X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.security.core%2Fsrc%2Forg%2Fargeo%2Fsecurity%2Fcore%2FAuthenticatedApplicationContextInitialization.java;h=aa3827c928082cc0d36f0f1ca6f8d943a3d6af14;hb=86140b8db15a11cfd942892eface6a4f90329a41;hp=5faa2a75110f265621290e7a04cb84294c0ffbde;hpb=759a7c0396796565b231738b855c8b0a8413be6b;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.security.core/src/org/argeo/security/core/AuthenticatedApplicationContextInitialization.java b/org.argeo.security.core/src/org/argeo/security/core/AuthenticatedApplicationContextInitialization.java index 5faa2a751..aa3827c92 100644 --- a/org.argeo.security.core/src/org/argeo/security/core/AuthenticatedApplicationContextInitialization.java +++ b/org.argeo.security.core/src/org/argeo/security/core/AuthenticatedApplicationContextInitialization.java @@ -15,80 +15,66 @@ */ package org.argeo.security.core; -import java.beans.PropertyDescriptor; +import java.security.AccessController; +import java.security.PrivilegedAction; import java.util.ArrayList; import java.util.List; +import javax.security.auth.Subject; + +import org.eclipse.gemini.blueprint.context.DependencyInitializationAwareBeanPostProcessor; import org.springframework.beans.BeansException; -import org.springframework.beans.PropertyValues; -import org.springframework.beans.factory.config.InstantiationAwareBeanPostProcessor; -import org.springframework.context.ApplicationEvent; -import org.springframework.context.ApplicationListener; -import org.springframework.context.event.ContextRefreshedEvent; +import org.springframework.beans.factory.support.AbstractBeanFactory; +import org.springframework.beans.factory.support.SecurityContextProvider; +import org.springframework.beans.factory.support.SimpleSecurityContextProvider; +import org.springframework.context.ApplicationContext; +import org.springframework.context.ApplicationContextAware; /** * Executes with a system authentication the instantiation and initialization * methods of the application context where it has been defined. */ public class AuthenticatedApplicationContextInitialization extends - AbstractSystemExecution implements InstantiationAwareBeanPostProcessor, - ApplicationListener { - // private Log log = LogFactory - // .getLog(AuthenticatedApplicationContextInitialization.class); + AbstractSystemExecution implements + DependencyInitializationAwareBeanPostProcessor, ApplicationContextAware { /** If non empty, restricts to these beans */ private List beanNames = new ArrayList(); - @SuppressWarnings("rawtypes") - public Object postProcessBeforeInstantiation(Class beanClass, - String beanName) throws BeansException { - // we authenticate when any bean is instantiated - // we will deauthenticate only when the application context has been - // refreshed in order to be able to deal with factory beans has well - if (!isAuthenticatedBySelf()) { - if (beanNames.size() == 0) - authenticateAsSystem(); - else if (beanNames.contains(beanName)) - authenticateAsSystem(); - } - return null; - } - - public boolean postProcessAfterInstantiation(Object bean, String beanName) - throws BeansException { - return true; - } - - public PropertyValues postProcessPropertyValues(PropertyValues pvs, - PropertyDescriptor[] pds, Object bean, String beanName) - throws BeansException { - return pvs; - } - public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException { + if (beanNames.size() == 0 || beanNames.contains(beanName)) + authenticateAsSystem(); return bean; } public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException { - // NOTE: in case there was an exception in on the initialization method - // we expect the underlying thread to die and thus the system - // authentication to be lost. We have currently no way to catch the - // exception and perform the deauthentication by ourselves. - // deauthenticateAsSystem(); + if (beanNames.size() == 0 || beanNames.contains(beanName)) + deauthenticateAsSystem(); return bean; } - public void onApplicationEvent(ApplicationEvent event) { - if (event instanceof ContextRefreshedEvent) { - // make sure that we have deauthenticated after the application - // context was initialized/refreshed - // deauthenticateAsSystem(); - } - } - public void setBeanNames(List beanNames) { this.beanNames = beanNames; } + @Override + public void setApplicationContext(ApplicationContext applicationContext) + throws BeansException { + if (applicationContext.getAutowireCapableBeanFactory() instanceof AbstractBeanFactory) { + final AbstractBeanFactory beanFactory = ((AbstractBeanFactory) applicationContext + .getAutowireCapableBeanFactory()); + // retrieve subject's access control context + // and set it as the bean factory security context + Subject.doAs(getSubject(), new PrivilegedAction() { + @Override + public Void run() { + SecurityContextProvider scp = new SimpleSecurityContextProvider( + AccessController.getContext()); + beanFactory.setSecurityContextProvider(scp); + return null; + } + }); + } + } }