X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=security%2Fruntime%2Forg.argeo.security.core%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fsecurity%2Fcore%2FAbstractSystemExecution.java;fp=security%2Fruntime%2Forg.argeo.security.core%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fsecurity%2Fcore%2FAbstractSystemExecution.java;h=23a111b9430e51e50c5c5b507a560c7514ed2bde;hb=3e638706693d06f4b5a16c8fe0197b8c7e7794b3;hp=55f0fefcc156c9bd37d3c5c186f0657f3ce1cc8d;hpb=30808844bdd83ed7a7398af4ef4c470975a3067a;p=lgpl%2Fargeo-commons.git diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/AbstractSystemExecution.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/AbstractSystemExecution.java index 55f0fefcc..23a111b94 100644 --- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/AbstractSystemExecution.java +++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/AbstractSystemExecution.java @@ -4,6 +4,8 @@ import java.security.AccessController; import javax.security.auth.Subject; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; import org.argeo.ArgeoException; import org.springframework.security.Authentication; import org.springframework.security.AuthenticationManager; @@ -12,14 +14,25 @@ import org.springframework.security.context.SecurityContextHolder; /** Provides base method for executing code with system authorization. */ public abstract class AbstractSystemExecution { + private final static Log log = LogFactory + .getLog(AbstractSystemExecution.class); private AuthenticationManager authenticationManager; private String systemAuthenticationKey; + /** Whether the current thread was authenticated by this component. */ + private ThreadLocal authenticatedBySelf = new ThreadLocal() { + protected Boolean initialValue() { + return false; + } + }; + /** * Authenticate the calling thread to the underlying * {@link AuthenticationManager} */ protected void authenticateAsSystem() { + if (authenticatedBySelf.get()) + return; SecurityContext securityContext = SecurityContextHolder.getContext(); Authentication currentAuth = securityContext.getAuthentication(); if (currentAuth != null) @@ -43,13 +56,21 @@ public abstract class AbstractSystemExecution { Authentication auth = authenticationManager .authenticate(new InternalAuthentication(key)); securityContext.setAuthentication(auth); + authenticatedBySelf.set(true); + if (log.isTraceEnabled()) + log.trace("System authenticated"); } /** Removes the authentication from the calling thread. */ protected void deauthenticateAsSystem() { // remove the authentication SecurityContext securityContext = SecurityContextHolder.getContext(); - securityContext.setAuthentication(null); + if (securityContext.getAuthentication() != null) { + securityContext.setAuthentication(null); + authenticatedBySelf.set(false); + if (log.isTraceEnabled()) + log.trace("System deauthenticated"); + } } public void setAuthenticationManager(