From: Mathieu Baudier <mbaudier@argeo.org>
Date: Fri, 2 Mar 2012 12:08:21 +0000 (+0000)
Subject: Authenticate SLC execution threads
X-Git-Tag: argeo-slc-2.1.7~786
X-Git-Url: http://git.argeo.org/?a=commitdiff_plain;h=bf943f312a0a44eccbbfc592be26291f63e63608;p=gpl%2Fargeo-slc.git

Authenticate SLC execution threads

git-svn-id: https://svn.argeo.org/slc/trunk@5131 4cfe0d0a-d680-48aa-b62c-e0a02a3f76cc
---

diff --git a/demo/log4j.properties b/demo/log4j.properties
index f1f38c20d..2989237be 100644
--- a/demo/log4j.properties
+++ b/demo/log4j.properties
@@ -8,7 +8,7 @@ log4j.logger.org.argeo.jackrabbit.remote.ExtendedDispatcherServlet=ERROR
 log4j.logger.org.springframework.web.servlet.PageNotFound=ERROR
 log4j.logger.org.argeo.server.webextender.TomcatDeployer=WARN
 log4j.logger.org.argeo.slc.client.ui.dist=TRACE
-
+log4j.logger.org.argeo.security.core=TRACE
 #log4j.logger.org.argeo.jcr.proxy=TRACE
 
 #log4j.logger.org.apache.jackrabbit.webdav=DEBUG
diff --git a/demo/site/org.argeo.slc.demo.basic/META-INF/MANIFEST.MF b/demo/site/org.argeo.slc.demo.basic/META-INF/MANIFEST.MF
index 3df944132..00edc84d0 100644
--- a/demo/site/org.argeo.slc.demo.basic/META-INF/MANIFEST.MF
+++ b/demo/site/org.argeo.slc.demo.basic/META-INF/MANIFEST.MF
@@ -17,6 +17,7 @@ Import-Package: net.sf.cglib.core,
  org.argeo.slc.core.test.tree,
  org.argeo.slc.execution,
  org.argeo.slc.jsch,
+ org.argeo.slc.jsch.swing,
  org.argeo.slc.osgi,
  org.argeo.slc.structure,
  org.argeo.slc.test,
diff --git a/demo/site/org.argeo.slc.demo.basic/conf/systemCall.xml b/demo/site/org.argeo.slc.demo.basic/conf/systemCall.xml
index 93fcd4a7f..bb5f79fb6 100644
--- a/demo/site/org.argeo.slc.demo.basic/conf/systemCall.xml
+++ b/demo/site/org.argeo.slc.demo.basic/conf/systemCall.xml
@@ -35,7 +35,7 @@
 			<bean p:host="localhost" p:port="22" p:user="${user.name}"
 				p:localPrivateKey="${user.home}/.ssh/id_rsa" class="org.argeo.slc.jsch.SshTarget">
 				<property name="userInfo">
-					<bean class="org.argeo.slc.jsch.UiUserInfo" />
+					<bean class="org.argeo.slc.jsch.swing.SwingUserInfo" />
 				</property>
 			</bean>
 		</property>
diff --git a/demo/slc_demo_rap.properties b/demo/slc_demo_rap.properties
index 7a8d96eb6..ddb0f29ef 100644
--- a/demo/slc_demo_rap.properties
+++ b/demo/slc_demo_rap.properties
@@ -24,8 +24,10 @@ org.argeo.slc.infra.ui.rap,\
 org.argeo.slc.agent,\
 org.argeo.slc.agent.jcr,\
 org.springframework.osgi.web.extender,\
-org.argeo.slc.demo.ant,\
+
+slc.executionModules=org.argeo.slc.demo.ant,\
 org.argeo.slc.demo.basic,\
+org.argeo.slc.demo.minimal,\
 
