+/*
+ * Copyright (C) 2007-2012 Mathieu Baudier
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
package org.argeo.security.core;
-import java.security.AccessController;
import java.util.concurrent.Callable;
import java.util.concurrent.Executors;
import java.util.concurrent.Future;
import java.util.concurrent.FutureTask;
-import javax.security.auth.Subject;
-
import org.argeo.ArgeoException;
import org.argeo.security.SystemExecutionService;
-import org.springframework.security.Authentication;
-import org.springframework.security.AuthenticationManager;
-import org.springframework.security.context.SecurityContext;
-import org.springframework.security.context.SecurityContextHolder;
/**
* Implementation of a {@link SystemExecutionService} using a key-based
* {@link InternalAuthentication}
*/
-public class KeyBasedSystemExecutionService implements SystemExecutionService {
- private AuthenticationManager authenticationManager;
- private String systemAuthenticationKey;
-
+public class KeyBasedSystemExecutionService extends AbstractSystemExecution
+ implements SystemExecutionService {
public void execute(Runnable runnable) {
try {
wrapWithSystemAuthentication(Executors.callable(runnable)).call();
+ } catch (RuntimeException e) {
+ throw e;
} catch (Exception e) {
throw new ArgeoException(
"Exception when running system authenticated task", e);
return new Callable<T>() {
public T call() throws Exception {
- SecurityContext securityContext = SecurityContextHolder
- .getContext();
- Authentication currentAuth = securityContext
- .getAuthentication();
- if (currentAuth != null)
- throw new ArgeoException(
- "System execution on an already authenticated thread: "
- + currentAuth + ", THREAD="
- + Thread.currentThread().getId());
-
- Subject subject = Subject.getSubject(AccessController
- .getContext());
- if (subject != null
- && !subject.getPrincipals(Authentication.class)
- .isEmpty())
- throw new ArgeoException(
- "There is already an authenticated subject: "
- + subject);
-
- Authentication auth = authenticationManager
- .authenticate(new InternalAuthentication(
- systemAuthenticationKey));
- securityContext.setAuthentication(auth);
+ authenticateAsSystem();
try {
return runnable.call();
} finally {
- // remove the authentication
- securityContext.setAuthentication(null);
+// deauthenticateAsSystem();
}
}
};
}
-
- public void setAuthenticationManager(
- AuthenticationManager authenticationManager) {
- this.authenticationManager = authenticationManager;
- }
-
- public void setSystemAuthenticationKey(String systemAuthenticationKey) {
- this.systemAuthenticationKey = systemAuthenticationKey;
- }
-
}