nosu
/
taskana
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added CurrentUserContext to support plain JAAS and WebSphere.

This commit is contained in:
Holger Hagen 2017-06-30 09:05:16 +02:00
parent f4fdb2cad3
commit 8669884cc9
1 changed files with 60 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
lib/taskana-core/src/main/java/org/taskana/security/CurrentUserContext.java
View File

@ -1,5 +1,6 @@
package org.taskana.security; package org.taskana.security;
import java.lang.reflect.Method;
import java.security.AccessController; import java.security.AccessController;
import java.util.List; import java.util.List;
import java.util.Set; import java.util.Set;
@ -18,14 +19,73 @@ import org.slf4j.LoggerFactory;
*/ */
public class CurrentUserContext { public class CurrentUserContext {
private static final String GET_UNIQUE_SECURITY_NAME_METHOD = "getUniqueSecurityName";
private static final String GET_CALLER_SUBJECT_METHOD = "getCallerSubject";
private static final String WSSUBJECT_CLASSNAME = "com.ibm.websphere.security.auth.WSSubject";
private static final Logger logger = LoggerFactory.getLogger(CurrentUserContext.class); private static final Logger logger = LoggerFactory.getLogger(CurrentUserContext.class);
private static Boolean runningOnWebSphere = null;
/** /**
* Returns the userid of the current user. * Returns the userid of the current user.
* *
* @return String the userid. null if there is no JAAS subject. * @return String the userid. null if there is no JAAS subject.
*/ */
public static String getUserid() { public static String getUserid() {
if (runningOnWebSphere()) {
return getUseridFromWSSubject();
} else {
return getUseridFromJAASSubject();
}
}
/**
* Returns the unique security name of the first public credentials found in the WSSubject as userid.
*
* @return the userid of the caller. If the userid could not be obtained, null is returned.
*/
private static String getUseridFromWSSubject() {
try {
Class<?> wsSubjectClass = Class.forName(WSSUBJECT_CLASSNAME);
Method getCallerSubjectMethod = wsSubjectClass.getMethod(GET_CALLER_SUBJECT_METHOD, (Class<?>[]) null);
Subject callerSubject = (Subject) getCallerSubjectMethod.invoke(null, (Object[]) null);
logger.debug("Subject of caller: {}", callerSubject);
if (callerSubject != null) {
Set<Object> publicCredentials = callerSubject.getPublicCredentials();
logger.debug("Public credentials of caller: {}", publicCredentials);
for (Object pC : publicCredentials) {
Object o = pC.getClass().getMethod(GET_UNIQUE_SECURITY_NAME_METHOD, (Class<?>[]) null).invoke(pC, (Object[]) null);
logger.debug("Returning the unique security name of first public credential: {}", o);
return o.toString();
}
}
} catch (Exception e) {
logger.warn("Could not get user from WSSubject. Going ahead unauthorized.");
}
return null;
}
/**
* Checks, whether Taskana is running on IBM WebSphere.
*
* @return true, if it is running on IBM WebSphere
*/
private static boolean runningOnWebSphere() {
if (runningOnWebSphere == null) {
try {
Class.forName(WSSUBJECT_CLASSNAME);
logger.debug("WSSubject detected. Assuming that Taskana runs on IBM WebSphere.");
runningOnWebSphere = new Boolean(true);
} catch (ClassNotFoundException e) {
logger.debug("No WSSubject detected. Using JAAS subject further on.");
runningOnWebSphere = new Boolean(false);
}
}
return runningOnWebSphere;
}
private static String getUseridFromJAASSubject() {
Subject subject = Subject.getSubject(AccessController.getContext()); Subject subject = Subject.getSubject(AccessController.getContext());
logger.debug("Subject of caller: {}", subject); logger.debug("Subject of caller: {}", subject);
if (subject != null) { if (subject != null) {