 #slc.executionModules=org.argeo.infra.slc.rpmfactory,\
 #org.argeo.elgis.rpmfactory,\
diff --git a/demo/slc_demo_rcp.properties b/demo/slc_demo_rcp.properties
index 5d7e4dc9e..08e65ac71 100644
--- a/demo/slc_demo_rcp.properties
+++ b/demo/slc_demo_rcp.properties
@@ -6,10 +6,10 @@ org.argeo.security.dao.os,\
 org.argeo.slc.node.jackrabbit,\
 org.argeo.slc.agent,\
 org.argeo.slc.agent.jcr,\
-org.argeo.slc.demo.ant,\
+
+slc.executionModules=org.argeo.slc.demo.ant,\
 org.argeo.slc.demo.basic,\
 org.argeo.slc.demo.minimal,\
-org.argeo.elgis.rpmfactory,\
 
 eclipse.application=org.argeo.slc.client.rcp.application
 org.argeo.security.ui.initialPerspective=org.argeo.slc.client.ui.slcExecutionPerspective
diff --git a/eclipse/plugins/org.argeo.slc.client.ui/src/main/java/org/argeo/slc/client/ui/SlcExecutionPerspective.java b/eclipse/plugins/org.argeo.slc.client.ui/src/main/java/org/argeo/slc/client/ui/SlcExecutionPerspective.java
index d5ba0b0d8..f53ac7ce2 100644
--- a/eclipse/plugins/org.argeo.slc.client.ui/src/main/java/org/argeo/slc/client/ui/SlcExecutionPerspective.java
+++ b/eclipse/plugins/org.argeo.slc.client.ui/src/main/java/org/argeo/slc/client/ui/SlcExecutionPerspective.java
@@ -17,28 +17,28 @@ public class SlcExecutionPerspective implements IPerspectiveFactory {
 		// current space and the part on bottom gets the rest. Likewise, for a
 		// horizontal split, the part at left gets the specified ratio of the
 		// current space.
-//		IFolderLayout main = layout.createFolder("main", IPageLayout.RIGHT,
-//				0.3f, editorArea);
+		// IFolderLayout main = layout.createFolder("main", IPageLayout.RIGHT,
+		// 0.3f, editorArea);
 		IFolderLayout left = layout.createFolder("left", IPageLayout.LEFT,
 				0.3f, editorArea);
 
 		IFolderLayout bottom = layout.createFolder("bottom",
 				IPageLayout.BOTTOM, 0.65f, editorArea);
+		bottom.addView("org.argeo.security.ui.logView");
 		bottom.addView("org.argeo.slc.client.ui.jcrProcessListView");
 
-//		IFolderLayout topRight = layout.createFolder("topRight",
-//				IPageLayout.RIGHT, 0.6f, "main");
+		// IFolderLayout topRight = layout.createFolder("topRight",
+		// IPageLayout.RIGHT, 0.6f, "main");
 
 		// add the views to the corresponding place holder
 		left.addView("org.argeo.slc.client.ui.jcrExecutionModulesView");
 		left.addView("org.argeo.slc.client.ui.jcrResultListView");
 
-//		main.addView("org.argeo.slc.client.ui.processBuilderView");
-//		main.addPlaceholder("org.argeo.slc.client.ui.resultDetailView:UUID-*");
-//		main.addPlaceholder("org.argeo.slc.client.ui.processDetailView:UUID-*");
+		// main.addView("org.argeo.slc.client.ui.processBuilderView");
+		// main.addPlaceholder("org.argeo.slc.client.ui.resultDetailView:UUID-*");
+		// main.addPlaceholder("org.argeo.slc.client.ui.processDetailView:UUID-*");
 
-
-//		topRight.addView("org.argeo.slc.client.ui.processParametersView");
+		// topRight.addView("org.argeo.slc.client.ui.processParametersView");
 	}
 
