Skip to content

Features/rsb/26.2/423389 user object #2106

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
rogersteblerbsi wants to merge 19 commits into
base: releases/26.2
Choose a base branch
from
Open

Features/rsb/26.2/423389 user object #2106

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
a96bb35
423389 user object
rogersteblerbsi Mar 4, 2026
2236e8d
423389 user object II (input POC from code review)
paolobazzi Mar 27, 2026
3983981
443929 user cannot be changed again after read-only
rogersteblerbsi Mar 31, 2026
5e67c3c
423389 various updates after discussion with paolo
rogersteblerbsi Apr 1, 2026
2abbadb
423389 add user to pollers
rogersteblerbsi Apr 2, 2026
b51e23d
423389 add user object to subject statement
rogersteblerbsi Apr 2, 2026
6e306eb
423389 add missing setReadOnly
rogersteblerbsi Apr 2, 2026
d1e0018
423389 getUser returns null if subject is null
rogersteblerbsi Apr 2, 2026
1894c4c
423389 fix some tests
rogersteblerbsi Apr 2, 2026
35066f5
423389 update java doc
rogersteblerbsi Apr 2, 2026
fd86783
423389 store user on client session
rogersteblerbsi Apr 7, 2026
4b1d752
423389 improve PermissionsInvalidationNotificationListener
rogersteblerbsi Apr 7, 2026
d76ada7
423389 user object cache refactoring, avoid run context if cache hit
paolobazzi Apr 8, 2026
75c9c00
423389 user object - fix AccessControlService in archetype
paolobazzi Apr 8, 2026
49737e4
423389 user object client run context helper
paolobazzi Apr 8, 2026
51d5f21
423389 enforce user object to be read-only when using it in run context
rogersteblerbsi Apr 8, 2026
a7da7ca
423389 user object - Improve javadoc for user & sub classes
paolobazzi Apr 9, 2026
d6fb828
Updates after own code review
paolobazzi Apr 10, 2026
262f22f
code review
rogersteblerbsi Apr 10, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions ....rt.api/src/main/java/org/eclipse/scout/rt/api/uinotification/UiNotificationResource.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,8 +30,8 @@
import org.eclipse.scout.rt.api.data.uinotification.UiNotificationRequest;
import org.eclipse.scout.rt.api.data.uinotification.UiNotificationResponse;
import org.eclipse.scout.rt.platform.BEANS;
import org.eclipse.scout.rt.platform.security.User;
import org.eclipse.scout.rt.rest.IRestResource;
import org.eclipse.scout.rt.security.IAccessControlService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

Expand Down Expand Up @@ -104,6 +104,6 @@ protected void logResponse(List<UiNotificationDo> notifications, List<TopicDo> t
}

protected String getUserId() {
return BEANS.get(IAccessControlService.class).getUserIdOfCurrentSubject();
return User.currentUserId();
}
}
2 changes: 1 addition & 1 deletion ...t.test/src/main/java/org/eclipse/scout/testing/client/ClientSessionProviderWithCache.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -149,7 +149,7 @@ protected CompositeObject newSessionCacheKey(final String sessionId, final Subje
return new CompositeObject(BEANS.get(IClientSession.class).getClass(), sessionId);
}
else if (subject != null) {
return new CompositeObject(BEANS.get(IClientSession.class).getClass(), BEANS.get(IAccessControlService.class).getUserId(subject));
return new CompositeObject(BEANS.get(IClientSession.class).getClass(), BEANS.get(IAccessControlService.class).getUser(subject));
}
else {
return null;
Expand Down
30 changes: 15 additions & 15 deletions ...ent.test/src/test/java/org/eclipse/scout/rt/client/context/ClientRunContextChainTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2010, 2025 BSI Business Systems Integration AG
* Copyright (c) 2010, 2026 BSI Business Systems Integration AG
*
* This program and the accompanying materials are made
* available under the terms of the Eclipse Public License 2.0
Expand Down Expand Up @@ -27,13 +27,13 @@
import org.eclipse.scout.rt.platform.nls.NlsLocale;
import org.eclipse.scout.rt.platform.opentelemetry.OpenTelemetryContextProcessor;
import org.eclipse.scout.rt.platform.security.SubjectProcessor;
import org.eclipse.scout.rt.platform.security.User;
import org.eclipse.scout.rt.platform.transaction.TransactionProcessor;
import org.eclipse.scout.rt.platform.util.ThreadLocalProcessor;
import org.eclipse.scout.rt.shared.session.ISession;
import org.eclipse.scout.rt.shared.opentelemetry.OpenTelemetrySpanAttributeProcessor;
import org.eclipse.scout.rt.shared.session.ISession;
import org.eclipse.scout.rt.shared.session.SessionId;
import org.eclipse.scout.rt.shared.ui.UserAgent;
import org.eclipse.scout.rt.shared.user.UserId;
import org.eclipse.scout.rt.testing.platform.runner.PlatformTestRunner;
import org.junit.Test;
import org.junit.runner.RunWith;
Expand Down Expand Up @@ -84,46 +84,46 @@ protected <RESULT> CallableChain<RESULT> createCallableChain() { // overwrite to
c = chainIterator.next();
assertEquals(SubjectProcessor.class, c.getClass());

