]> git.argeo.org Git - lgpl/argeo-commons.git/blob - AbstractSystemExecution.java
projects / lgpl / argeo-commons.git / blob


856ceee60e0a0e55fb672f781e21adbac2936595
[lgpl/argeo-commons.git] / AbstractSystemExecution.java
1 package org.argeo.security.core;
2
3 import java.security.AccessController;
4
5 import javax.security.auth.Subject;
6
7 import org.apache.commons.logging.Log;
8 import org.apache.commons.logging.LogFactory;
9 import org.argeo.ArgeoException;
10 import org.springframework.security.Authentication;
11 import org.springframework.security.AuthenticationManager;
12 import org.springframework.security.context.SecurityContext;
13 import org.springframework.security.context.SecurityContextHolder;
14
15 /** Provides base method for executing code with system authorization. */
16 public abstract class AbstractSystemExecution {
17 private final static Log log = LogFactory
18 .getLog(AbstractSystemExecution.class);
19 private AuthenticationManager authenticationManager;
20 private String systemAuthenticationKey;
21
22 /** Whether the current thread was authenticated by this component. */
23 private ThreadLocal<Boolean> authenticatedBySelf = new ThreadLocal<Boolean>() {
24 protected Boolean initialValue() {
25 return false;
26 }
27 };
28
29 /**
30 * Authenticate the calling thread to the underlying
31 * {@link AuthenticationManager}
32 */
33 protected void authenticateAsSystem() {
34 if (authenticatedBySelf.get())
35 return;
36 SecurityContext securityContext = SecurityContextHolder.getContext();
37 Authentication currentAuth = securityContext.getAuthentication();
38 if (currentAuth != null)
39 throw new ArgeoException(
40 "System execution on an already authenticated thread: "
41 + currentAuth + ", THREAD="
42 + Thread.currentThread().getId());
43
44 Subject subject = Subject.getSubject(AccessController.getContext());
45 if (subject != null
46 && !subject.getPrincipals(Authentication.class).isEmpty())
47 throw new ArgeoException(
48 "There is already an authenticated subject: " + subject);
49
50 String key = systemAuthenticationKey != null ? systemAuthenticationKey
51 : System.getProperty(
52 InternalAuthentication.SYSTEM_KEY_PROPERTY,
53 InternalAuthentication.SYSTEM_KEY_DEFAULT);
54 if (key == null)
55 throw new ArgeoException("No system key defined");
56 Authentication auth = authenticationManager
57 .authenticate(new InternalAuthentication(key));
58 securityContext.setAuthentication(auth);
59 authenticatedBySelf.set(true);
60 if (log.isTraceEnabled())
61 log.trace("System authenticated");
62 }
63
64 /** Removes the authentication from the calling thread. */
65 protected void deauthenticateAsSystem() {
66 // remove the authentication
67 SecurityContext securityContext = SecurityContextHolder.getContext();
68 if (securityContext.getAuthentication() != null) {
69 securityContext.setAuthentication(null);
70 authenticatedBySelf.set(false);
71 if (log.isTraceEnabled()) {
72 log.trace("System deauthenticated");
73 // Thread.dumpStack();
74 }
75 }
76 }
77
78 /** Whether the current thread was authenticated by this component. */
79 protected Boolean isAuthenticatedBySelf() {
80 return authenticatedBySelf.get();
81 }
82
83 public void setAuthenticationManager(
84 AuthenticationManager authenticationManager) {
85 this.authenticationManager = authenticationManager;
86 }
87
88 public void setSystemAuthenticationKey(String systemAuthenticationKey) {
89 this.systemAuthenticationKey = systemAuthenticationKey;
90 }
91
92 }
Argeo Commons - Lightweight integration framework in pure Java/OSGi