 }
diff --git a/modules/agent/org.argeo.slc.agent/pom.xml b/modules/agent/org.argeo.slc.agent/pom.xml
index ccd133cdc..e82c797fb 100644
--- a/modules/agent/org.argeo.slc.agent/pom.xml
+++ b/modules/agent/org.argeo.slc.agent/pom.xml
@@ -9,4 +9,20 @@
 	</parent>
 	<artifactId>org.argeo.slc.agent</artifactId>
 	<name>SLC Agent</name>
+	<build>
+		<plugins>
+			<plugin>
+				<groupId>org.apache.felix</groupId>
+				<artifactId>maven-bundle-plugin</artifactId>
+				<configuration>
+					<instructions>
+						<Import-Package>
+							*,
+							org.argeo.slc.core.test.tree
+						</Import-Package>
+					</instructions>
+				</configuration>
+			</plugin>
+		</plugins>
+	</build>
 </project>
\ No newline at end of file
diff --git a/modules/agent/org.argeo.slc.ext.activemq/pom.xml b/modules/agent/org.argeo.slc.ext.activemq/pom.xml
index eaa33bc58..8e5cfc769 100644
--- a/modules/agent/org.argeo.slc.ext.activemq/pom.xml
+++ b/modules/agent/org.argeo.slc.ext.activemq/pom.xml
@@ -25,7 +25,6 @@
 							org.argeo.slc.build,
 							org.argeo.slc.core.execution,
 							org.argeo.slc.core.attachment,
-							org.argeo.slc.core.execution,
 							org.argeo.slc.core.structure,
 							org.argeo.slc.core.structure.tree,
 							org.argeo.slc.core.test,
diff --git a/modules/server/org.argeo.slc.server.repo/META-INF/spring/jcr.xml b/modules/server/org.argeo.slc.server.repo/META-INF/spring/jcr.xml
index 428dab3f0..2ac9d15e6 100644
--- a/modules/server/org.argeo.slc.server.repo/META-INF/spring/jcr.xml
+++ b/modules/server/org.argeo.slc.server.repo/META-INF/spring/jcr.xml
@@ -34,4 +34,8 @@
 		<property name="repository" ref="jcrRepository" />
 	</bean>
 
+	<bean
+		class="org.argeo.security.core.AuthenticatedApplicationContextInitialization">
+		<property name="authenticationManager" ref="authenticationManager" />
+	</bean>
 </beans>
\ No newline at end of file
diff --git a/modules/server/org.argeo.slc.server.repo/META-INF/spring/services.xml b/modules/server/org.argeo.slc.server.repo/META-INF/spring/services.xml
index 206b6d41e..57e0cf607 100644
--- a/modules/server/org.argeo.slc.server.repo/META-INF/spring/services.xml
+++ b/modules/server/org.argeo.slc.server.repo/META-INF/spring/services.xml
@@ -32,10 +32,4 @@
 		<property name="defaultRepositories" ref="defaultMavenRepositories" />
 	</bean>
 
