org.argeo.security.core/src/org/argeo/security/core/AbstractSystemExecution.java

   1 /*
   2  * Copyright (C) 2007-2012 Argeo GmbH
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *         http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16 package org.argeo.security.core;
  17
  18 import org.apache.commons.logging.Log;
  19 import org.apache.commons.logging.LogFactory;
  20 import org.argeo.ArgeoException;
  21 import org.argeo.security.SystemAuthentication;
  22 import org.springframework.security.authentication.AuthenticationManager;
  23 import org.springframework.security.core.Authentication;
  24 import org.springframework.security.core.context.SecurityContext;
  25 import org.springframework.security.core.context.SecurityContextHolder;
  26
  27 /** Provides base method for executing code with system authorization. */
  28 public abstract class AbstractSystemExecution {
  29         static {
  30                 // Forces Spring Security to use inheritable strategy
  31                 // FIXME find a better place for forcing spring security mode
  32                 // doesn't work for the time being
  33                 // if (System.getProperty(SecurityContextHolder.SYSTEM_PROPERTY) ==
  34                 // null)
  35                 // SecurityContextHolder
  36                 // .setStrategyName(SecurityContextHolder.MODE_INHERITABLETHREADLOCAL);
  37         }
  38
  39         private final static Log log = LogFactory
  40                         .getLog(AbstractSystemExecution.class);
  41         private AuthenticationManager authenticationManager;
  42         private String systemAuthenticationKey;
  43
  44         /** Whether the current thread was authenticated by this component. */
  45         private ThreadLocal<Boolean> authenticatedBySelf = new ThreadLocal<Boolean>() {
  46                 protected Boolean initialValue() {
  47                         return false;
  48                 }
  49         };
  50
  51         /**
  52          * Authenticate the calling thread to the underlying
  53          * {@link AuthenticationManager}
  54          */
  55         protected void authenticateAsSystem() {
  56                 if (authenticatedBySelf.get())
  57                         return;
  58                 SecurityContext securityContext = SecurityContextHolder.getContext();
  59                 Authentication currentAuth = securityContext.getAuthentication();
  60                 if (currentAuth != null) {
  61                         if (!(currentAuth instanceof SystemAuthentication))
  62                                 throw new ArgeoException(
  63                                                 "System execution on an already authenticated thread: "
  64                                                                 + currentAuth + ", THREAD="
  65                                                                 + Thread.currentThread().getId());
  66                         return;
  67                 }
  68                 // Subject subject = Subject.getSubject(AccessController.getContext());
  69                 // if (subject != null
  70                 // && !subject.getPrincipals(Authentication.class).isEmpty())
  71                 // throw new ArgeoException(
  72                 // "There is already an authenticated subject: " + subject);
  73
  74                 String key = systemAuthenticationKey != null ? systemAuthenticationKey
  75                                 : System.getProperty(
  76                                                 SystemAuthentication.SYSTEM_KEY_PROPERTY,
  77                                                 InternalAuthentication.SYSTEM_KEY_DEFAULT);
  78                 if (key == null)
  79                         throw new ArgeoException("No system key defined");
  80                 if (authenticationManager == null)
  81                         throw new ArgeoException("Authentication manager cannot be null.");
  82                 Authentication auth = authenticationManager
  83                                 .authenticate(new InternalAuthentication(key));
  84                 securityContext.setAuthentication(auth);
  85
  86                 authenticatedBySelf.set(true);
  87                 if (log.isTraceEnabled())
  88                         log.trace("System authenticated");
  89         }
  90
  91         // /** Removes the authentication from the calling thread. */
  92         // protected void deauthenticateAsSystem() {
  93         // // remove the authentication
  94         // // SecurityContext securityContext = SecurityContextHolder.getContext();
  95         // // securityContext.setAuthentication(null);
  96         // // authenticatedBySelf.set(false);
  97         // if (log.isTraceEnabled()) {
  98         // log.trace("System deauthenticated");
  99         // // Thread.dumpStack();
 100         // }
 101         // }
 102
 103         /**
 104          * Whether the current thread was authenticated by this component or a
 105          * parent thread.
 106          */
 107         protected Boolean isAuthenticatedBySelf() {
 108                 return authenticatedBySelf.get();
 109         }
 110
 111         public void setAuthenticationManager(
 112                         AuthenticationManager authenticationManager) {
 113                 this.authenticationManager = authenticationManager;
 114         }
 115
 116         public void setSystemAuthenticationKey(String systemAuthenticationKey) {
 117                 this.systemAuthenticationKey = systemAuthenticationKey;
 118         }
 119 }