// 7. DiagnosticContextValueProcessor
// 7. ThreadLocalProcessor for User.CURRENT
c = chainIterator.next();
assertEquals(ThreadLocalProcessor.class, c.getClass());
assertSame(User.CURRENT, ((ThreadLocalProcessor) c).getThreadLocal());

// 8. DiagnosticContextValueProcessor
c = chainIterator.next();
assertEquals(DiagnosticContextValueProcessor.class, c.getClass());
assertEquals("subject.principal.name", ((DiagnosticContextValueProcessor) c).getMdcKey());

// 8. DiagnosticContextValueProcessor
// 9. DiagnosticContextValueProcessor
c = chainIterator.next();
assertEquals(DiagnosticContextValueProcessor.class, c.getClass());
assertEquals("opentelemetry.trace.id", ((DiagnosticContextValueProcessor) c).getMdcKey());

// 9. DiagnosticContextValueProcessor
// 10. DiagnosticContextValueProcessor
c = chainIterator.next();
assertEquals(DiagnosticContextValueProcessor.class, c.getClass());
assertEquals("scout.correlation.id", ((DiagnosticContextValueProcessor) c).getMdcKey());

// 10. ThreadLocalProcessor for NlsLocale.CURRENT
// 11. ThreadLocalProcessor for NlsLocale.CURRENT
c = chainIterator.next();
assertEquals(ThreadLocalProcessor.class, c.getClass());
assertSame(NlsLocale.CURRENT, ((ThreadLocalProcessor) c).getThreadLocal());

// 11. ThreadLocalProcessor for PropertyMap.CURRENT
// 12. ThreadLocalProcessor for PropertyMap.CURRENT
c = chainIterator.next();
assertEquals(ThreadLocalProcessor.class, c.getClass());
assertSame(PropertyMap.CURRENT, ((ThreadLocalProcessor) c).getThreadLocal());

// 12. ThreadLocalProcessor for ISession.CURRENT
// 13. ThreadLocalProcessor for ISession.CURRENT
c = chainIterator.next();
assertEquals(ThreadLocalProcessor.class, c.getClass());
assertSame(ISession.CURRENT, ((ThreadLocalProcessor) c).getThreadLocal());

// 13. ThreadLocalProcessor for SessionId.CURRENT
// 14. ThreadLocalProcessor for SessionId.CURRENT
c = chainIterator.next();
assertEquals(ThreadLocalProcessor.class, c.getClass());
assertSame(SessionId.CURRENT, ((ThreadLocalProcessor) c).getThreadLocal());

// 14. ThreadLocalProcessor for Users.CURRENT
c = chainIterator.next();
assertEquals(ThreadLocalProcessor.class, c.getClass());
assertSame(UserId.CURRENT, ((ThreadLocalProcessor) c).getThreadLocal());

