package org.argeo.security.core;
-import java.security.AccessController;
-
-import javax.security.auth.Subject;
+import java.util.concurrent.Callable;
+import java.util.concurrent.Executors;
+import java.util.concurrent.Future;
+import java.util.concurrent.FutureTask;
import org.argeo.ArgeoException;
import org.argeo.security.SystemExecutionService;
-import org.springframework.core.task.SimpleAsyncTaskExecutor;
-import org.springframework.core.task.TaskExecutor;
-import org.springframework.security.Authentication;
-import org.springframework.security.AuthenticationManager;
-import org.springframework.security.context.SecurityContext;
-import org.springframework.security.context.SecurityContextHolder;
-
-public class KeyBasedSystemExecutionService implements SystemExecutionService,
- TaskExecutor {
- private AuthenticationManager authenticationManager;
- private String systemAuthenticationKey;
+/**
+ * Implementation of a {@link SystemExecutionService} using a key-based
+ * {@link InternalAuthentication}
+ */
+public class KeyBasedSystemExecutionService extends AbstractSystemExecution
+ implements SystemExecutionService {
public void execute(Runnable runnable) {
- wrapWithSystemAuthentication(runnable).run();
+ try {
+ wrapWithSystemAuthentication(Executors.callable(runnable)).call();
+ } catch (RuntimeException e) {
+ throw e;
+ } catch (Exception e) {
+ throw new ArgeoException(
+ "Exception when running system authenticated task", e);
+ }
}
- public TaskExecutor createSystemAuthenticatedTaskExecutor() {
- return new SimpleAsyncTaskExecutor() {
- private static final long serialVersionUID = -8126773862193265020L;
-
- @Override
- public Thread createThread(Runnable runnable) {
- return super
- .createThread(wrapWithSystemAuthentication(runnable));
- }
-
- };
+ public <T> Future<T> submit(Callable<T> task) {
+ FutureTask<T> future = new FutureTask<T>(
+ wrapWithSystemAuthentication(task));
+ future.run();
+ return future;
}
- protected Runnable wrapWithSystemAuthentication(final Runnable runnable) {
- return new Runnable() {
-
- public void run() {
- SecurityContext securityContext = SecurityContextHolder
- .getContext();
- Authentication currentAuth = securityContext
- .getAuthentication();
- if (currentAuth != null)
- throw new ArgeoException(
- "System execution on an already authenticated thread: "
- + currentAuth + ", THREAD="
- + Thread.currentThread().getId());
+ protected <T> Callable<T> wrapWithSystemAuthentication(
+ final Callable<T> runnable) {
+ return new Callable<T>() {
- Subject subject = Subject.getSubject(AccessController
- .getContext());
- if (subject != null
- && !subject.getPrincipals(Authentication.class)
- .isEmpty())
- throw new ArgeoException(
- "There is already an authenticated subject: "
- + subject);
-
- Authentication auth = authenticationManager
- .authenticate(new InternalAuthentication(
- systemAuthenticationKey));
- securityContext.setAuthentication(auth);
+ public T call() throws Exception {
+ authenticateAsSystem();
try {
- runnable.run();
+ return runnable.call();
} finally {
- // remove the authentication
- securityContext.setAuthentication(null);
+ deauthenticateAsSystem();
}
}
};
}
-
- public void setAuthenticationManager(
- AuthenticationManager authenticationManager) {
- this.authenticationManager = authenticationManager;
- }
-
- public void setSystemAuthenticationKey(String systemAuthenticationKey) {
- this.systemAuthenticationKey = systemAuthenticationKey;
- }
-
}