2 * Copyright (C) 2007-2012 Argeo GmbH
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
16 package org
.argeo
.security
.core
;
18 import org
.apache
.commons
.logging
.Log
;
19 import org
.apache
.commons
.logging
.LogFactory
;
20 import org
.argeo
.ArgeoException
;
21 import org
.argeo
.security
.SystemAuthentication
;
22 import org
.springframework
.security
.authentication
.AuthenticationManager
;
23 import org
.springframework
.security
.core
.Authentication
;
24 import org
.springframework
.security
.core
.context
.SecurityContext
;
25 import org
.springframework
.security
.core
.context
.SecurityContextHolder
;
27 /** Provides base method for executing code with system authorization. */
28 public abstract class AbstractSystemExecution
{
30 // Forces Spring Security to use inheritable strategy
31 // FIXME find a better place for forcing spring security mode
32 // doesn't work for the time being
33 // if (System.getProperty(SecurityContextHolder.SYSTEM_PROPERTY) == null)
34 // SecurityContextHolder
35 // .setStrategyName(SecurityContextHolder.MODE_INHERITABLETHREADLOCAL);
38 private final static Log log
= LogFactory
39 .getLog(AbstractSystemExecution
.class);
40 private AuthenticationManager authenticationManager
;
41 private String systemAuthenticationKey
;
43 /** Whether the current thread was authenticated by this component. */
44 private ThreadLocal
<Boolean
> authenticatedBySelf
= new ThreadLocal
<Boolean
>() {
45 protected Boolean
initialValue() {
51 * Authenticate the calling thread to the underlying
52 * {@link AuthenticationManager}
54 protected void authenticateAsSystem() {
55 if (authenticatedBySelf
.get())
57 SecurityContext securityContext
= SecurityContextHolder
.getContext();
58 Authentication currentAuth
= securityContext
.getAuthentication();
59 if (currentAuth
!= null) {
60 if (!(currentAuth
instanceof SystemAuthentication
))
61 throw new ArgeoException(
62 "System execution on an already authenticated thread: "
63 + currentAuth
+ ", THREAD="
64 + Thread
.currentThread().getId());
67 // Subject subject = Subject.getSubject(AccessController.getContext());
68 // if (subject != null
69 // && !subject.getPrincipals(Authentication.class).isEmpty())
70 // throw new ArgeoException(
71 // "There is already an authenticated subject: " + subject);
73 String key
= systemAuthenticationKey
!= null ? systemAuthenticationKey
75 InternalAuthentication
.SYSTEM_KEY_PROPERTY
,
76 InternalAuthentication
.SYSTEM_KEY_DEFAULT
);
78 throw new ArgeoException("No system key defined");
79 Authentication auth
= authenticationManager
80 .authenticate(new InternalAuthentication(key
));
81 securityContext
.setAuthentication(auth
);
82 authenticatedBySelf
.set(true);
83 if (log
.isTraceEnabled())
84 log
.trace("System authenticated");
87 // /** Removes the authentication from the calling thread. */
88 // protected void deauthenticateAsSystem() {
89 // // remove the authentication
90 // // SecurityContext securityContext = SecurityContextHolder.getContext();
91 // // securityContext.setAuthentication(null);
92 // // authenticatedBySelf.set(false);
93 // if (log.isTraceEnabled()) {
94 // log.trace("System deauthenticated");
95 // // Thread.dumpStack();
100 * Whether the current thread was authenticated by this component or a
103 protected Boolean
isAuthenticatedBySelf() {
104 return authenticatedBySelf
.get();
107 public void setAuthenticationManager(
108 AuthenticationManager authenticationManager
) {
109 this.authenticationManager
= authenticationManager
;
112 public void setSystemAuthenticationKey(String systemAuthenticationKey
) {
113 this.systemAuthenticationKey
= systemAuthenticationKey
;