X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=security%2Fruntime%2Forg.argeo.security.core%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fsecurity%2Fcore%2FAbstractSystemExecution.java;fp=security%2Fruntime%2Forg.argeo.security.core%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fsecurity%2Fcore%2FAbstractSystemExecution.java;h=b12629ab90ca64313ecb72317fae5408e5dd8296;hb=0c7d4e488bf4e357ca33329c87a29baae63a5be9;hp=856ceee60e0a0e55fb672f781e21adbac2936595;hpb=c76283038c867fc0ef9eb6fa623040c58c6139bb;p=lgpl%2Fargeo-commons.git diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/AbstractSystemExecution.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/AbstractSystemExecution.java index 856ceee60..b12629ab9 100644 --- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/AbstractSystemExecution.java +++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/AbstractSystemExecution.java @@ -14,13 +14,22 @@ import org.springframework.security.context.SecurityContextHolder; /** Provides base method for executing code with system authorization. */ public abstract class AbstractSystemExecution { + static { + // Forces Spring Security to use inheritable strategy + // FIXME find a better place for forcing spring security mode + // doesn't work for the time besing +// if (System.getProperty(SecurityContextHolder.SYSTEM_PROPERTY) == null) +// SecurityContextHolder +// .setStrategyName(SecurityContextHolder.MODE_INHERITABLETHREADLOCAL); + } + private final static Log log = LogFactory .getLog(AbstractSystemExecution.class); private AuthenticationManager authenticationManager; private String systemAuthenticationKey; /** Whether the current thread was authenticated by this component. */ - private ThreadLocal authenticatedBySelf = new ThreadLocal() { + private InheritableThreadLocal authenticatedBySelf = new InheritableThreadLocal() { protected Boolean initialValue() { return false; } @@ -35,12 +44,12 @@ public abstract class AbstractSystemExecution { return; SecurityContext securityContext = SecurityContextHolder.getContext(); Authentication currentAuth = securityContext.getAuthentication(); - if (currentAuth != null) + if (currentAuth != null){ throw new ArgeoException( "System execution on an already authenticated thread: " + currentAuth + ", THREAD=" + Thread.currentThread().getId()); - + } Subject subject = Subject.getSubject(AccessController.getContext()); if (subject != null && !subject.getPrincipals(Authentication.class).isEmpty()) @@ -75,7 +84,10 @@ public abstract class AbstractSystemExecution { } } - /** Whether the current thread was authenticated by this component. */ + /** + * Whether the current thread was authenticated by this component or a + * parent thread. + */ protected Boolean isAuthenticatedBySelf() { return authenticatedBySelf.get(); }