X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=security%2Fruntime%2Forg.argeo.security.core%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fsecurity%2Fcore%2FAbstractSystemExecution.java;h=b12629ab90ca64313ecb72317fae5408e5dd8296;hb=0c7d4e488bf4e357ca33329c87a29baae63a5be9;hp=23a111b9430e51e50c5c5b507a560c7514ed2bde;hpb=3e638706693d06f4b5a16c8fe0197b8c7e7794b3;p=lgpl%2Fargeo-commons.git diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/AbstractSystemExecution.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/AbstractSystemExecution.java index 23a111b94..b12629ab9 100644 --- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/AbstractSystemExecution.java +++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/AbstractSystemExecution.java @@ -14,13 +14,22 @@ import org.springframework.security.context.SecurityContextHolder; /** Provides base method for executing code with system authorization. */ public abstract class AbstractSystemExecution { + static { + // Forces Spring Security to use inheritable strategy + // FIXME find a better place for forcing spring security mode + // doesn't work for the time besing +// if (System.getProperty(SecurityContextHolder.SYSTEM_PROPERTY) == null) +// SecurityContextHolder +// .setStrategyName(SecurityContextHolder.MODE_INHERITABLETHREADLOCAL); + } + private final static Log log = LogFactory .getLog(AbstractSystemExecution.class); private AuthenticationManager authenticationManager; private String systemAuthenticationKey; /** Whether the current thread was authenticated by this component. */ - private ThreadLocal authenticatedBySelf = new ThreadLocal() { + private InheritableThreadLocal authenticatedBySelf = new InheritableThreadLocal() { protected Boolean initialValue() { return false; } @@ -35,12 +44,12 @@ public abstract class AbstractSystemExecution { return; SecurityContext securityContext = SecurityContextHolder.getContext(); Authentication currentAuth = securityContext.getAuthentication(); - if (currentAuth != null) + if (currentAuth != null){ throw new ArgeoException( "System execution on an already authenticated thread: " + currentAuth + ", THREAD=" + Thread.currentThread().getId()); - + } Subject subject = Subject.getSubject(AccessController.getContext()); if (subject != null && !subject.getPrincipals(Authentication.class).isEmpty()) @@ -68,11 +77,21 @@ public abstract class AbstractSystemExecution { if (securityContext.getAuthentication() != null) { securityContext.setAuthentication(null); authenticatedBySelf.set(false); - if (log.isTraceEnabled()) + if (log.isTraceEnabled()) { log.trace("System deauthenticated"); + // Thread.dumpStack(); + } } } + /** + * Whether the current thread was authenticated by this component or a + * parent thread. + */ + protected Boolean isAuthenticatedBySelf() { + return authenticatedBySelf.get(); + } + public void setAuthenticationManager( AuthenticationManager authenticationManager) { this.authenticationManager = authenticationManager;