// 15. DiagnosticContextValueProcessor
c = chainIterator.next();
assertEquals(DiagnosticContextValueProcessor.class, c.getClass());
Expand Down
12 changes: 10 additions & 2 deletions ...ipse.scout.rt.client/src/main/java/org/eclipse/scout/rt/client/AbstractClientSession.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@
package org.eclipse.scout.rt.client;

import static java.util.Collections.*;
import static org.eclipse.scout.rt.shared.ISessionVariable.SHARED_CONTEXT_USER_ID;

import java.net.URI;
import java.net.URISyntaxException;
Expand Down Expand Up @@ -44,11 +43,13 @@
import org.eclipse.scout.rt.platform.job.Jobs;
import org.eclipse.scout.rt.platform.nls.NlsLocale;
import org.eclipse.scout.rt.platform.reflect.AbstractPropertyObserver;
import org.eclipse.scout.rt.platform.security.User;
import org.eclipse.scout.rt.platform.util.Assertions;
import org.eclipse.scout.rt.platform.util.CollectionUtility;
import org.eclipse.scout.rt.platform.util.TypeCastUtility;
import org.eclipse.scout.rt.platform.util.event.FastListenerList;
import org.eclipse.scout.rt.platform.util.event.IFastListenerList;
import org.eclipse.scout.rt.security.IAccessControlService;
import org.eclipse.scout.rt.shared.extension.AbstractExtension;
import org.eclipse.scout.rt.shared.extension.IExtensibleObject;
import org.eclipse.scout.rt.shared.extension.IExtension;
Expand Down Expand Up @@ -91,6 +92,7 @@ public abstract class AbstractClientSession extends AbstractPropertyObserver imp
private IDesktop m_desktop;
private VirtualDesktop m_virtualDesktop;
private volatile Subject m_subject;
private volatile User m_user;

private final SharedVariableMap m_sharedVariableMap;
private Set<String> m_exposedSharedVariables;
Expand All @@ -107,6 +109,7 @@ public AbstractClientSession(boolean autoInitConfig) {
m_stateLock = new Object();
m_userAgent = UserAgent.get();
m_subject = Subject.current();
m_user = BEANS.get(IAccessControlService.class).getUser(m_subject);
m_objectExtensions = new ObjectExtensions<>(this, true);
m_sharedVariableMap = new SharedVariableMap();
m_exposedSharedVariables = null;
Expand Down Expand Up @@ -166,7 +169,7 @@ public String getId() {
*/
@Override
public String getUserId() {
return getSharedContextVariable(SHARED_CONTEXT_USER_ID, String.class);
return m_user != null ? m_user.getUserId() : null;
}

@Override
Expand Down Expand Up @@ -501,6 +504,11 @@ public void setSubject(Subject subject) {
m_subject = subject;
}

@Override
public User getUser() {
return m_user;
}

@Override
public void setData(String key, Object value) {
m_sessionData.set(key, value);
Expand Down
13 changes: 10 additions & 3 deletions org.eclipse.scout.rt.client/src/main/java/org/eclipse/scout/rt/client/IClientSession.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2010, 2025 BSI Business Systems Integration AG
* Copyright (c) 2010, 2026 BSI Business Systems Integration AG
*
* This program and the accompanying materials are made
* available under the terms of the Eclipse Public License 2.0
Expand All @@ -20,7 +20,7 @@
import org.eclipse.scout.rt.platform.job.IExecutionSemaphore;
import org.eclipse.scout.rt.platform.nls.NlsLocale;
import org.eclipse.scout.rt.platform.reflect.IPropertyObserver;
import org.eclipse.scout.rt.security.IAccessControlService;
import org.eclipse.scout.rt.platform.security.User;
import org.eclipse.scout.rt.shared.session.ISession;
import org.eclipse.scout.rt.shared.ui.UserAgent;

Expand Down Expand Up @@ -98,7 +98,14 @@ public interface IClientSession extends ISession, IPropertyObserver {
void setSubject(Subject subject);

/**
* Authenticated userId, extracted by {@link IAccessControlService#getUserIdOfCurrentSubject()} on server
* Consumers can query for the {@link User} of a {@link IClientSession}
* <p>
* The user is set when this object is created from {@link User#current()}
*/
User getUser();

/**
* Authenticated userId, provided by {@link User#getUserId()}}
*/
String getUserId();

Expand Down
10 changes: 8 additions & 2 deletions ...rc/main/java/org/eclipse/scout/rt/client/clientnotification/ClientNotificationPoller.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2010, 2025 BSI Business Systems Integration AG
* Copyright (c) 2010, 2026 BSI Business Systems Integration AG
*
* This program and the accompanying materials are made
* available under the terms of the Eclipse Public License 2.0
Expand All @@ -13,6 +13,8 @@
import java.util.List;
import java.util.concurrent.TimeUnit;

import javax.security.auth.Subject;

import jakarta.annotation.PostConstruct;

