X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.security.core%2Fsrc%2Forg%2Fargeo%2Fsecurity%2Fcore%2FAbstractSystemExecution.java;fp=org.argeo.security.core%2Fsrc%2Forg%2Fargeo%2Fsecurity%2Fcore%2FAbstractSystemExecution.java;h=b84f3de00e6819139292d613cddc504b0cacdb7b;hb=10ed6557c631d5feee8541badd0c9f16a9e791c6;hp=0000000000000000000000000000000000000000;hpb=864072113f7a44fd2a291a4cb50659d6e67f8c29;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.security.core/src/org/argeo/security/core/AbstractSystemExecution.java b/org.argeo.security.core/src/org/argeo/security/core/AbstractSystemExecution.java new file mode 100644 index 000000000..b84f3de00 --- /dev/null +++ b/org.argeo.security.core/src/org/argeo/security/core/AbstractSystemExecution.java @@ -0,0 +1,116 @@ +/* + * Copyright (C) 2007-2012 Argeo GmbH + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.argeo.security.core; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.argeo.ArgeoException; +import org.argeo.security.SystemAuthentication; +import org.springframework.security.Authentication; +import org.springframework.security.AuthenticationManager; +import org.springframework.security.context.SecurityContext; +import org.springframework.security.context.SecurityContextHolder; + +/** Provides base method for executing code with system authorization. */ +public abstract class AbstractSystemExecution { + static { + // Forces Spring Security to use inheritable strategy + // FIXME find a better place for forcing spring security mode + // doesn't work for the time being +// if (System.getProperty(SecurityContextHolder.SYSTEM_PROPERTY) == null) +// SecurityContextHolder +// .setStrategyName(SecurityContextHolder.MODE_INHERITABLETHREADLOCAL); + } + + private final static Log log = LogFactory + .getLog(AbstractSystemExecution.class); + private AuthenticationManager authenticationManager; + private String systemAuthenticationKey; + + /** Whether the current thread was authenticated by this component. */ + private ThreadLocal authenticatedBySelf = new ThreadLocal() { + protected Boolean initialValue() { + return false; + } + }; + + /** + * Authenticate the calling thread to the underlying + * {@link AuthenticationManager} + */ + protected void authenticateAsSystem() { + if (authenticatedBySelf.get()) + return; + SecurityContext securityContext = SecurityContextHolder.getContext(); + Authentication currentAuth = securityContext.getAuthentication(); + if (currentAuth != null) { + if (!(currentAuth instanceof SystemAuthentication)) + throw new ArgeoException( + "System execution on an already authenticated thread: " + + currentAuth + ", THREAD=" + + Thread.currentThread().getId()); + return; + } + // Subject subject = Subject.getSubject(AccessController.getContext()); + // if (subject != null + // && !subject.getPrincipals(Authentication.class).isEmpty()) + // throw new ArgeoException( + // "There is already an authenticated subject: " + subject); + + String key = systemAuthenticationKey != null ? systemAuthenticationKey + : System.getProperty( + InternalAuthentication.SYSTEM_KEY_PROPERTY, + InternalAuthentication.SYSTEM_KEY_DEFAULT); + if (key == null) + throw new ArgeoException("No system key defined"); + Authentication auth = authenticationManager + .authenticate(new InternalAuthentication(key)); + securityContext.setAuthentication(auth); + authenticatedBySelf.set(true); + if (log.isTraceEnabled()) + log.trace("System authenticated"); + } + + // /** Removes the authentication from the calling thread. */ + // protected void deauthenticateAsSystem() { + // // remove the authentication + // // SecurityContext securityContext = SecurityContextHolder.getContext(); + // // securityContext.setAuthentication(null); + // // authenticatedBySelf.set(false); + // if (log.isTraceEnabled()) { + // log.trace("System deauthenticated"); + // // Thread.dumpStack(); + // } + // } + + /** + * Whether the current thread was authenticated by this component or a + * parent thread. + */ + protected Boolean isAuthenticatedBySelf() { + return authenticatedBySelf.get(); + } + + public void setAuthenticationManager( + AuthenticationManager authenticationManager) { + this.authenticationManager = authenticationManager; + } + + public void setSystemAuthenticationKey(String systemAuthenticationKey) { + this.systemAuthenticationKey = systemAuthenticationKey; + } + +}