org.argeo.security.core/src/org/argeo/security/core/AbstractSystemExecution.java

   1 /*
   2  * Copyright (C) 2007-2012 Argeo GmbH
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *         http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16 package org.argeo.security.core;
  17
  18 import javax.security.auth.Subject;
  19 import javax.security.auth.login.LoginContext;
  20 import javax.security.auth.login.LoginException;
  21
  22 import org.apache.commons.logging.Log;
  23 import org.apache.commons.logging.LogFactory;
  24 import org.argeo.ArgeoException;
  25 import org.springframework.security.authentication.AuthenticationManager;
  26
  27 /** Provides base method for executing code with system authorization. */
  28 public abstract class AbstractSystemExecution {
  29         private final static Log log = LogFactory
  30                         .getLog(AbstractSystemExecution.class);
  31         // private AuthenticationManager authenticationManager;
  32         private final Subject subject = new Subject();
  33         // private String systemAuthenticationKey;
  34
  35         private final String loginModule = "SYSTEM";
  36
  37         /** Whether the current thread was authenticated by this component. */
  38         // private ThreadLocal<Boolean> authenticatedBySelf = new
  39         // ThreadLocal<Boolean>() {
  40         // protected Boolean initialValue() {
  41         // return false;
  42         // }
  43         // };
  44
  45         /**
  46          * Authenticate the calling thread to the underlying
  47          * {@link AuthenticationManager}
  48          */
  49         protected void authenticateAsSystem() {
  50                 try {
  51                         LoginContext lc = new LoginContext(loginModule, subject);
  52                         lc.login();
  53                 } catch (LoginException e) {
  54                         throw new ArgeoException("Cannot login as system", e);
  55                 }
  56                 // if (authenticatedBySelf.get())
  57                 // return;
  58                 // SecurityContext securityContext = SecurityContextHolder.getContext();
  59                 // Authentication currentAuth = securityContext.getAuthentication();
  60                 // if (currentAuth != null) {
  61                 // if (!(currentAuth instanceof SystemAuthentication))
  62                 // throw new ArgeoException(
  63                 // "System execution on an already authenticated thread: "
  64                 // + currentAuth + ", THREAD="
  65                 // + Thread.currentThread().getId());
  66                 // return;
  67                 // }
  68                 //
  69                 // String key = systemAuthenticationKey != null ?
  70                 // systemAuthenticationKey
  71                 // : System.getProperty(
  72                 // SystemAuthentication.SYSTEM_KEY_PROPERTY,
  73                 // InternalAuthentication.SYSTEM_KEY_DEFAULT);
  74                 // if (key == null)
  75                 // throw new ArgeoException("No system key defined");
  76                 // if (authenticationManager == null)
  77                 // throw new ArgeoException("Authentication manager cannot be null.");
  78                 // Authentication auth = authenticationManager
  79                 // .authenticate(new InternalAuthentication(key));
  80                 // securityContext.setAuthentication(auth);
  81                 //
  82                 // authenticatedBySelf.set(true);
  83                 if (log.isTraceEnabled())
  84                         log.trace("System authenticated");
  85         }
  86
  87         protected void deauthenticateAsSystem() {
  88                 try {
  89                         LoginContext lc = new LoginContext(loginModule, subject);
  90                         lc.logout();
  91                 } catch (LoginException e) {
  92                         throw new ArgeoException("Cannot logout as system", e);
  93                 }
  94         }
  95
  96         protected Subject getSubject() {
  97                 return subject;
  98         }
  99
 100         // /**
 101         // * Whether the current thread was authenticated by this component or a
 102         // * parent thread.
 103         // */
 104         // protected Boolean isAuthenticatedBySelf() {
 105         // return authenticatedBySelf.get();
 106         // }
 107         //
 108         public void setAuthenticationManager(
 109                         AuthenticationManager authenticationManager) {
 110                 log.warn("Use of authenticationManager is deprecated, remove this property from the configuration.");
 111         }
 112
 113         public void setSystemAuthenticationKey(String systemAuthenticationKey) {
 114                 log.warn("Use of systemAuthenticationKey is deprecated, remove this property from the configuration.");
 115                 // this.systemAuthenticationKey = systemAuthenticationKey;
 116         }
 117 }