Add remember me capabilities to RAP

[lgpl/argeo-commons.git] / security / runtime / org.argeo.security.core / src / main / java / org / argeo / security / core / AbstractSystemExecution.java

diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/AbstractSystemExecution.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/AbstractSystemExecution.java
index 23a111b9430e51e50c5c5b507a560c7514ed2bde..b12629ab90ca64313ecb72317fae5408e5dd8296 100644 (file)
--- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/AbstractSystemExecution.java
+++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/AbstractSystemExecution.java
@@ -14,13 +14,22 @@ import org.springframework.security.context.SecurityContextHolder;
 
 /** Provides base method for executing code with system authorization. */
 public abstract class AbstractSystemExecution {
+       static {
+               // Forces Spring Security to use inheritable strategy
+               // FIXME find a better place for forcing spring security mode
+               // doesn't work for the time besing
+//             if (System.getProperty(SecurityContextHolder.SYSTEM_PROPERTY) == null)
+//                     SecurityContextHolder
+//                                     .setStrategyName(SecurityContextHolder.MODE_INHERITABLETHREADLOCAL);
+       }
+
        private final static Log log = LogFactory
                        .getLog(AbstractSystemExecution.class);
        private AuthenticationManager authenticationManager;
        private String systemAuthenticationKey;
 
        /** Whether the current thread was authenticated by this component. */
-       private ThreadLocal<Boolean> authenticatedBySelf = new ThreadLocal<Boolean>() {
+       private InheritableThreadLocal<Boolean> authenticatedBySelf = new InheritableThreadLocal<Boolean>() {
                protected Boolean initialValue() {
                        return false;
                }
@@ -35,12 +44,12 @@ public abstract class AbstractSystemExecution {
                        return;
                SecurityContext securityContext = SecurityContextHolder.getContext();
                Authentication currentAuth = securityContext.getAuthentication();
-               if (currentAuth != null)
+               if (currentAuth != null){
                        throw new ArgeoException(
                                        "System execution on an already authenticated thread: "
                                                        + currentAuth + ", THREAD="
                                                        + Thread.currentThread().getId());
-
+               }
                Subject subject = Subject.getSubject(AccessController.getContext());
                if (subject != null
                                && !subject.getPrincipals(Authentication.class).isEmpty())
@@ -68,11 +77,21 @@ public abstract class AbstractSystemExecution {
                if (securityContext.getAuthentication() != null) {
                        securityContext.setAuthentication(null);
                        authenticatedBySelf.set(false);
-                       if (log.isTraceEnabled())
+                       if (log.isTraceEnabled()) {
                                log.trace("System deauthenticated");
+                               // Thread.dumpStack();
+                       }
                }
        }
 
+       /**
+        * Whether the current thread was authenticated by this component or a
+        * parent thread.
+        */
+       protected Boolean isAuthenticatedBySelf() {
+               return authenticatedBySelf.get();
+       }
+
        public void setAuthenticationManager(
                        AuthenticationManager authenticationManager) {
                this.authenticationManager = authenticationManager;