-	<bean
-		class="org.argeo.security.core.AuthenticatedApplicationContextInitialization">
-		<property name="authenticationManager" ref="authenticationManager" />
-	</bean>
-
-
 </beans>
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index 7a8c369b7..ea34cd896 100644
--- a/pom.xml
+++ b/pom.xml
@@ -151,100 +151,100 @@ limitations under the License.
 			<url>file://${site.repoBase}/${developmentCycle.slc}/</url>
 		</site>
 	</distributionManagement>
-	<reporting>
-		<plugins>
-			<plugin>
-				<groupId>org.apache.maven.plugins</groupId>
-				<artifactId>maven-project-info-reports-plugin</artifactId>
-				<version>2.3.1</version>
-				<reportSets>
-					<reportSet>
-						<reports>
-							<report>index</report>
-							<report>summary</report>
-							<report>license</report>
-							<report>scm</report>
-							<report>issue-tracking</report>
-							<report>dependencies</report>
-						</reports>
-					</reportSet>
-					<reportSet>
-						<inherited>false</inherited>
-						<reports>
-							<report>project-team</report>
-						</reports>
-					</reportSet>
-				</reportSets>
-			</plugin>
-			<plugin>
-				<groupId>org.apache.maven.plugins</groupId>
-				<artifactId>maven-javadoc-plugin</artifactId>
-				<version>2.7</version>
-				<inherited>false</inherited>
-				<configuration>
-					<aggregate>true</aggregate>
-					<encoding>UTF-8</encoding>
-				</configuration>
-			</plugin>
-			<plugin>
-				<groupId>org.apache.maven.plugins</groupId>
-				<artifactId>maven-jxr-plugin</artifactId>
-				<version>2.2</version>
-				<configuration>
-					<aggregate>true</aggregate>
-				</configuration>
-			</plugin>
-			<plugin>
-				<groupId>org.apache.maven.plugins</groupId>
-				<artifactId>maven-surefire-report-plugin</artifactId>
-				<version>2.7.1</version>
-				<inherited>false</inherited>
-				<configuration>
-					<aggregate>true</aggregate>
-				</configuration>
-			</plugin>
-			<plugin>
-				<groupId>org.codehaus.mojo</groupId>
-				<artifactId>taglist-maven-plugin</artifactId>
-				<version>2.4</version>
-				<configuration>
-					<aggregate>true</aggregate>
-					<tags>
-						<tag>TODO</tag>
-						<tag>FIXME</tag>
-						<tag>@deprecated</tag>
-					</tags>
-				</configuration>
-			</plugin>
-			<plugin>
-				<groupId>org.apache.maven.plugins</groupId>
-				<artifactId>maven-changelog-plugin</artifactId>
-				<version>2.2</version>
-				<inherited>false</inherited>
-			</plugin>
-			<plugin>
-				<groupId>org.apache.maven.plugins</groupId>
-				<artifactId>maven-pmd-plugin</artifactId>
-				<version>2.3</version>
-				<inherited>false</inherited>
-				<configuration>
-					<linkXref>true</linkXref>
-					<targetJdk>1.5</targetJdk>
-					<aggregate>true</aggregate>
-					<excludes>
-						<exclude>**/springutil/*.java</exclude>
-					</excludes>
-				</configuration>
-				<reportSets>
-					<reportSet>
-						<reports>
-							<report>cpd</report>
-						</reports>
-					</reportSet>
-				</reportSets>
-			</plugin>
-		</plugins>
-	</reporting>
+<!-- 	<reporting> -->
+<!-- 		<plugins> -->
+<!-- 			<plugin> -->
+<!-- 				<groupId>org.apache.maven.plugins</groupId> -->
+<!-- 				<artifactId>maven-project-info-reports-plugin</artifactId> -->
+<!-- 				<version>2.3.1</version> -->
+<!-- 				<reportSets> -->
+<!-- 					<reportSet> -->
+<!-- 						<reports> -->
+<!-- 							<report>index</report> -->
+<!-- 							<report>summary</report> -->
+<!-- 							<report>license</report> -->
+<!-- 							<report>scm</report> -->
+<!-- 							<report>issue-tracking</report> -->
+<!-- 							<report>dependencies</report> -->
+<!-- 						</reports> -->
+<!-- 					</reportSet> -->
+<!-- 					<reportSet> -->
+<!-- 						<inherited>false</inherited> -->
+<!-- 						<reports> -->
+<!-- 							<report>project-team</report> -->
+<!-- 						</reports> -->
+<!-- 					</reportSet> -->
+<!-- 				</reportSets> -->
+<!-- 			</plugin> -->
+<!-- 			<plugin> -->
+<!-- 				<groupId>org.apache.maven.plugins</groupId> -->
+<!-- 				<artifactId>maven-javadoc-plugin</artifactId> -->
+<!-- 				<version>2.7</version> -->
+<!-- 				<inherited>false</inherited> -->
+<!-- 				<configuration> -->
+<!-- 					<aggregate>true</aggregate> -->
+<!-- 					<encoding>UTF-8</encoding> -->
+<!-- 				</configuration> -->
+<!-- 			</plugin> -->
+<!-- 			<plugin> -->
+<!-- 				<groupId>org.apache.maven.plugins</groupId> -->
+<!-- 				<artifactId>maven-jxr-plugin</artifactId> -->
+<!-- 				<version>2.2</version> -->
+<!-- 				<configuration> -->
+<!-- 					<aggregate>true</aggregate> -->
+<!-- 				</configuration> -->
+<!-- 			</plugin> -->
+<!-- 			<plugin> -->
+<!-- 				<groupId>org.apache.maven.plugins</groupId> -->
+<!-- 				<artifactId>maven-surefire-report-plugin</artifactId> -->
+<!-- 				<version>2.7.1</version> -->
+<!-- 				<inherited>false</inherited> -->
+<!-- 				<configuration> -->
+<!-- 					<aggregate>true</aggregate> -->
+<!-- 				</configuration> -->
+<!-- 			</plugin> -->
+<!-- 			<plugin> -->
+<!-- 				<groupId>org.codehaus.mojo</groupId> -->
+<!-- 				<artifactId>taglist-maven-plugin</artifactId> -->
+<!-- 				<version>2.4</version> -->
+<!-- 				<configuration> -->
+<!-- 					<aggregate>true</aggregate> -->
+<!-- 					<tags> -->
+<!-- 						<tag>TODO</tag> -->
+<!-- 						<tag>FIXME</tag> -->
+<!-- 						<tag>@deprecated</tag> -->
+<!-- 					</tags> -->
+<!-- 				</configuration> -->
+<!-- 			</plugin> -->
+<!-- 			<plugin> -->
+<!-- 				<groupId>org.apache.maven.plugins</groupId> -->
+<!-- 				<artifactId>maven-changelog-plugin</artifactId> -->
+<!-- 				<version>2.2</version> -->
+<!-- 				<inherited>false</inherited> -->
+<!-- 			</plugin> -->
+<!-- 			<plugin> -->
+<!-- 				<groupId>org.apache.maven.plugins</groupId> -->
+<!-- 				<artifactId>maven-pmd-plugin</artifactId> -->
+<!-- 				<version>2.3</version> -->
+<!-- 				<inherited>false</inherited> -->
+<!-- 				<configuration> -->
+<!-- 					<linkXref>true</linkXref> -->
+<!-- 					<targetJdk>1.5</targetJdk> -->
+<!-- 					<aggregate>true</aggregate> -->
+<!-- 					<excludes> -->
+<!-- 						<exclude>**/springutil/*.java</exclude> -->
+<!-- 					</excludes> -->
+<!-- 				</configuration> -->
+<!-- 				<reportSets> -->
+<!-- 					<reportSet> -->
+<!-- 						<reports> -->
+<!-- 							<report>cpd</report> -->
+<!-- 						</reports> -->
+<!-- 					</reportSet> -->
+<!-- 				</reportSets> -->
+<!-- 			</plugin> -->
+<!-- 		</plugins> -->
+<!-- 	</reporting> -->
 	<profiles>
 		<profile>
 			<id>developer</id>
diff --git a/runtime/org.argeo.slc.core/pom.xml b/runtime/org.argeo.slc.core/pom.xml
index d14cb4c0c..25f149ffd 100644
--- a/runtime/org.argeo.slc.core/pom.xml
+++ b/runtime/org.argeo.slc.core/pom.xml
@@ -78,10 +78,15 @@
 			<type>pom</type>
 		</dependency>
 
