Make username and user role more consistent.

author Mathieu Baudier <mbaudier@argeo.org>

Mon, 30 Nov 2020 12:04:57 +0000 (13:04 +0100)

committer Mathieu Baudier <mbaudier@argeo.org>

Mon, 30 Nov 2020 12:04:57 +0000 (13:04 +0100)
author Mathieu Baudier <mbaudier@argeo.org>
Mon, 30 Nov 2020 12:04:57 +0000 (13:04 +0100)
committer Mathieu Baudier <mbaudier@argeo.org>
Mon, 30 Nov 2020 12:04:57 +0000 (13:04 +0100)
diff --git a/org.argeo.cms/src/org/argeo/cms/auth/CmsSession.java b/org.argeo.cms/src/org/argeo/cms/auth/CmsSession.java

index 8b389087888ac76851425b0bad9f3e2d953c8d40..a0ea6a63fd552b452f2e5e45f7765c24f72fa2a8 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/auth/CmsSession.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/CmsSession.java
@@ -22,6 +22,8 @@ public interface CmsSession {
  
         UUID getUuid();
  
+       String getUserRole();
+       
         LdapName getUserDn();
  
         String getLocalId();
diff --git a/org.argeo.cms/src/org/argeo/cms/internal/auth/CmsSessionImpl.java b/org.argeo.cms/src/org/argeo/cms/internal/auth/CmsSessionImpl.java

index 211f21c94ead35175e5e730dee0348765f93c3da..9ae0fd8d8b5634091d221633085bd93618df2090 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/internal/auth/CmsSessionImpl.java
+++ b/org.argeo.cms/src/org/argeo/cms/internal/auth/CmsSessionImpl.java
@@ -24,6 +24,7 @@ import javax.naming.ldap.LdapName;
  import javax.security.auth.Subject;
  import javax.security.auth.login.LoginContext;
  import javax.security.auth.login.LoginException;
+import javax.security.auth.x500.X500Principal;
  
  import org.apache.commons.logging.Log;
  import org.apache.commons.logging.LogFactory;
@@ -224,6 +225,11 @@ public class CmsSessionImpl implements CmsSession {
                 return userDn;
         }
  
+       @Override
+       public String getUserRole() {
+               return new X500Principal(authorization.getName()).getName();
+       }
+
         @Override
         public String getLocalId() {
                 return localSessionId;
diff --git a/org.argeo.cms/src/org/argeo/cms/servlet/ServletAuthUtils.java b/org.argeo.cms/src/org/argeo/cms/servlet/ServletAuthUtils.java

index 13dfbe638782c3a4243f03d96d0af311e6b471d0..333fa1aa027f481090b4370e1d61ba8be16dcdf4 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/servlet/ServletAuthUtils.java
+++ b/org.argeo.cms/src/org/argeo/cms/servlet/ServletAuthUtils.java
@@ -8,11 +8,16 @@ import java.util.function.Supplier;
  import javax.security.auth.Subject;
  import javax.servlet.http.HttpServletRequest;
  
+import org.argeo.cms.auth.CmsSession;
  import org.argeo.cms.auth.CurrentUser;
+import org.osgi.framework.BundleContext;
+import org.osgi.framework.FrameworkUtil;
  import org.osgi.service.http.HttpContext;
  
  /** Authentications utilities when using servlets. */
  public class ServletAuthUtils {
+       private static BundleContext bundleContext = FrameworkUtil.getBundle(ServletAuthUtils.class).getBundleContext();
+
         /**
          * Execute this supplier, using the CMS class loader as context classloader.
          * Useful to log in to JCR.
@@ -50,4 +55,11 @@ public class ServletAuthUtils {
                 req.setAttribute(HttpContext.REMOTE_USER, null);
                 req.setAttribute(AccessControlContext.class.getName(), null);
         }
+
+       public static CmsSession getCmsSession(HttpServletRequest req) {
+               Subject subject = Subject
+                               .getSubject((AccessControlContext) req.getAttribute(AccessControlContext.class.getName()));
+               CmsSession cmsSession = CmsSession.getCmsSession(bundleContext, subject);
+               return cmsSession;
+       }
  }
diff --git a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AggregatingAuthorization.java b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AggregatingAuthorization.java

index ba9953416c9d5c05c80776e068b8ccf07759f007..05ba94889d403e5d681a3744db1d6d5fde14cf9e 100644 (file)
--- a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AggregatingAuthorization.java
+++ b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AggregatingAuthorization.java
@@ -6,6 +6,8 @@ import java.util.HashSet;
  import java.util.List;
  import java.util.Set;
  
+import javax.security.auth.x500.X500Principal;
+
  import org.osgi.service.useradmin.Authorization;
  
  /** An {@link Authorization} which combines roles form various auth sources. */
@@ -16,7 +18,7 @@ class AggregatingAuthorization implements Authorization {
         private final Set<String> roles;
  
         public AggregatingAuthorization(String name, String displayName, Set<String> systemRoles, String[] roles) {
-               this.name = name;
+               this.name = new X500Principal(name).getName();
                 this.displayName = displayName;
                 this.systemRoles = Collections.unmodifiableSet(new HashSet<>(systemRoles));
                 Set<String> temp = new HashSet<>();
author	Mathieu Baudier <mbaudier@argeo.org>
	Mon, 30 Nov 2020 12:04:57 +0000 (13:04 +0100)
committer	Mathieu Baudier <mbaudier@argeo.org>
	Mon, 30 Nov 2020 12:04:57 +0000 (13:04 +0100)
org.argeo.cms/src/org/argeo/cms/auth/CmsSession.java		patch \| blob \| history
org.argeo.cms/src/org/argeo/cms/internal/auth/CmsSessionImpl.java		patch \| blob \| history
org.argeo.cms/src/org/argeo/cms/servlet/ServletAuthUtils.java		patch \| blob \| history
org.argeo.enterprise/src/org/argeo/osgi/useradmin/AggregatingAuthorization.java		patch \| blob \| history