1 package org
.argeo
.security
.core
;
3 import java
.security
.AccessController
;
5 import javax
.security
.auth
.Subject
;
7 import org
.apache
.commons
.logging
.Log
;
8 import org
.apache
.commons
.logging
.LogFactory
;
9 import org
.argeo
.ArgeoException
;
10 import org
.springframework
.security
.Authentication
;
11 import org
.springframework
.security
.AuthenticationManager
;
12 import org
.springframework
.security
.context
.SecurityContext
;
13 import org
.springframework
.security
.context
.SecurityContextHolder
;
15 /** Provides base method for executing code with system authorization. */
16 public abstract class AbstractSystemExecution
{
18 // Forces Spring Security to use inheritable strategy
19 // FIXME find a better place for forcing spring security mode
20 // doesn't work for the time besing
21 // if (System.getProperty(SecurityContextHolder.SYSTEM_PROPERTY) == null)
22 // SecurityContextHolder
23 // .setStrategyName(SecurityContextHolder.MODE_INHERITABLETHREADLOCAL);
26 private final static Log log
= LogFactory
27 .getLog(AbstractSystemExecution
.class);
28 private AuthenticationManager authenticationManager
;
29 private String systemAuthenticationKey
;
31 /** Whether the current thread was authenticated by this component. */
32 private InheritableThreadLocal
<Boolean
> authenticatedBySelf
= new InheritableThreadLocal
<Boolean
>() {
33 protected Boolean
initialValue() {
39 * Authenticate the calling thread to the underlying
40 * {@link AuthenticationManager}
42 protected void authenticateAsSystem() {
43 if (authenticatedBySelf
.get())
45 SecurityContext securityContext
= SecurityContextHolder
.getContext();
46 Authentication currentAuth
= securityContext
.getAuthentication();
47 if (currentAuth
!= null){
48 throw new ArgeoException(
49 "System execution on an already authenticated thread: "
50 + currentAuth
+ ", THREAD="
51 + Thread
.currentThread().getId());
53 Subject subject
= Subject
.getSubject(AccessController
.getContext());
55 && !subject
.getPrincipals(Authentication
.class).isEmpty())
56 throw new ArgeoException(
57 "There is already an authenticated subject: " + subject
);
59 String key
= systemAuthenticationKey
!= null ? systemAuthenticationKey
61 InternalAuthentication
.SYSTEM_KEY_PROPERTY
,
62 InternalAuthentication
.SYSTEM_KEY_DEFAULT
);
64 throw new ArgeoException("No system key defined");
65 Authentication auth
= authenticationManager
66 .authenticate(new InternalAuthentication(key
));
67 securityContext
.setAuthentication(auth
);
68 authenticatedBySelf
.set(true);
69 if (log
.isTraceEnabled())
70 log
.trace("System authenticated");
73 /** Removes the authentication from the calling thread. */
74 protected void deauthenticateAsSystem() {
75 // remove the authentication
76 SecurityContext securityContext
= SecurityContextHolder
.getContext();
77 if (securityContext
.getAuthentication() != null) {
78 securityContext
.setAuthentication(null);
79 authenticatedBySelf
.set(false);
80 if (log
.isTraceEnabled()) {
81 log
.trace("System deauthenticated");
82 // Thread.dumpStack();
88 * Whether the current thread was authenticated by this component or a
91 protected Boolean
isAuthenticatedBySelf() {
92 return authenticatedBySelf
.get();
95 public void setAuthenticationManager(
96 AuthenticationManager authenticationManager
) {
97 this.authenticationManager
= authenticationManager
;
100 public void setSystemAuthenticationKey(String systemAuthenticationKey
) {
101 this.systemAuthenticationKey
= systemAuthenticationKey
;