+		<!-- Spring -->
 		<dependency>
 			<groupId>org.springframework</groupId>
 			<artifactId>org.springframework.context</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>org.springframework.security.core</artifactId>
+		</dependency>
 
 		<dependency>
 			<groupId>net.sourceforge.cglib</groupId>
diff --git a/runtime/org.argeo.slc.core/src/main/java/org/argeo/slc/core/execution/ExecutionThread.java b/runtime/org.argeo.slc.core/src/main/java/org/argeo/slc/core/execution/ExecutionThread.java
index 7493de4e7..23bb947ee 100644
--- a/runtime/org.argeo.slc.core/src/main/java/org/argeo/slc/core/execution/ExecutionThread.java
+++ b/runtime/org.argeo.slc.core/src/main/java/org/argeo/slc/core/execution/ExecutionThread.java
@@ -18,9 +18,12 @@ package org.argeo.slc.core.execution;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.argeo.slc.SlcException;
 import org.argeo.slc.execution.ExecutionFlowDescriptor;
 import org.argeo.slc.execution.ExecutionStep;
 import org.argeo.slc.process.RealizedFlow;
+import org.springframework.security.Authentication;
+import org.springframework.security.context.SecurityContextHolder;
 
 /** Thread of a single execution */
 public class ExecutionThread extends Thread {
@@ -40,6 +43,13 @@ public class ExecutionThread extends Thread {
 	}
 
 	public void run() {
+		// authenticate thread
+		Authentication authentication = getProcessThreadGroup()
+				.getAuthentication();
+		if (authentication == null)
+			throw new SlcException("Can only execute authenticated threads");
+		SecurityContextHolder.getContext().setAuthentication(authentication);
+
 		if (getContextClassLoader() != null) {
 			if (log.isTraceEnabled())
 				log.trace("Context class loader set to "
@@ -82,6 +92,10 @@ public class ExecutionThread extends Thread {
 		processThread.getProcessThreadGroup().dispatchAddStep(step);
 	}
 