import org.eclipse.scout.rt.client.context.ClientRunContexts;
Expand All @@ -36,12 +38,14 @@
import org.eclipse.scout.rt.platform.job.FixedDelayScheduleBuilder;
import org.eclipse.scout.rt.platform.job.IFuture;
import org.eclipse.scout.rt.platform.job.Jobs;
import org.eclipse.scout.rt.platform.security.User;
import org.eclipse.scout.rt.platform.util.Assertions;
import org.eclipse.scout.rt.platform.util.SleepUtil;
import org.eclipse.scout.rt.platform.util.concurrent.FutureCancelledError;
import org.eclipse.scout.rt.platform.util.concurrent.IRunnable;
import org.eclipse.scout.rt.platform.util.concurrent.ThreadInterruptedError;
import org.eclipse.scout.rt.platform.util.date.DateUtility;
import org.eclipse.scout.rt.security.IAccessControlService;
import org.eclipse.scout.rt.shared.SharedConfigProperties.NotificationSubjectProperty;
import org.eclipse.scout.rt.shared.clientnotification.ClientNotificationMessage;
import org.eclipse.scout.rt.shared.clientnotification.IClientNotificationService;
Expand Down Expand Up @@ -101,8 +105,10 @@ protected void stopPoller() {
}

protected RunContext createRunContext() {
final Subject subject = BEANS.get(NotificationSubjectProperty.class).getValue();
return ClientRunContexts.empty()
.withSubject(BEANS.get(NotificationSubjectProperty.class).getValue())
.withSubject(subject)
.withUser(BEANS.get(User.class).withUserId(BEANS.get(IAccessControlService.class).extractUserId(subject)).setReadOnly())
.withUserAgent(UserAgents.createDefault())
.withSession(null, false);
}
Expand Down
14 changes: 10 additions & 4 deletions ...e.scout.rt.client/src/main/java/org/eclipse/scout/rt/client/context/ClientRunContext.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2010, 2025 BSI Business Systems Integration AG
* Copyright (c) 2010, 2026 BSI Business Systems Integration AG
*
* This program and the accompanying materials are made
* available under the terms of the Eclipse Public License 2.0
Expand Down Expand Up @@ -28,18 +28,18 @@
import org.eclipse.scout.rt.platform.context.RunMonitor;
import org.eclipse.scout.rt.platform.logger.DiagnosticContextValueProcessor;
import org.eclipse.scout.rt.platform.logger.DiagnosticContextValueProcessor.IDiagnosticContextValueProvider;
import org.eclipse.scout.rt.platform.security.User;
import org.eclipse.scout.rt.platform.transaction.ITransaction;
import org.eclipse.scout.rt.platform.transaction.ITransactionMember;
import org.eclipse.scout.rt.platform.transaction.TransactionScope;
import org.eclipse.scout.rt.platform.util.ThreadLocalProcessor;
import org.eclipse.scout.rt.platform.util.ToStringBuilder;
import org.eclipse.scout.rt.shared.session.ISession;
import org.eclipse.scout.rt.shared.logging.UserIdContextValueProvider;
import org.eclipse.scout.rt.shared.opentelemetry.OpenTelemetrySpanAttributeProcessor;
import org.eclipse.scout.rt.shared.session.ISession;
import org.eclipse.scout.rt.shared.session.ScoutSessionIdContextValueProvider;
import org.eclipse.scout.rt.shared.session.SessionId;
import org.eclipse.scout.rt.shared.ui.UserAgent;
import org.eclipse.scout.rt.shared.user.UserId;

/**
* Use this class to propagate client-side context.
Expand All @@ -65,7 +65,6 @@ protected <RESULT> void interceptCallableChain(final CallableChain<RESULT> calla
callableChain
.add(new ThreadLocalProcessor<>(ISession.CURRENT, m_session))
.add(new ThreadLocalProcessor<>(SessionId.CURRENT, getSession() != null ? getSession().getId() : null))
.add(new ThreadLocalProcessor<>(UserId.CURRENT, getSession() != null ? getSession().getUserId() : null))
.add(new DiagnosticContextValueProcessor(BEANS.get(UserIdContextValueProvider.class)))
.add(new DiagnosticContextValueProcessor(BEANS.get(ScoutSessionIdContextValueProvider.class)))
.add(new OpenTelemetrySpanAttributeProcessor())
Expand All @@ -87,6 +86,12 @@ public ClientRunContext withSubject(final Subject subject) {
return this;
}

