From c38430e4dc4d8104162d7306675bc2f087d45a54 Mon Sep 17 00:00:00 2001 From: Mathieu Baudier Date: Mon, 30 Nov 2020 13:04:57 +0100 Subject: [PATCH] Make username and user role more consistent. --- org.argeo.cms/src/org/argeo/cms/auth/CmsSession.java | 2 ++ .../org/argeo/cms/internal/auth/CmsSessionImpl.java | 6 ++++++ .../src/org/argeo/cms/servlet/ServletAuthUtils.java | 12 ++++++++++++ .../osgi/useradmin/AggregatingAuthorization.java | 4 +++- 4 files changed, 23 insertions(+), 1 deletion(-) diff --git a/org.argeo.cms/src/org/argeo/cms/auth/CmsSession.java b/org.argeo.cms/src/org/argeo/cms/auth/CmsSession.java index 8b3890878..a0ea6a63f 100644 --- a/org.argeo.cms/src/org/argeo/cms/auth/CmsSession.java +++ b/org.argeo.cms/src/org/argeo/cms/auth/CmsSession.java @@ -22,6 +22,8 @@ public interface CmsSession { UUID getUuid(); + String getUserRole(); + LdapName getUserDn(); String getLocalId(); diff --git a/org.argeo.cms/src/org/argeo/cms/internal/auth/CmsSessionImpl.java b/org.argeo.cms/src/org/argeo/cms/internal/auth/CmsSessionImpl.java index 211f21c94..9ae0fd8d8 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/auth/CmsSessionImpl.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/auth/CmsSessionImpl.java @@ -24,6 +24,7 @@ import javax.naming.ldap.LdapName; import javax.security.auth.Subject; import javax.security.auth.login.LoginContext; import javax.security.auth.login.LoginException; +import javax.security.auth.x500.X500Principal; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -224,6 +225,11 @@ public class CmsSessionImpl implements CmsSession { return userDn; } + @Override + public String getUserRole() { + return new X500Principal(authorization.getName()).getName(); + } + @Override public String getLocalId() { return localSessionId; diff --git a/org.argeo.cms/src/org/argeo/cms/servlet/ServletAuthUtils.java b/org.argeo.cms/src/org/argeo/cms/servlet/ServletAuthUtils.java index 13dfbe638..333fa1aa0 100644 --- a/org.argeo.cms/src/org/argeo/cms/servlet/ServletAuthUtils.java +++ b/org.argeo.cms/src/org/argeo/cms/servlet/ServletAuthUtils.java @@ -8,11 +8,16 @@ import java.util.function.Supplier; import javax.security.auth.Subject; import javax.servlet.http.HttpServletRequest; +import org.argeo.cms.auth.CmsSession; import org.argeo.cms.auth.CurrentUser; +import org.osgi.framework.BundleContext; +import org.osgi.framework.FrameworkUtil; import org.osgi.service.http.HttpContext; /** Authentications utilities when using servlets. */ public class ServletAuthUtils { + private static BundleContext bundleContext = FrameworkUtil.getBundle(ServletAuthUtils.class).getBundleContext(); + /** * Execute this supplier, using the CMS class loader as context classloader. * Useful to log in to JCR. @@ -50,4 +55,11 @@ public class ServletAuthUtils { req.setAttribute(HttpContext.REMOTE_USER, null); req.setAttribute(AccessControlContext.class.getName(), null); } + + public static CmsSession getCmsSession(HttpServletRequest req) { + Subject subject = Subject + .getSubject((AccessControlContext) req.getAttribute(AccessControlContext.class.getName())); + CmsSession cmsSession = CmsSession.getCmsSession(bundleContext, subject); + return cmsSession; + } } diff --git a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AggregatingAuthorization.java b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AggregatingAuthorization.java index ba9953416..05ba94889 100644 --- a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AggregatingAuthorization.java +++ b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AggregatingAuthorization.java @@ -6,6 +6,8 @@ import java.util.HashSet; import java.util.List; import java.util.Set; +import javax.security.auth.x500.X500Principal; + import org.osgi.service.useradmin.Authorization; /** An {@link Authorization} which combines roles form various auth sources. */ @@ -16,7 +18,7 @@ class AggregatingAuthorization implements Authorization { private final Set roles; public AggregatingAuthorization(String name, String displayName, Set systemRoles, String[] roles) { - this.name = name; + this.name = new X500Principal(name).getName(); this.displayName = displayName; this.systemRoles = Collections.unmodifiableSet(new HashSet<>(systemRoles)); Set temp = new HashSet<>(); -- 2.30.2