org.argeo.security.core/src/org/argeo/security/core/AuthenticatedApplicationContextInitialization.java

   1 /*
   2  * Copyright (C) 2007-2012 Argeo GmbH
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *         http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16 package org.argeo.security.core;
  17
  18 import java.beans.PropertyDescriptor;
  19 import java.security.AccessController;
  20 import java.security.PrivilegedAction;
  21 import java.util.ArrayList;
  22 import java.util.List;
  23
  24 import javax.security.auth.Subject;
  25
  26 import org.eclipse.gemini.blueprint.context.DependencyInitializationAwareBeanPostProcessor;
  27 import org.springframework.beans.BeansException;
  28 import org.springframework.beans.PropertyValues;
  29 import org.springframework.beans.factory.support.AbstractBeanFactory;
  30 import org.springframework.beans.factory.support.SecurityContextProvider;
  31 import org.springframework.beans.factory.support.SimpleSecurityContextProvider;
  32 import org.springframework.context.ApplicationContext;
  33 import org.springframework.context.ApplicationContextAware;
  34 import org.springframework.context.ApplicationEvent;
  35 import org.springframework.context.ApplicationListener;
  36 import org.springframework.context.event.ContextRefreshedEvent;
  37
  38 /**
  39  * Executes with a system authentication the instantiation and initialization
  40  * methods of the application context where it has been defined.
  41  */
  42 public class AuthenticatedApplicationContextInitialization extends
  43                 AbstractSystemExecution implements DependencyInitializationAwareBeanPostProcessor,
  44                 ApplicationListener<ApplicationEvent>, ApplicationContextAware {
  45         // private Log log = LogFactory
  46         // .getLog(AuthenticatedApplicationContextInitialization.class);
  47         /** If non empty, restricts to these beans */
  48         private List<String> beanNames = new ArrayList<String>();
  49
  50 //      @SuppressWarnings("rawtypes")
  51 //      public Object postProcessBeforeInstantiation(Class beanClass,
  52 //                      String beanName) throws BeansException {
  53 //              // we authenticate when any bean is instantiated
  54 //              // we will deauthenticate only when the application context has been
  55 //              // refreshed in order to be able to deal with factory beans has well
  56 //              // if (!isAuthenticatedBySelf()) {
  57 //              // if (beanNames.size() == 0)
  58 //              // authenticateAsSystem();
  59 //              // else if (beanNames.contains(beanName))
  60 //              // authenticateAsSystem();
  61 //              // }
  62 //              return null;
  63 //      }
  64 //
  65 //      public boolean postProcessAfterInstantiation(Object bean, String beanName)
  66 //                      throws BeansException {
  67 //              return true;
  68 //      }
  69 //
  70 //      public PropertyValues postProcessPropertyValues(PropertyValues pvs,
  71 //                      PropertyDescriptor[] pds, Object bean, String beanName)
  72 //                      throws BeansException {
  73 //              return pvs;
  74 //      }
  75
  76         public Object postProcessBeforeInitialization(Object bean, String beanName)
  77                         throws BeansException {
  78                 if (beanNames.size() == 0 || beanNames.contains(beanName))
  79                         authenticateAsSystem();
  80                 // try {
  81                 // if (beanNames.size() == 0 || beanNames.contains(beanName)) {
  82                 // LoginContext lc = new LoginContext("INIT", subject);
  83                 // lc.login();
  84                 // }
  85                 // } catch (LoginException e) {
  86                 // throw new ArgeoException("Cannot login as initialization", e);
  87                 // }
  88                 return bean;
  89         }
  90
  91         public Object postProcessAfterInitialization(Object bean, String beanName)
  92                         throws BeansException {
  93                 // NOTE: in case there was an exception in on the initialization method
  94                 // we expect the underlying thread to die and thus the system
  95                 // authentication to be lost. We have currently no way to catch the
  96                 // exception and perform the deauthentication by ourselves.
  97                 if (beanNames.size() == 0 || beanNames.contains(beanName))
  98                         deauthenticateAsSystem();
  99                 // try {
 100                 // if (beanNames.size() == 0 || beanNames.contains(beanName)) {
 101                 // LoginContext lc = new LoginContext("INIT", subject);
 102                 // lc.logout();
 103                 // }
 104                 // } catch (LoginException e) {
 105                 // // TODO Auto-generated catch block
 106                 // e.printStackTrace();
 107                 // }
 108                 return bean;
 109         }
 110
 111         public void onApplicationEvent(ApplicationEvent event) {
 112                 if (event instanceof ContextRefreshedEvent) {
 113                         // make sure that we have deauthenticated after the application
 114                         // context was initialized/refreshed
 115                         // deauthenticateAsSystem();
 116                 }
 117         }
 118
 119         public void setBeanNames(List<String> beanNames) {
 120                 this.beanNames = beanNames;
 121         }
 122
 123         @Override
 124         public void setApplicationContext(ApplicationContext applicationContext)
 125                         throws BeansException {
 126                 if (applicationContext.getAutowireCapableBeanFactory() instanceof AbstractBeanFactory) {
 127                         final AbstractBeanFactory beanFactory = ((AbstractBeanFactory) applicationContext
 128                                         .getAutowireCapableBeanFactory());
 129                         // retrieve subject's access control context
 130                         // and set it as the bean factory security context
 131                         Subject.doAs(getSubject(), new PrivilegedAction<Void>() {
 132                                 @Override
 133                                 public Void run() {
 134                                         SecurityContextProvider scp = new SimpleSecurityContextProvider(
 135                                                         AccessController.getContext());
 136                                         beanFactory.setSecurityContextProvider(scp);
 137                                         return null;
 138                                 }
 139                         });
 140                 }
 141         }
 142 }