2 * Copyright (C) 2007-2012 Argeo GmbH
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
16 package org
.argeo
.security
.core
;
18 import java
.beans
.PropertyDescriptor
;
19 import java
.security
.AccessController
;
20 import java
.security
.PrivilegedAction
;
21 import java
.util
.ArrayList
;
22 import java
.util
.List
;
24 import javax
.security
.auth
.Subject
;
26 import org
.eclipse
.gemini
.blueprint
.context
.DependencyInitializationAwareBeanPostProcessor
;
27 import org
.springframework
.beans
.BeansException
;
28 import org
.springframework
.beans
.PropertyValues
;
29 import org
.springframework
.beans
.factory
.support
.AbstractBeanFactory
;
30 import org
.springframework
.beans
.factory
.support
.SecurityContextProvider
;
31 import org
.springframework
.beans
.factory
.support
.SimpleSecurityContextProvider
;
32 import org
.springframework
.context
.ApplicationContext
;
33 import org
.springframework
.context
.ApplicationContextAware
;
34 import org
.springframework
.context
.ApplicationEvent
;
35 import org
.springframework
.context
.ApplicationListener
;
36 import org
.springframework
.context
.event
.ContextRefreshedEvent
;
39 * Executes with a system authentication the instantiation and initialization
40 * methods of the application context where it has been defined.
42 public class AuthenticatedApplicationContextInitialization
extends
43 AbstractSystemExecution
implements DependencyInitializationAwareBeanPostProcessor
,
44 ApplicationListener
<ApplicationEvent
>, ApplicationContextAware
{
45 // private Log log = LogFactory
46 // .getLog(AuthenticatedApplicationContextInitialization.class);
47 /** If non empty, restricts to these beans */
48 private List
<String
> beanNames
= new ArrayList
<String
>();
50 // @SuppressWarnings("rawtypes")
51 // public Object postProcessBeforeInstantiation(Class beanClass,
52 // String beanName) throws BeansException {
53 // // we authenticate when any bean is instantiated
54 // // we will deauthenticate only when the application context has been
55 // // refreshed in order to be able to deal with factory beans has well
56 // // if (!isAuthenticatedBySelf()) {
57 // // if (beanNames.size() == 0)
58 // // authenticateAsSystem();
59 // // else if (beanNames.contains(beanName))
60 // // authenticateAsSystem();
65 // public boolean postProcessAfterInstantiation(Object bean, String beanName)
66 // throws BeansException {
70 // public PropertyValues postProcessPropertyValues(PropertyValues pvs,
71 // PropertyDescriptor[] pds, Object bean, String beanName)
72 // throws BeansException {
76 public Object
postProcessBeforeInitialization(Object bean
, String beanName
)
77 throws BeansException
{
78 if (beanNames
.size() == 0 || beanNames
.contains(beanName
))
79 authenticateAsSystem();
81 // if (beanNames.size() == 0 || beanNames.contains(beanName)) {
82 // LoginContext lc = new LoginContext("INIT", subject);
85 // } catch (LoginException e) {
86 // throw new ArgeoException("Cannot login as initialization", e);
91 public Object
postProcessAfterInitialization(Object bean
, String beanName
)
92 throws BeansException
{
93 // NOTE: in case there was an exception in on the initialization method
94 // we expect the underlying thread to die and thus the system
95 // authentication to be lost. We have currently no way to catch the
96 // exception and perform the deauthentication by ourselves.
97 if (beanNames
.size() == 0 || beanNames
.contains(beanName
))
98 deauthenticateAsSystem();
100 // if (beanNames.size() == 0 || beanNames.contains(beanName)) {
101 // LoginContext lc = new LoginContext("INIT", subject);
104 // } catch (LoginException e) {
105 // // TODO Auto-generated catch block
106 // e.printStackTrace();
111 public void onApplicationEvent(ApplicationEvent event
) {
112 if (event
instanceof ContextRefreshedEvent
) {
113 // make sure that we have deauthenticated after the application
114 // context was initialized/refreshed
115 // deauthenticateAsSystem();
119 public void setBeanNames(List
<String
> beanNames
) {
120 this.beanNames
= beanNames
;
124 public void setApplicationContext(ApplicationContext applicationContext
)
125 throws BeansException
{
126 if (applicationContext
.getAutowireCapableBeanFactory() instanceof AbstractBeanFactory
) {
127 final AbstractBeanFactory beanFactory
= ((AbstractBeanFactory
) applicationContext
128 .getAutowireCapableBeanFactory());
129 // retrieve subject's access control context
130 // and set it as the bean factory security context
131 Subject
.doAs(getSubject(), new PrivilegedAction
<Void
>() {
134 SecurityContextProvider scp
= new SimpleSecurityContextProvider(
135 AccessController
.getContext());
136 beanFactory
.setSecurityContextProvider(scp
);