cms/org.argeo.slc.spring/src/org/argeo/slc/spring/auth/AuthenticatedApplicationContextInitialization.java

   1 package org.argeo.slc.spring.auth;
   2
   3 import java.security.AccessController;
   4 import java.security.PrivilegedAction;
   5 import java.util.ArrayList;
   6 import java.util.List;
   7
   8 import javax.security.auth.Subject;
   9
  10 import org.eclipse.gemini.blueprint.context.DependencyInitializationAwareBeanPostProcessor;
  11 import org.springframework.beans.BeansException;
  12 import org.springframework.beans.factory.support.AbstractBeanFactory;
  13 import org.springframework.beans.factory.support.SecurityContextProvider;
  14 import org.springframework.beans.factory.support.SimpleSecurityContextProvider;
  15 import org.springframework.context.ApplicationContext;
  16 import org.springframework.context.ApplicationContextAware;
  17
  18 /**
  19  * Executes with a system authentication the instantiation and initialization
  20  * methods of the application context where it has been defined.
  21  */
  22 public class AuthenticatedApplicationContextInitialization extends
  23                 AbstractSystemExecution implements
  24                 DependencyInitializationAwareBeanPostProcessor, ApplicationContextAware {
  25         /** If non empty, restricts to these beans */
  26         private List<String> beanNames = new ArrayList<String>();
  27
  28         public Object postProcessBeforeInitialization(Object bean, String beanName)
  29                         throws BeansException {
  30                 if (beanNames.size() == 0 || beanNames.contains(beanName))
  31                         authenticateAsSystem();
  32                 return bean;
  33         }
  34
  35         public Object postProcessAfterInitialization(Object bean, String beanName)
  36                         throws BeansException {
  37                 if (beanNames.size() == 0 || beanNames.contains(beanName))
  38                         deauthenticateAsSystem();
  39                 return bean;
  40         }
  41
  42         public void setBeanNames(List<String> beanNames) {
  43                 this.beanNames = beanNames;
  44         }
  45
  46         @Override
  47         public void setApplicationContext(ApplicationContext applicationContext)
  48                         throws BeansException {
  49                 if (applicationContext.getAutowireCapableBeanFactory() instanceof AbstractBeanFactory) {
  50                         final AbstractBeanFactory beanFactory = ((AbstractBeanFactory) applicationContext
  51                                         .getAutowireCapableBeanFactory());
  52                         // retrieve subject's access control context
  53                         // and set it as the bean factory security context
  54                         Subject.doAs(getSubject(), new PrivilegedAction<Void>() {
  55                                 @Override
  56                                 public Void run() {
  57                                         SecurityContextProvider scp = new SimpleSecurityContextProvider(
  58                                                         AccessController.getContext());
  59                                         beanFactory.setSecurityContextProvider(scp);
  60                                         return null;
  61                                 }
  62                         });
  63                 }
  64         }
  65 }