X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fauth%2FCmsSessionImpl.java;h=3a23870bd0703a37608311c694d70a80ee82f672;hb=b95462873703848193e56fcbe997693630db6121;hp=aa3a6ad17dd3e61fa4bd4dc751c6533a2a1f8b4a;hpb=fba42be03bc7ec07d464f8942f7dfa2e5f0d6f17;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/internal/auth/CmsSessionImpl.java b/org.argeo.cms/src/org/argeo/cms/internal/auth/CmsSessionImpl.java index aa3a6ad17..3a23870bd 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/auth/CmsSessionImpl.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/auth/CmsSessionImpl.java @@ -1,102 +1,74 @@ package org.argeo.cms.internal.auth; import java.io.Serializable; -import java.security.AccessControlContext; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.time.ZonedDateTime; import java.util.ArrayList; -import java.util.Collection; import java.util.Collections; import java.util.HashMap; -import java.util.Hashtable; import java.util.List; import java.util.Locale; import java.util.Map; -import java.util.Set; +import java.util.Objects; import java.util.UUID; import java.util.function.Consumer; -import javax.crypto.SecretKey; -import javax.naming.InvalidNameException; -import javax.naming.ldap.LdapName; import javax.security.auth.Subject; import javax.security.auth.login.LoginContext; import javax.security.auth.login.LoginException; import javax.security.auth.x500.X500Principal; import org.argeo.api.cms.CmsAuth; +import org.argeo.api.cms.CmsConstants; import org.argeo.api.cms.CmsLog; import org.argeo.api.cms.CmsSession; -import org.argeo.cms.security.NodeSecurityUtils; -import org.osgi.framework.BundleContext; -import org.osgi.framework.FrameworkUtil; -import org.osgi.framework.InvalidSyntaxException; -import org.osgi.framework.ServiceReference; -import org.osgi.framework.ServiceRegistration; +import org.argeo.api.uuid.UuidIdentified; +import org.argeo.cms.internal.runtime.CmsContextImpl; import org.osgi.service.useradmin.Authorization; /** Default CMS session implementation. */ -public class CmsSessionImpl implements CmsSession, Serializable { +public class CmsSessionImpl implements CmsSession, Serializable, UuidIdentified { private static final long serialVersionUID = 1867719354246307225L; - private final static BundleContext bc = FrameworkUtil.getBundle(CmsSessionImpl.class).getBundleContext(); private final static CmsLog log = CmsLog.getLog(CmsSessionImpl.class); - // private final Subject initialSubject; - private transient AccessControlContext accessControlContext; + private transient Subject subject; private final UUID uuid; private final String localSessionId; private Authorization authorization; - private final LdapName userDn; +// private final LdapName userDn; + private final String userDn; private final boolean anonymous; private final ZonedDateTime creationTime; private ZonedDateTime end; private final Locale locale; - private ServiceRegistration serviceRegistration; - private Map views = new HashMap<>(); private List> onCloseCallbacks = Collections.synchronizedList(new ArrayList<>()); - public CmsSessionImpl(Subject initialSubject, Authorization authorization, Locale locale, String localSessionId) { + public CmsSessionImpl(UUID uuid, Subject initialSubject, Authorization authorization, Locale locale, + String localSessionId) { + Objects.requireNonNull(uuid); + this.creationTime = ZonedDateTime.now(); this.locale = locale; - this.accessControlContext = Subject.doAs(initialSubject, new PrivilegedAction() { - - @Override - public AccessControlContext run() { - return AccessController.getContext(); - } - - }); - // this.initialSubject = initialSubject; + this.subject = initialSubject; this.localSessionId = localSessionId; this.authorization = authorization; - if (authorization.getName() != null) - try { - this.userDn = new LdapName(authorization.getName()); - this.anonymous = false; - } catch (InvalidNameException e) { - throw new IllegalArgumentException("Invalid user name " + authorization.getName(), e); - } - else { - this.userDn = NodeSecurityUtils.ROLE_ANONYMOUS_NAME; + if (authorization.getName() != null) { + this.userDn = authorization.getName(); + this.anonymous = false; + } else { + this.userDn = CmsConstants.ROLE_ANONYMOUS; this.anonymous = true; } - this.uuid = UUID.randomUUID(); - // register as service - Hashtable props = new Hashtable<>(); - props.put(CmsSession.USER_DN, userDn.toString()); - props.put(CmsSession.SESSION_UUID, uuid.toString()); - props.put(CmsSession.SESSION_LOCAL_ID, localSessionId); - serviceRegistration = bc.registerService(CmsSession.class, this, props); + this.uuid = uuid; } public void close() { end = ZonedDateTime.now(); - serviceRegistration.unregister(); + CmsContextImpl.getCmsContext().unregisterCmsSession(this); +// serviceRegistration.unregister(); for (Consumer onClose : onCloseCallbacks) { onClose.accept(this); @@ -105,15 +77,15 @@ public class CmsSessionImpl implements CmsSession, Serializable { try { LoginContext lc; if (isAnonymous()) { - lc = new LoginContext(CmsAuth.LOGIN_CONTEXT_ANONYMOUS, getSubject()); + lc = CmsAuth.ANONYMOUS.newLoginContext(getSubject()); } else { - lc = new LoginContext(CmsAuth.LOGIN_CONTEXT_USER, getSubject()); + lc = CmsAuth.USER.newLoginContext(getSubject()); } lc.logout(); } catch (LoginException e) { log.warn("Could not logout " + getSubject() + ": " + e); } finally { - accessControlContext = null; + subject = null; } log.debug("Closed " + this); } @@ -124,13 +96,13 @@ public class CmsSessionImpl implements CmsSession, Serializable { } public Subject getSubject() { - return Subject.getSubject(accessControlContext); + return subject; } - public Set getSecretKeys() { - checkValid(); - return getSubject().getPrivateCredentials(SecretKey.class); - } +// public Set getSecretKeys() { +// checkValid(); +// return getSubject().getPrivateCredentials(SecretKey.class); +// } @Override public boolean isValid() { @@ -157,12 +129,12 @@ public class CmsSessionImpl implements CmsSession, Serializable { } @Override - public UUID getUuid() { + public UUID uuid() { return uuid; } @Override - public LdapName getUserDn() { + public String getUserDn() { return userDn; } @@ -204,60 +176,22 @@ public class CmsSessionImpl implements CmsSession, Serializable { views.put(uid, view); } - public String toString() { - return "CMS Session " + userDn + " local=" + localSessionId + ", uuid=" + uuid; - } - - public static CmsSessionImpl getByLocalId(String localId) { - Collection> sr; - try { - sr = bc.getServiceReferences(CmsSession.class, "(" + CmsSession.SESSION_LOCAL_ID + "=" + localId + ")"); - } catch (InvalidSyntaxException e) { - throw new IllegalArgumentException("Cannot get CMS session for id " + localId, e); - } - ServiceReference cmsSessionRef; - if (sr.size() == 1) { - cmsSessionRef = sr.iterator().next(); - return (CmsSessionImpl) bc.getService(cmsSessionRef); - } else if (sr.size() == 0) { - return null; - } else - throw new IllegalStateException(sr.size() + " CMS sessions registered for " + localId); + /* + * OBJECT METHODS + */ + @Override + public boolean equals(Object o) { + return UuidIdentified.equals(this, o); } - public static CmsSessionImpl getByUuid(Object uuid) { - Collection> sr; - try { - sr = bc.getServiceReferences(CmsSession.class, "(" + CmsSession.SESSION_UUID + "=" + uuid + ")"); - } catch (InvalidSyntaxException e) { - throw new IllegalArgumentException("Cannot get CMS session for uuid " + uuid, e); - } - ServiceReference cmsSessionRef; - if (sr.size() == 1) { - cmsSessionRef = sr.iterator().next(); - return (CmsSessionImpl) bc.getService(cmsSessionRef); - } else if (sr.size() == 0) { - return null; - } else - throw new IllegalStateException(sr.size() + " CMS sessions registered for " + uuid); - + @Override + public int hashCode() { + return UuidIdentified.hashCode(this); } - public static void closeInvalidSessions() { - Collection> srs; - try { - srs = bc.getServiceReferences(CmsSession.class, null); - for (ServiceReference sr : srs) { - CmsSession cmsSession = bc.getService(sr); - if (!cmsSession.isValid()) { - ((CmsSessionImpl) cmsSession).close(); - if (log.isDebugEnabled()) - log.debug("Closed expired CMS session " + cmsSession); - } - } - } catch (InvalidSyntaxException e) { - throw new IllegalArgumentException("Cannot get CMS sessions", e); - } + @Override + public String toString() { + return "CMS Session " + userDn + " localId=" + localSessionId + ", uuid=" + uuid; } }