X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=security%2Fruntime%2Forg.argeo.security.core%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fsecurity%2Fcore%2FAbstractSystemExecution.java;h=e1894d7deae7c99d6dd916f685eca84c792f50f9;hb=1d5afdce3e91054f07ddd3c98309c363b4cf1d46;hp=23a111b9430e51e50c5c5b507a560c7514ed2bde;hpb=3e638706693d06f4b5a16c8fe0197b8c7e7794b3;p=lgpl%2Fargeo-commons.git diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/AbstractSystemExecution.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/AbstractSystemExecution.java index 23a111b94..e1894d7de 100644 --- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/AbstractSystemExecution.java +++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/AbstractSystemExecution.java @@ -1,12 +1,24 @@ +/* + * Copyright (C) 2007-2012 Mathieu Baudier + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package org.argeo.security.core; -import java.security.AccessController; - -import javax.security.auth.Subject; - import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.argeo.ArgeoException; +import org.argeo.security.SystemAuthentication; import org.springframework.security.Authentication; import org.springframework.security.AuthenticationManager; import org.springframework.security.context.SecurityContext; @@ -14,6 +26,15 @@ import org.springframework.security.context.SecurityContextHolder; /** Provides base method for executing code with system authorization. */ public abstract class AbstractSystemExecution { + static { + // Forces Spring Security to use inheritable strategy + // FIXME find a better place for forcing spring security mode + // doesn't work for the time being +// if (System.getProperty(SecurityContextHolder.SYSTEM_PROPERTY) == null) +// SecurityContextHolder +// .setStrategyName(SecurityContextHolder.MODE_INHERITABLETHREADLOCAL); + } + private final static Log log = LogFactory .getLog(AbstractSystemExecution.class); private AuthenticationManager authenticationManager; @@ -35,17 +56,19 @@ public abstract class AbstractSystemExecution { return; SecurityContext securityContext = SecurityContextHolder.getContext(); Authentication currentAuth = securityContext.getAuthentication(); - if (currentAuth != null) - throw new ArgeoException( - "System execution on an already authenticated thread: " - + currentAuth + ", THREAD=" - + Thread.currentThread().getId()); - - Subject subject = Subject.getSubject(AccessController.getContext()); - if (subject != null - && !subject.getPrincipals(Authentication.class).isEmpty()) - throw new ArgeoException( - "There is already an authenticated subject: " + subject); + if (currentAuth != null) { + if (!(currentAuth instanceof SystemAuthentication)) + throw new ArgeoException( + "System execution on an already authenticated thread: " + + currentAuth + ", THREAD=" + + Thread.currentThread().getId()); + return; + } + // Subject subject = Subject.getSubject(AccessController.getContext()); + // if (subject != null + // && !subject.getPrincipals(Authentication.class).isEmpty()) + // throw new ArgeoException( + // "There is already an authenticated subject: " + subject); String key = systemAuthenticationKey != null ? systemAuthenticationKey : System.getProperty( @@ -61,16 +84,24 @@ public abstract class AbstractSystemExecution { log.trace("System authenticated"); } - /** Removes the authentication from the calling thread. */ - protected void deauthenticateAsSystem() { - // remove the authentication - SecurityContext securityContext = SecurityContextHolder.getContext(); - if (securityContext.getAuthentication() != null) { - securityContext.setAuthentication(null); - authenticatedBySelf.set(false); - if (log.isTraceEnabled()) - log.trace("System deauthenticated"); - } + // /** Removes the authentication from the calling thread. */ + // protected void deauthenticateAsSystem() { + // // remove the authentication + // // SecurityContext securityContext = SecurityContextHolder.getContext(); + // // securityContext.setAuthentication(null); + // // authenticatedBySelf.set(false); + // if (log.isTraceEnabled()) { + // log.trace("System deauthenticated"); + // // Thread.dumpStack(); + // } + // } + + /** + * Whether the current thread was authenticated by this component or a + * parent thread. + */ + protected Boolean isAuthenticatedBySelf() { + return authenticatedBySelf.get(); } public void setAuthenticationManager(