View Javadoc
1   /*
2    * Licensed to The Apereo Foundation under one or more contributor license
3    * agreements. See the NOTICE file distributed with this work for additional
4    * information regarding copyright ownership.
5    *
6    *
7    * The Apereo Foundation licenses this file to you under the Educational
8    * Community License, Version 2.0 (the "License"); you may not use this file
9    * except in compliance with the License. You may obtain a copy of the License
10   * at:
11   *
12   *   http://opensource.org/licenses/ecl2.txt
13   *
14   * Unless required by applicable law or agreed to in writing, software
15   * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16   * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  See the
17   * License for the specific language governing permissions and limitations under
18   * the License.
19   *
20   */
21  
22  package org.opencastproject.security.util;
23  
24  import static org.opencastproject.util.EqualsUtil.ne;
25  
26  import org.opencastproject.security.api.Organization;
27  import org.opencastproject.security.api.SecurityService;
28  import org.opencastproject.security.api.User;
29  
30  import java.util.function.Supplier;
31  
32  /**
33   * This class handles all the boilerplate of setting up and tearing down a security context. It also makes it possible
34   * to pass around contexts so that clients need not deal with services, users, passwords etc.
35   */
36  public class SecurityContext {
37    private final SecurityService sec;
38    private final User user;
39    private final Organization org;
40  
41    public SecurityContext(SecurityService sec, Organization org, User user) {
42      if (ne(org, user.getOrganization())) {
43        throw new IllegalArgumentException("User is not a member of organization " + org.getId());
44      }
45      this.sec = sec;
46      this.user = user;
47      this.org = org;
48    }
49  
50    /** Run function <code>f</code> within the context. */
51    public <A> A runInContext(Supplier<A> f) {
52      final Organization prevOrg = sec.getOrganization();
53      // workaround: if no organization is bound to the current thread sec.getUser() will throw a NPE
54      final User prevUser = prevOrg != null ? sec.getUser() : null;
55      sec.setOrganization(org);
56      sec.setUser(user);
57      try {
58        return f.get();
59      } finally {
60        sec.setOrganization(prevOrg);
61        sec.setUser(prevUser);
62      }
63    }
64  
65    /** Run function <code>f</code> within the context. */
66    public void runInContext(Runnable f) {
67      runInContext(() -> {
68        f.run();
69        return null;
70      });
71    }
72  }