Introduce system authenticated bean post processing

[lgpl/argeo-commons.git] / security / runtime / org.argeo.security.core / src / main / java / org / argeo / security / core / KeyBasedSystemExecutionService.java

diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/KeyBasedSystemExecutionService.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/KeyBasedSystemExecutionService.java
index b2dfc4a2439922cbd795d3c6c1522444130903c2..07ae046539c93ca5dd8f2deddf9c6ee62db4b7c6 100644 (file)
--- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/KeyBasedSystemExecutionService.java
+++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/KeyBasedSystemExecutionService.java
@@ -1,28 +1,19 @@
 package org.argeo.security.core;
 
-import java.security.AccessController;
 import java.util.concurrent.Callable;
 import java.util.concurrent.Executors;
 import java.util.concurrent.Future;
 import java.util.concurrent.FutureTask;
 
-import javax.security.auth.Subject;
-
 import org.argeo.ArgeoException;
 import org.argeo.security.SystemExecutionService;
-import org.springframework.security.Authentication;
-import org.springframework.security.AuthenticationManager;
-import org.springframework.security.context.SecurityContext;
-import org.springframework.security.context.SecurityContextHolder;
 
 /**
  * Implementation of a {@link SystemExecutionService} using a key-based
  * {@link InternalAuthentication}
  */
-public class KeyBasedSystemExecutionService implements SystemExecutionService {
-       private AuthenticationManager authenticationManager;
-       private String systemAuthenticationKey;
-
+public class KeyBasedSystemExecutionService extends AbstractSystemExecution
+               implements SystemExecutionService {
        public void execute(Runnable runnable) {
                try {
                        wrapWithSystemAuthentication(Executors.callable(runnable)).call();
@@ -44,46 +35,13 @@ public class KeyBasedSystemExecutionService implements SystemExecutionService {
                return new Callable<T>() {
 
                        public T call() throws Exception {
-                               SecurityContext securityContext = SecurityContextHolder
-                                               .getContext();
-                               Authentication currentAuth = securityContext
-                                               .getAuthentication();
-                               if (currentAuth != null)
-                                       throw new ArgeoException(
-                                                       "System execution on an already authenticated thread: "
-                                                                       + currentAuth + ", THREAD="
-                                                                       + Thread.currentThread().getId());
-
-                               Subject subject = Subject.getSubject(AccessController
-                                               .getContext());
-                               if (subject != null
-                                               && !subject.getPrincipals(Authentication.class)
-                                                               .isEmpty())
-                                       throw new ArgeoException(
-                                                       "There is already an authenticated subject: "
-                                                                       + subject);
-
-                               Authentication auth = authenticationManager
-                                               .authenticate(new InternalAuthentication(
-                                                               systemAuthenticationKey));
-                               securityContext.setAuthentication(auth);
+                               authenticateAsSystem();
                                try {
                                        return runnable.call();
                                } finally {
-                                       // remove the authentication
-                                       securityContext.setAuthentication(null);
+                                       deauthenticateAsSystem();
                                }
                        }
                };
        }
-
-       public void setAuthenticationManager(
-                       AuthenticationManager authenticationManager) {
-               this.authenticationManager = authenticationManager;
-       }
-
-       public void setSystemAuthenticationKey(String systemAuthenticationKey) {
-               this.systemAuthenticationKey = systemAuthenticationKey;
-       }
-
 }