+/*
+ * Copyright (C) 2007-2012 Mathieu Baudier
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
package org.argeo.security.core;
-import java.security.AccessController;
-
-import javax.security.auth.Subject;
-
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.argeo.ArgeoException;
+import org.argeo.security.SystemAuthentication;
import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationManager;
import org.springframework.security.context.SecurityContext;
/** Provides base method for executing code with system authorization. */
public abstract class AbstractSystemExecution {
+ static {
+ // Forces Spring Security to use inheritable strategy
+ // FIXME find a better place for forcing spring security mode
+ // doesn't work for the time being
+// if (System.getProperty(SecurityContextHolder.SYSTEM_PROPERTY) == null)
+// SecurityContextHolder
+// .setStrategyName(SecurityContextHolder.MODE_INHERITABLETHREADLOCAL);
+ }
+
private final static Log log = LogFactory
.getLog(AbstractSystemExecution.class);
private AuthenticationManager authenticationManager;
return;
SecurityContext securityContext = SecurityContextHolder.getContext();
Authentication currentAuth = securityContext.getAuthentication();
- if (currentAuth != null)
- throw new ArgeoException(
- "System execution on an already authenticated thread: "
- + currentAuth + ", THREAD="
- + Thread.currentThread().getId());
-
- Subject subject = Subject.getSubject(AccessController.getContext());
- if (subject != null
- && !subject.getPrincipals(Authentication.class).isEmpty())
- throw new ArgeoException(
- "There is already an authenticated subject: " + subject);
+ if (currentAuth != null) {
+ if (!(currentAuth instanceof SystemAuthentication))
+ throw new ArgeoException(
+ "System execution on an already authenticated thread: "
+ + currentAuth + ", THREAD="
+ + Thread.currentThread().getId());
+ return;
+ }
+ // Subject subject = Subject.getSubject(AccessController.getContext());
+ // if (subject != null
+ // && !subject.getPrincipals(Authentication.class).isEmpty())
+ // throw new ArgeoException(
+ // "There is already an authenticated subject: " + subject);
String key = systemAuthenticationKey != null ? systemAuthenticationKey
: System.getProperty(
log.trace("System authenticated");
}
- /** Removes the authentication from the calling thread. */
- protected void deauthenticateAsSystem() {
- // remove the authentication
- SecurityContext securityContext = SecurityContextHolder.getContext();
- if (securityContext.getAuthentication() != null) {
- securityContext.setAuthentication(null);
- authenticatedBySelf.set(false);
- if (log.isTraceEnabled())
- log.trace("System deauthenticated");
- }
+ // /** Removes the authentication from the calling thread. */
+ // protected void deauthenticateAsSystem() {
+ // // remove the authentication
+ // // SecurityContext securityContext = SecurityContextHolder.getContext();
+ // // securityContext.setAuthentication(null);
+ // // authenticatedBySelf.set(false);
+ // if (log.isTraceEnabled()) {
+ // log.trace("System deauthenticated");
+ // // Thread.dumpStack();
+ // }
+ // }
+
+ /**
+ * Whether the current thread was authenticated by this component or a
+ * parent thread.
+ */
+ protected Boolean isAuthenticatedBySelf() {
+ return authenticatedBySelf.get();
}
public void setAuthenticationManager(
projects / lgpl / argeo-commons.git / blobdiff