X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FCurrentUser.java;h=f2b4f0a58250ae584a0f9ee217df26bcc2ed1f81;hb=e023e9027edc0d734d11cb759259eaebb6d68bc9;hp=faf5555d0a61ef31ee06c7a79412e516ad7d67dd;hpb=e168383bac50637131fef8c41e119db7eb2284a7;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java b/org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java index faf5555d0..f2b4f0a58 100644 --- a/org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java +++ b/org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java @@ -1,6 +1,5 @@ package org.argeo.cms.auth; -import java.security.AccessController; import java.security.Principal; import java.security.PrivilegedAction; import java.security.PrivilegedActionException; @@ -10,18 +9,18 @@ import java.util.Iterator; import java.util.Locale; import java.util.Set; import java.util.UUID; -import java.util.concurrent.Callable; -import java.util.concurrent.CompletionException; import javax.security.auth.Subject; import javax.security.auth.x500.X500Principal; +import org.argeo.api.acr.NamespaceUtils; import org.argeo.api.cms.CmsConstants; import org.argeo.api.cms.CmsSession; import org.argeo.api.cms.CmsSessionId; import org.argeo.cms.internal.auth.CmsSessionImpl; import org.argeo.cms.internal.auth.ImpliedByPrincipal; import org.argeo.cms.internal.runtime.CmsContextImpl; +import org.argeo.cms.util.CurrentSubject; import org.osgi.service.useradmin.Authorization; /** @@ -71,6 +70,16 @@ public final class CurrentUser { return roles.contains(role); } + /** Implies this {@link SystemRole} in this context. */ + public final static boolean implies(SystemRole role, String context) { + return role.implied(currentSubject(), context); + } + + /** Implies this role name, also independently of the context. */ + public final static boolean implies(String role, String context) { + return SystemRole.implied(NamespaceUtils.parsePrefixedName(role), currentSubject(), context); + } + /** Executes as the current user */ public final static T doAs(PrivilegedAction action) { return Subject.doAs(currentSubject(), action); @@ -135,18 +144,18 @@ public final class CurrentUser { return CmsContextImpl.getCmsContext().getCmsSessionByUuid(cmsSessionId.getUuid()); } + public static boolean isAvailable() { + return CurrentSubject.current() != null; + } + /* * HELPERS */ private static Subject currentSubject() { - Subject subject = getAccessControllerSubject(); - if (subject != null) - return subject; - throw new IllegalStateException("Cannot find related subject"); - } - - private static Subject getAccessControllerSubject() { - return Subject.getSubject(AccessController.getContext()); + Subject subject = CurrentSubject.current(); + if (subject == null) + throw new IllegalStateException("Cannot find related subject"); + return subject; } private static Authorization getAuthorization(Subject subject) { @@ -170,29 +179,7 @@ public final class CurrentUser { return true; } - /* - * PREPARE EVOLUTION OF JAVA APIs INTRODUCED IN JDK 18 The following static - * methods will be added to Subject - */ - public Subject current() { - return currentSubject(); - } - - public static T callAs(Subject subject, Callable action) { - try { - return Subject.doAs(subject, new PrivilegedExceptionAction() { - - @Override - public T run() throws Exception { - return action.call(); - } - - }); - } catch (PrivilegedActionException e) { - throw new CompletionException("Failed to execute action for " + subject, e.getCause()); - } - } - + /** singleton */ private CurrentUser() { } }