Add authorizations to JCR

[lgpl/argeo-commons.git] / security / runtime / org.argeo.security.core / src / main / java / org / argeo / security / core / KeyBasedSystemExecutionService.java

diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/KeyBasedSystemExecutionService.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/KeyBasedSystemExecutionService.java
index d586d1178268af09ed507bea46390eac1c41ef33..a02221e323ce7dba34de0b03e46f5e5b8137948c 100644 (file)
--- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/KeyBasedSystemExecutionService.java
+++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/KeyBasedSystemExecutionService.java
@@ -1,5 +1,6 @@
 package org.argeo.security.core;
 
+import org.argeo.ArgeoException;
 import org.argeo.security.SystemExecutionService;
 import org.springframework.core.task.SimpleAsyncTaskExecutor;
 import org.springframework.core.task.TaskExecutor;
@@ -8,11 +9,12 @@ import org.springframework.security.AuthenticationManager;
 import org.springframework.security.context.SecurityContext;
 import org.springframework.security.context.SecurityContextHolder;
 
-public class KeyBasedSystemExecutionService implements SystemExecutionService {
+public class KeyBasedSystemExecutionService implements SystemExecutionService,
+               TaskExecutor {
        private AuthenticationManager authenticationManager;
        private String systemAuthenticationKey;
 
-       public void executeAsSystem(Runnable runnable) {
+       public void execute(Runnable runnable) {
                wrapWithSystemAuthentication(runnable).run();
        }
 
@@ -35,12 +37,24 @@ public class KeyBasedSystemExecutionService implements SystemExecutionService {
                        public void run() {
                                SecurityContext securityContext = SecurityContextHolder
                                                .getContext();
+                               Authentication currentAuth = securityContext
+                                               .getAuthentication();
+                               if (currentAuth != null) {
+                                       throw new ArgeoException(
+                                                       "System execution on an already authenticated thread: "
+                                                                       + currentAuth + ", THREAD="
+                                                                       + Thread.currentThread().getId());
+                               }
                                Authentication auth = authenticationManager
                                                .authenticate(new InternalAuthentication(
                                                                systemAuthenticationKey));
                                securityContext.setAuthentication(auth);
-
-                               runnable.run();
+                               try {
+                                       runnable.run();
+                               } finally {
+                                       // remove the authentication
+                                       securityContext.setAuthentication(null);
+                               }
                        }
                };
        }