2 * Copyright (C) 2007-2012 Argeo GmbH
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
16 package org
.argeo
.security
.core
;
18 import org
.apache
.commons
.logging
.Log
;
19 import org
.apache
.commons
.logging
.LogFactory
;
20 import org
.argeo
.ArgeoException
;
21 import org
.argeo
.security
.SystemAuthentication
;
22 import org
.springframework
.security
.authentication
.AuthenticationManager
;
23 import org
.springframework
.security
.core
.Authentication
;
24 import org
.springframework
.security
.core
.context
.SecurityContext
;
25 import org
.springframework
.security
.core
.context
.SecurityContextHolder
;
27 /** Provides base method for executing code with system authorization. */
28 public abstract class AbstractSystemExecution
{
30 // Forces Spring Security to use inheritable strategy
31 // FIXME find a better place for forcing spring security mode
32 // doesn't work for the time being
33 // if (System.getProperty(SecurityContextHolder.SYSTEM_PROPERTY) ==
35 // SecurityContextHolder
36 // .setStrategyName(SecurityContextHolder.MODE_INHERITABLETHREADLOCAL);
39 private final static Log log
= LogFactory
40 .getLog(AbstractSystemExecution
.class);
41 private AuthenticationManager authenticationManager
;
42 private String systemAuthenticationKey
;
44 /** Whether the current thread was authenticated by this component. */
45 private ThreadLocal
<Boolean
> authenticatedBySelf
= new ThreadLocal
<Boolean
>() {
46 protected Boolean
initialValue() {
52 * Authenticate the calling thread to the underlying
53 * {@link AuthenticationManager}
55 protected void authenticateAsSystem() {
56 if (authenticatedBySelf
.get())
58 SecurityContext securityContext
= SecurityContextHolder
.getContext();
59 Authentication currentAuth
= securityContext
.getAuthentication();
60 if (currentAuth
!= null) {
61 if (!(currentAuth
instanceof SystemAuthentication
))
62 throw new ArgeoException(
63 "System execution on an already authenticated thread: "
64 + currentAuth
+ ", THREAD="
65 + Thread
.currentThread().getId());
68 // Subject subject = Subject.getSubject(AccessController.getContext());
69 // if (subject != null
70 // && !subject.getPrincipals(Authentication.class).isEmpty())
71 // throw new ArgeoException(
72 // "There is already an authenticated subject: " + subject);
74 String key
= systemAuthenticationKey
!= null ? systemAuthenticationKey
76 SystemAuthentication
.SYSTEM_KEY_PROPERTY
,
77 InternalAuthentication
.SYSTEM_KEY_DEFAULT
);
79 throw new ArgeoException("No system key defined");
80 if (authenticationManager
== null)
81 throw new ArgeoException("Authentication manager cannot be null.");
82 Authentication auth
= authenticationManager
83 .authenticate(new InternalAuthentication(key
));
84 securityContext
.setAuthentication(auth
);
86 authenticatedBySelf
.set(true);
87 if (log
.isTraceEnabled())
88 log
.trace("System authenticated");
91 // /** Removes the authentication from the calling thread. */
92 // protected void deauthenticateAsSystem() {
93 // // remove the authentication
94 // // SecurityContext securityContext = SecurityContextHolder.getContext();
95 // // securityContext.setAuthentication(null);
96 // // authenticatedBySelf.set(false);
97 // if (log.isTraceEnabled()) {
98 // log.trace("System deauthenticated");
99 // // Thread.dumpStack();
104 * Whether the current thread was authenticated by this component or a
107 protected Boolean
isAuthenticatedBySelf() {
108 return authenticatedBySelf
.get();
111 public void setAuthenticationManager(
112 AuthenticationManager authenticationManager
) {
113 this.authenticationManager
= authenticationManager
;
116 public void setSystemAuthenticationKey(String systemAuthenticationKey
) {
117 this.systemAuthenticationKey
= systemAuthenticationKey
;