*/
package org.argeo.security.core;
-import java.beans.PropertyDescriptor;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.List;
+import javax.security.auth.Subject;
+
+import org.eclipse.gemini.blueprint.context.DependencyInitializationAwareBeanPostProcessor;
import org.springframework.beans.BeansException;
-import org.springframework.beans.PropertyValues;
-import org.springframework.beans.factory.config.InstantiationAwareBeanPostProcessor;
-import org.springframework.context.ApplicationEvent;
-import org.springframework.context.ApplicationListener;
-import org.springframework.context.event.ContextRefreshedEvent;
+import org.springframework.beans.factory.support.AbstractBeanFactory;
+import org.springframework.beans.factory.support.SecurityContextProvider;
+import org.springframework.beans.factory.support.SimpleSecurityContextProvider;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.ApplicationContextAware;
/**
* Executes with a system authentication the instantiation and initialization
* methods of the application context where it has been defined.
*/
public class AuthenticatedApplicationContextInitialization extends
- AbstractSystemExecution implements InstantiationAwareBeanPostProcessor,
- ApplicationListener<ApplicationEvent> {
- // private Log log = LogFactory
- // .getLog(AuthenticatedApplicationContextInitialization.class);
+ AbstractSystemExecution implements
+ DependencyInitializationAwareBeanPostProcessor, ApplicationContextAware {
/** If non empty, restricts to these beans */
private List<String> beanNames = new ArrayList<String>();
- @SuppressWarnings("rawtypes")
- public Object postProcessBeforeInstantiation(Class beanClass,
- String beanName) throws BeansException {
- // we authenticate when any bean is instantiated
- // we will deauthenticate only when the application context has been
- // refreshed in order to be able to deal with factory beans has well
- if (!isAuthenticatedBySelf()) {
- if (beanNames.size() == 0)
- authenticateAsSystem();
- else if (beanNames.contains(beanName))
- authenticateAsSystem();
- }
- return null;
- }
-
- public boolean postProcessAfterInstantiation(Object bean, String beanName)
- throws BeansException {
- return true;
- }
-
- public PropertyValues postProcessPropertyValues(PropertyValues pvs,
- PropertyDescriptor[] pds, Object bean, String beanName)
- throws BeansException {
- return pvs;
- }
-
public Object postProcessBeforeInitialization(Object bean, String beanName)
throws BeansException {
+ if (beanNames.size() == 0 || beanNames.contains(beanName))
+ authenticateAsSystem();
return bean;
}
public Object postProcessAfterInitialization(Object bean, String beanName)
throws BeansException {
- // NOTE: in case there was an exception in on the initialization method
- // we expect the underlying thread to die and thus the system
- // authentication to be lost. We have currently no way to catch the
- // exception and perform the deauthentication by ourselves.
- // deauthenticateAsSystem();
+ if (beanNames.size() == 0 || beanNames.contains(beanName))
+ deauthenticateAsSystem();
return bean;
}
- public void onApplicationEvent(ApplicationEvent event) {
- if (event instanceof ContextRefreshedEvent) {
- // make sure that we have deauthenticated after the application
- // context was initialized/refreshed
- // deauthenticateAsSystem();
- }
- }
-
public void setBeanNames(List<String> beanNames) {
this.beanNames = beanNames;
}
+ @Override
+ public void setApplicationContext(ApplicationContext applicationContext)
+ throws BeansException {
+ if (applicationContext.getAutowireCapableBeanFactory() instanceof AbstractBeanFactory) {
+ final AbstractBeanFactory beanFactory = ((AbstractBeanFactory) applicationContext
+ .getAutowireCapableBeanFactory());
+ // retrieve subject's access control context
+ // and set it as the bean factory security context
+ Subject.doAs(getSubject(), new PrivilegedAction<Void>() {
+ @Override
+ public Void run() {
+ SecurityContextProvider scp = new SimpleSecurityContextProvider(
+ AccessController.getContext());
+ beanFactory.setSecurityContextProvider(scp);
+ return null;
+ }
+ });
+ }
+ }
}