org.argeo.security.core/src/org/argeo/security/core/AbstractSystemExecution.java

   1 /*
   2  * Copyright (C) 2007-2012 Argeo GmbH
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *         http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16 package org.argeo.security.core;
  17
  18 import org.apache.commons.logging.Log;
  19 import org.apache.commons.logging.LogFactory;
  20 import org.argeo.ArgeoException;
  21 import org.argeo.security.SystemAuthentication;
  22 import org.springframework.security.authentication.AuthenticationManager;
  23 import org.springframework.security.core.Authentication;
  24 import org.springframework.security.core.context.SecurityContext;
  25 import org.springframework.security.core.context.SecurityContextHolder;
  26
  27 /** Provides base method for executing code with system authorization. */
  28 public abstract class AbstractSystemExecution {
  29         static {
  30                 // Forces Spring Security to use inheritable strategy
  31                 // FIXME find a better place for forcing spring security mode
  32                 // doesn't work for the time being
  33 //              if (System.getProperty(SecurityContextHolder.SYSTEM_PROPERTY) == null)
  34 //                      SecurityContextHolder
  35 //                                      .setStrategyName(SecurityContextHolder.MODE_INHERITABLETHREADLOCAL);
  36         }
  37
  38         private final static Log log = LogFactory
  39                         .getLog(AbstractSystemExecution.class);
  40         private AuthenticationManager authenticationManager;
  41         private String systemAuthenticationKey;
  42
  43         /** Whether the current thread was authenticated by this component. */
  44         private ThreadLocal<Boolean> authenticatedBySelf = new ThreadLocal<Boolean>() {
  45                 protected Boolean initialValue() {
  46                         return false;
  47                 }
  48         };
  49
  50         /**
  51          * Authenticate the calling thread to the underlying
  52          * {@link AuthenticationManager}
  53          */
  54         protected void authenticateAsSystem() {
  55                 if (authenticatedBySelf.get())
  56                         return;
  57                 SecurityContext securityContext = SecurityContextHolder.getContext();
  58                 Authentication currentAuth = securityContext.getAuthentication();
  59                 if (currentAuth != null) {
  60                         if (!(currentAuth instanceof SystemAuthentication))
  61                                 throw new ArgeoException(
  62                                                 "System execution on an already authenticated thread: "
  63                                                                 + currentAuth + ", THREAD="
  64                                                                 + Thread.currentThread().getId());
  65                         return;
  66                 }
  67                 // Subject subject = Subject.getSubject(AccessController.getContext());
  68                 // if (subject != null
  69                 // && !subject.getPrincipals(Authentication.class).isEmpty())
  70                 // throw new ArgeoException(
  71                 // "There is already an authenticated subject: " + subject);
  72
  73                 String key = systemAuthenticationKey != null ? systemAuthenticationKey
  74                                 : System.getProperty(
  75                                                 InternalAuthentication.SYSTEM_KEY_PROPERTY,
  76                                                 InternalAuthentication.SYSTEM_KEY_DEFAULT);
  77                 if (key == null)
  78                         throw new ArgeoException("No system key defined");
  79                 Authentication auth = authenticationManager
  80                                 .authenticate(new InternalAuthentication(key));
  81                 securityContext.setAuthentication(auth);
  82                 authenticatedBySelf.set(true);
  83                 if (log.isTraceEnabled())
  84                         log.trace("System authenticated");
  85         }
  86
  87         // /** Removes the authentication from the calling thread. */
  88         // protected void deauthenticateAsSystem() {
  89         // // remove the authentication
  90         // // SecurityContext securityContext = SecurityContextHolder.getContext();
  91         // // securityContext.setAuthentication(null);
  92         // // authenticatedBySelf.set(false);
  93         // if (log.isTraceEnabled()) {
  94         // log.trace("System deauthenticated");
  95         // // Thread.dumpStack();
  96         // }
  97         // }
  98
  99         /**
 100          * Whether the current thread was authenticated by this component or a
 101          * parent thread.
 102          */
 103         protected Boolean isAuthenticatedBySelf() {
 104                 return authenticatedBySelf.get();
 105         }
 106
 107         public void setAuthenticationManager(
 108                         AuthenticationManager authenticationManager) {
 109                 this.authenticationManager = authenticationManager;
 110         }
 111
 112         public void setSystemAuthenticationKey(String systemAuthenticationKey) {
 113                 this.systemAuthenticationKey = systemAuthenticationKey;
 114         }
 115
 116 }