@Override
public ClientRunContext withUser(final User user) {
super.withUser(user);
return this;
}

@Override
public ClientRunContext withLocale(final Locale locale) {
super.withLocale(locale);
Expand Down Expand Up @@ -187,6 +192,7 @@ public ClientRunContext withSession(final IClientSession session, final boolean
m_locale = (session != null ? session.getLocale() : null);
m_userAgent = (session != null ? session.getUserAgent() : null);
m_subject = (session != null ? session.getSubject() : null);
m_user = (session != null ? session.getUser() : null);
m_desktop = (session != null ? session.getDesktopElseVirtualDesktop() : null);
}
return this;
Expand Down
6 changes: 3 additions & 3 deletions ...ient/src/main/java/org/eclipse/scout/rt/client/ui/form/useradmin/DefaultPasswordForm.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,8 @@
import org.eclipse.scout.rt.platform.Order;
import org.eclipse.scout.rt.platform.classid.ClassId;
import org.eclipse.scout.rt.platform.exception.VetoException;
import org.eclipse.scout.rt.platform.security.User;
import org.eclipse.scout.rt.platform.text.TEXTS;
import org.eclipse.scout.rt.security.IAccessControlService;
import org.eclipse.scout.rt.shared.services.common.pwd.IPasswordManagementService;

@ClassId("5bcb48f0-9b72-4f28-9c08-038cd5d9a1c4")
Expand Down Expand Up @@ -208,7 +208,7 @@ protected void execStore() {
protected void resetSessionsIfCurrentUser(IPasswordManagementService svc) {
//owasp: reset session
if (isCurrentUser()) {
String currentUserId = BEANS.get(IAccessControlService.class).getUserIdOfCurrentSubject();
String currentUserId = User.currentUserId();
IClientSession currentSession = ClientSessionProvider.currentSession();

// for security reasons force stop all other of the user's sessions in case an attacker is controlling it
Expand All @@ -225,7 +225,7 @@ protected void resetSessionsIfCurrentUser(IPasswordManagementService svc) {

protected boolean isCurrentUser() {
String userName = BEANS.get(IPasswordManagementService.class).getUsernameFor(getUserId());
String currentUserId = BEANS.get(IAccessControlService.class).getUserIdOfCurrentSubject();
String currentUserId = User.currentUserId();
return currentUserId.equals(userName);
}
}
17 changes: 16 additions & 1 deletion ...rc/main/java/org/eclipse/scout/rt/testing/platform/runner/statement/SubjectStatement.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,11 @@

import javax.security.auth.Subject;

import org.eclipse.scout.rt.platform.BEANS;
import org.eclipse.scout.rt.platform.context.RunContext;
import org.eclipse.scout.rt.platform.context.RunContexts;
import org.eclipse.scout.rt.platform.security.SimplePrincipal;
import org.eclipse.scout.rt.platform.security.User;
import org.eclipse.scout.rt.platform.util.Assertions;
import org.eclipse.scout.rt.testing.platform.runner.RunWithSubject;
import org.eclipse.scout.rt.testing.platform.runner.SafeStatementInvoker;
Expand All @@ -28,6 +30,7 @@
public class SubjectStatement extends Statement {

private final Statement m_next;
private final String m_principal;
private final Subject m_subject;

/**
Expand All @@ -43,11 +46,13 @@ public SubjectStatement(final Statement next, final RunWithSubject annotation) {

final String principal = (annotation != null ? annotation.value() : null);
if (principal != null) {
m_principal = principal;
m_subject = new Subject();
m_subject.getPrincipals().add(new SimplePrincipal(principal));
m_subject.setReadOnly();
}
else {
m_principal = null;
m_subject = null;
}
}
Expand All @@ -56,6 +61,10 @@ protected Statement getNext() {
return m_next;
}

protected String getPrincipal() {
return m_principal;
}

protected Subject getSubject() {
return m_subject;
}
Expand All @@ -73,6 +82,12 @@ public void evaluate() throws Throwable {
}

protected RunContext createRunContext() {
return RunContexts.copyCurrent().withSubject(m_subject);
return RunContexts.copyCurrent()
.withSubject(m_subject)
.withUser(createUser());
}

protected User createUser() {
return BEANS.get(User.class).withUserId(m_principal).setReadOnly();
}
}
Loading
Loading