X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.slc.core%2Fsrc%2Forg%2Fargeo%2Fslc%2Fcore%2Fexecution%2FExecutionThread.java;fp=org.argeo.slc.core%2Fsrc%2Forg%2Fargeo%2Fslc%2Fcore%2Fexecution%2FExecutionThread.java;h=31e952d4afd5804cbc1e4e7c3de4bab20ac681a5;hb=2a00e308e58352d94abdd740415ca5ed34e7bdfb;hp=f29e2938fd6fedf22b4c47b81f8d16523e11cb57;hpb=cfd44de144e99014f7cff67c5b548b1828d25798;p=gpl%2Fargeo-slc.git

diff --git a/org.argeo.slc.core/src/org/argeo/slc/core/execution/ExecutionThread.java b/org.argeo.slc.core/src/org/argeo/slc/core/execution/ExecutionThread.java
index f29e2938f..31e952d4a 100644
--- a/org.argeo.slc.core/src/org/argeo/slc/core/execution/ExecutionThread.java
+++ b/org.argeo.slc.core/src/org/argeo/slc/core/execution/ExecutionThread.java
@@ -15,11 +15,18 @@
  */
 package org.argeo.slc.core.execution;
 
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
 import java.util.ArrayList;
 import java.util.List;
 
+import javax.security.auth.Subject;
+
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.argeo.slc.SlcException;
 import org.argeo.slc.execution.ExecutionFlowDescriptor;
 import org.argeo.slc.execution.ExecutionModulesManager;
 import org.argeo.slc.execution.ExecutionStep;
@@ -32,65 +39,70 @@ public class ExecutionThread extends Thread {
 
 	private ExecutionModulesManager executionModulesManager;
 	private final RealizedFlow realizedFlow;
+	private final AccessControlContext accessControlContext;
 
 	private List<Runnable> destructionCallbacks = new ArrayList<Runnable>();
 
-	public ExecutionThread(ProcessThreadGroup processThreadGroup,
-			ExecutionModulesManager executionModulesManager,
+	public ExecutionThread(ProcessThreadGroup processThreadGroup, ExecutionModulesManager executionModulesManager,
 			RealizedFlow realizedFlow) {
-		super(processThreadGroup, "Flow "
-				+ realizedFlow.getFlowDescriptor().getName());
+		super(processThreadGroup, "Flow " + realizedFlow.getFlowDescriptor().getName());
 		this.realizedFlow = realizedFlow;
 		this.executionModulesManager = executionModulesManager;
+		accessControlContext = AccessController.getContext();
 	}
 
 	public void run() {
 		// authenticate thread
-//		Authentication authentication = getProcessThreadGroup()
-//				.getAuthentication();
-//		if (authentication == null)
-//			throw new SlcException("Can only execute authenticated threads");
-//		SecurityContextHolder.getContext().setAuthentication(authentication);
+		// Authentication authentication = getProcessThreadGroup()
+		// .getAuthentication();
+		// if (authentication == null)
+		// throw new SlcException("Can only execute authenticated threads");
+		// SecurityContextHolder.getContext().setAuthentication(authentication);
 
 		// Retrieve execution flow descriptor
-		ExecutionFlowDescriptor executionFlowDescriptor = realizedFlow
-				.getFlowDescriptor();
+		ExecutionFlowDescriptor executionFlowDescriptor = realizedFlow.getFlowDescriptor();
 		String flowName = executionFlowDescriptor.getName();
 
 		getProcessThreadGroup().dispatchAddStep(
-				new ExecutionStep(realizedFlow.getModuleName(),
-						ExecutionStep.PHASE_START, "Flow " + flowName));
+				new ExecutionStep(realizedFlow.getModuleName(), ExecutionStep.PHASE_START, "Flow " + flowName));
 
 		try {
-			String autoUpgrade = System
-					.getProperty(SYSPROP_EXECUTION_AUTO_UPGRADE);
-			if (autoUpgrade != null && autoUpgrade.equals("true"))
-				executionModulesManager.upgrade(realizedFlow
-						.getModuleNameVersion());
-			executionModulesManager.start(realizedFlow.getModuleNameVersion());
-			//
-			// START FLOW
-			//
-			executionModulesManager.execute(realizedFlow);
-			// END FLOW
+			Subject subject = Subject.getSubject(accessControlContext);
+			try {
+				Subject.doAs(subject, new PrivilegedExceptionAction<Void>() {
+
+					@Override
+					public Void run() throws Exception {
+						String autoUpgrade = System.getProperty(SYSPROP_EXECUTION_AUTO_UPGRADE);
+						if (autoUpgrade != null && autoUpgrade.equals("true"))
+							executionModulesManager.upgrade(realizedFlow.getModuleNameVersion());
+						executionModulesManager.start(realizedFlow.getModuleNameVersion());
+						//
+						// START FLOW
+						//
+						executionModulesManager.execute(realizedFlow);
+						// END FLOW
+						return null;
+					}
+
+				});
+			} catch (PrivilegedActionException privilegedActionException) {
+				throw (Exception) privilegedActionException.getCause();
+			}
 		} catch (FlowConfigurationException e) {
-			String msg = "Configuration problem with flow " + flowName + ":\n"
-					+ e.getMessage();
+			String msg = "Configuration problem with flow " + flowName + ":\n" + e.getMessage();
 			log.error(msg);
 			getProcessThreadGroup().dispatchAddStep(
-					new ExecutionStep(realizedFlow.getModuleName(),
-							ExecutionStep.ERROR, msg + " " + e.getMessage()));
+					new ExecutionStep(realizedFlow.getModuleName(), ExecutionStep.ERROR, msg + " " + e.getMessage()));
 		} catch (Exception e) {
 			// TODO: re-throw exception ?
 			String msg = "Execution of flow " + flowName + " failed.";
 			log.error(msg, e);
 			getProcessThreadGroup().dispatchAddStep(
-					new ExecutionStep(realizedFlow.getModuleName(),
-							ExecutionStep.ERROR, msg + " " + e.getMessage()));
+					new ExecutionStep(realizedFlow.getModuleName(), ExecutionStep.ERROR, msg + " " + e.getMessage()));
 		} finally {
 			getProcessThreadGroup().dispatchAddStep(
-					new ExecutionStep(realizedFlow.getModuleName(),
-							ExecutionStep.PHASE_END, "Flow " + flowName));
+					new ExecutionStep(realizedFlow.getModuleName(), ExecutionStep.PHASE_END, "Flow " + flowName));
 			processDestructionCallbacks();
 		}
 	}
@@ -100,8 +112,7 @@ public class ExecutionThread extends Thread {
 			try {
 				destructionCallbacks.get(i).run();
 			} catch (Exception e) {
-				log.warn("Could not process destruction callback " + i
-						+ " in thread " + getName(), e);
+				log.warn("Could not process destruction callback " + i + " in thread " + getName(), e);
 			}
 		}
 	}