+	protected ProcessThreadGroup getProcessThreadGroup() {
+		return processThread.getProcessThreadGroup();
+	}
+
 	public RealizedFlow getRealizedFlow() {
 		return realizedFlow;
 	}
diff --git a/runtime/org.argeo.slc.core/src/main/java/org/argeo/slc/core/execution/ProcessThread.java b/runtime/org.argeo.slc.core/src/main/java/org/argeo/slc/core/execution/ProcessThread.java
index b116696f1..3117a3fd5 100644
--- a/runtime/org.argeo.slc.core/src/main/java/org/argeo/slc/core/execution/ProcessThread.java
+++ b/runtime/org.argeo.slc.core/src/main/java/org/argeo/slc/core/execution/ProcessThread.java
@@ -30,6 +30,8 @@ import org.argeo.slc.execution.ExecutionProcess;
 import org.argeo.slc.execution.ExecutionStep;
 import org.argeo.slc.process.RealizedFlow;
 import org.argeo.slc.process.SlcExecution;
+import org.springframework.security.Authentication;
+import org.springframework.security.context.SecurityContextHolder;
 
 /** Thread of the SLC Process, starting the sub executions. */
 @SuppressWarnings("deprecation")
@@ -57,8 +59,15 @@ public class ProcessThread extends Thread {
 	}
 
 	public final void run() {
-		log.info("\n##\n## SLC Process #" + process.getUuid()
-				+ " STARTED\n##\n");
+		// authenticate thread
+		Authentication authentication = getProcessThreadGroup()
+				.getAuthentication();
+		if (authentication == null)
+			throw new SlcException("Can only execute authenticated threads");
+		SecurityContextHolder.getContext().setAuthentication(authentication);
+
+		log.info("\n##\n## SLC Process #" + process.getUuid() + " STARTED by "
+				+ authentication.getName() + "\n##\n");
 
 		// Start logging
 		new LoggingThread().start();
diff --git a/runtime/org.argeo.slc.core/src/main/java/org/argeo/slc/core/execution/ProcessThreadGroup.java b/runtime/org.argeo.slc.core/src/main/java/org/argeo/slc/core/execution/ProcessThreadGroup.java
index 893d878fd..d7fa4f959 100644
--- a/runtime/org.argeo.slc.core/src/main/java/org/argeo/slc/core/execution/ProcessThreadGroup.java
+++ b/runtime/org.argeo.slc.core/src/main/java/org/argeo/slc/core/execution/ProcessThreadGroup.java
@@ -26,13 +26,15 @@ import org.argeo.slc.execution.ExecutionProcess;
 import org.argeo.slc.execution.ExecutionStep;
 import org.argeo.slc.process.SlcExecution;
 import org.argeo.slc.process.SlcExecutionStep;
+import org.springframework.security.Authentication;
+import org.springframework.security.context.SecurityContextHolder;
 
 /** The thread group attached to a given {@link SlcExecution}. */
 @SuppressWarnings("deprecation")
 public class ProcessThreadGroup extends ThreadGroup {
 	private final ExecutionModulesManager executionModulesManager;
 	private final ProcessThread processThread;
-
+	private final Authentication authentication;
 	private final static Integer STEPS_BUFFER_CAPACITY = 5000;
 
 	private BlockingQueue<ExecutionStep> steps = new ArrayBlockingQueue<ExecutionStep>(
@@ -44,6 +46,12 @@ public class ProcessThreadGroup extends ThreadGroup {
 				+ " thread group");
 		this.executionModulesManager = executionModulesManager;
 		this.processThread = processThread;
+		this.authentication = SecurityContextHolder.getContext()
+				.getAuthentication();
+	}
+
+	public Authentication getAuthentication() {
+		return authentication;
 	}
 
 	public void dispatchAddStep(ExecutionStep step) {