cmsSession.close(); + // if (log.isDebugEnabled()) + // log.debug("Logged out CMS session " + cmsSession.getUuid()); return true; } + /** singleton */ private CurrentUser() { } }