AuthenticatedApplicationContextInitialization.java

   1 /*
   2  * Copyright (C) 2007-2012 Argeo GmbH
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *         http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16 package org.argeo.security.core;
  17
  18 import java.security.AccessController;
  19 import java.security.PrivilegedAction;
  20 import java.util.ArrayList;
  21 import java.util.List;
  22
  23 import javax.security.auth.Subject;
  24
  25 import org.eclipse.gemini.blueprint.context.DependencyInitializationAwareBeanPostProcessor;
  26 import org.springframework.beans.BeansException;
  27 import org.springframework.beans.factory.support.AbstractBeanFactory;
  28 import org.springframework.beans.factory.support.SecurityContextProvider;
  29 import org.springframework.beans.factory.support.SimpleSecurityContextProvider;
  30 import org.springframework.context.ApplicationContext;
  31 import org.springframework.context.ApplicationContextAware;
  32
  33 /**
  34  * Executes with a system authentication the instantiation and initialization
  35  * methods of the application context where it has been defined.
  36  */
  37 public class AuthenticatedApplicationContextInitialization extends
  38                 AbstractSystemExecution implements
  39                 DependencyInitializationAwareBeanPostProcessor, ApplicationContextAware {
  40         /** If non empty, restricts to these beans */
  41         private List<String> beanNames = new ArrayList<String>();
  42
  43         public Object postProcessBeforeInitialization(Object bean, String beanName)
  44                         throws BeansException {
  45                 if (beanNames.size() == 0 || beanNames.contains(beanName))
  46                         authenticateAsSystem();
  47                 return bean;
  48         }
  49
  50         public Object postProcessAfterInitialization(Object bean, String beanName)
  51                         throws BeansException {
  52                 if (beanNames.size() == 0 || beanNames.contains(beanName))
  53                         deauthenticateAsSystem();
  54                 return bean;
  55         }
  56
  57         public void setBeanNames(List<String> beanNames) {
  58                 this.beanNames = beanNames;
  59         }
  60
  61         @Override
  62         public void setApplicationContext(ApplicationContext applicationContext)
  63                         throws BeansException {
  64                 if (applicationContext.getAutowireCapableBeanFactory() instanceof AbstractBeanFactory) {
  65                         final AbstractBeanFactory beanFactory = ((AbstractBeanFactory) applicationContext
  66                                         .getAutowireCapableBeanFactory());
  67                         // retrieve subject's access control context
  68                         // and set it as the bean factory security context
  69                         Subject.doAs(getSubject(), new PrivilegedAction<Void>() {
  70                                 @Override
  71                                 public Void run() {
  72                                         SecurityContextProvider scp = new SimpleSecurityContextProvider(
  73                                                         AccessController.getContext());
  74                                         beanFactory.setSecurityContextProvider(scp);
  75                                         return null;
  76                                 }
  77                         });
  78                 }
  79         }
  80 }