/** * Gets the name of the currently logged-in principal. * * @return the principal name, or {@code null} if there was no login * @since 8.4 */ protected static String getCurrentPrincipalName() { NuxeoPrincipal p = ClientLoginModule.getCurrentPrincipal(); return p == null ? null : p.getName(); }
/** * Returns the current logged {@link NuxeoPrincipal} from the login stack * * @since 5.6 */ public static NuxeoPrincipal getCurrentPrincipal() { LoginStack.Entry entry = getCurrentLogin(); if (entry != null) { Principal p = entry.getPrincipal(); if (p instanceof NuxeoPrincipal) { return (NuxeoPrincipal) p; } else if (LoginComponent.isSystemLogin(p)) { return new SystemPrincipal(p.getName()); } } return null; }
@Override public void cleanup() { ClientLoginModule.getThreadLocalLogin().pop(); }
@Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { final Timer.Context contextTimer = requestTimer.time(); concurrentCount.inc(); if (concurrentCount.getCount() > concurrentMaxCount.getCount()) { concurrentMaxCount.inc(); } try { doInitIfNeeded(); doFilterInternal(request, response, chain); } finally { ClientLoginModule.clearThreadLocalLogin(); contextTimer.stop(); concurrentCount.dec(); } }
public CleanupCallback propagateUserIdentificationInformation(CachableUserIdentificationInfo cachableUserIdent) { ClientLoginModule.getThreadLocalLogin().push(cachableUserIdent.getPrincipal(), cachableUserIdent.getUserInfo().getPassword().toCharArray(), cachableUserIdent.getLoginContext().getSubject()); return new CleanupCallback() { @Override public void cleanup() { ClientLoginModule.getThreadLocalLogin().pop(); } }; }
@Override public boolean hasCreateFromKeyPermission() { NuxeoPrincipal principal = ClientLoginModule.getCurrentPrincipal(); if (principal == null) { return false; } String createFromKeyUsers = properties.getOrDefault(CREATE_FROM_KEY_USERS, EMPTY); String createFromKeyGroups = properties.getOrDefault(CREATE_FROM_KEY_GROUPS, EMPTY); if ("*".equals(createFromKeyUsers) || "*".equals(createFromKeyGroups)) { return true; } List<String> authorizedUsers = Arrays.asList(createFromKeyUsers.split(",")); List<String> authorizedGroups = Arrays.asList(createFromKeyGroups.split(",")); return principal.isAdministrator() || authorizedUsers.contains(principal.getName()) || authorizedGroups.stream().anyMatch(principal::isMemberOf); }
protected static NuxeoPrincipal getPrincipal(String username) { if (username != null) { return new UserPrincipal(username, new ArrayList<>(), false, false); } else { LoginStack.Entry entry = ClientLoginModule.getCurrentLogin(); if (entry != null) { Principal p = entry.getPrincipal(); if (p instanceof NuxeoPrincipal) { return (NuxeoPrincipal) p; } else if (LoginComponent.isSystemLogin(p)) { return new SystemPrincipal(p.getName()); } else { throw new RuntimeException("Unsupported principal: " + p.getClass()); } } else { if (Framework.isTestModeSet()) { return new SystemPrincipal(null); } else { throw new NuxeoException( "Cannot create a CoreSession outside a security context, " + " login() missing."); } } } }
protected static NuxeoPrincipal getPrincipal() { return ClientLoginModule.getCurrentPrincipal(); }
/** * Returns the tenant id of the logged user if any, {@code null} otherwise. */ protected String getCurrentTenantId() { NuxeoPrincipal principal = ClientLoginModule.getCurrentPrincipal(); return principal != null ? principal.getTenantId() : null; }
/** * Checks the current user rights for the given permission against the read-only flag and the permission descriptor. * <p> * Throws {@link DirectorySecurityException} if the user does not have adequate privileges. * * @throws DirectorySecurityException if access is denied * @since 8.3 */ public void checkPermission(String permission) { if (hasPermission(permission)) { return; } if (permission.equals(SecurityConstants.WRITE) && isReadOnly()) { throw new DirectorySecurityException("Directory is read-only"); } else { NuxeoPrincipal user = ClientLoginModule.getCurrentPrincipal(); throw new DirectorySecurityException("User " + user + " does not have " + permission + " permission"); } }
ValueExpression currentDocExpr = expressionFactory.createValueExpression(currentDocument, DocumentModel.class); ValueExpression userExpr = expressionFactory.createValueExpression(ClientLoginModule.getCurrentPrincipal(), NuxeoPrincipal.class); vm.setVariable(PREVIOUS_DOCUMENT, previousDocExpr);
Map<String, Object> context = new HashMap<>(); Map<String, Serializable> ei = extendedInfos == null ? Collections.emptyMap() : extendedInfos; NuxeoPrincipal currentUser = ClientLoginModule.getCurrentPrincipal(); context.put("Document", doc); context.put("XPath", xpath);
NuxeoPrincipal user = ClientLoginModule.getCurrentPrincipal(); if (user == null) { return false;
if (!session.exists(docRef)) { NuxeoPrincipal principal = ClientLoginModule.getCurrentPrincipal(); if (principal != null && principal.isAnonymous()) { throw new DocumentSecurityException("Authentication is needed for downloading the blob");
public JWTBuilderImpl() { builder = JWT.create(); // default Nuxeo issuer, checked during validation builder.withIssuer(NUXEO_ISSUER); // default to current principal as subject String subject = ClientLoginModule.getCurrentPrincipal().getActingUser(); if (subject == null) { throw new NuxeoException("No currently logged-in user"); } builder.withSubject(subject); // default TTL withTTL(0); }