X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=security%2Fruntime%2Forg.argeo.security.core%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fsecurity%2Fcore%2FKeyBasedSystemExecutionService.java;h=07f8ebe6d86a3fe0a7e32228cd7de3be487c5fdb;hb=1d5afdce3e91054f07ddd3c98309c363b4cf1d46;hp=b2dfc4a2439922cbd795d3c6c1522444130903c2;hpb=6b3ffc999e1ba5719420b861c7fe411bbbdfa9e2;p=lgpl%2Fargeo-commons.git diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/KeyBasedSystemExecutionService.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/KeyBasedSystemExecutionService.java index b2dfc4a24..07f8ebe6d 100644 --- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/KeyBasedSystemExecutionService.java +++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/KeyBasedSystemExecutionService.java @@ -1,31 +1,39 @@ +/* + * Copyright (C) 2007-2012 Mathieu Baudier + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package org.argeo.security.core; -import java.security.AccessController; import java.util.concurrent.Callable; import java.util.concurrent.Executors; import java.util.concurrent.Future; import java.util.concurrent.FutureTask; -import javax.security.auth.Subject; - import org.argeo.ArgeoException; import org.argeo.security.SystemExecutionService; -import org.springframework.security.Authentication; -import org.springframework.security.AuthenticationManager; -import org.springframework.security.context.SecurityContext; -import org.springframework.security.context.SecurityContextHolder; /** * Implementation of a {@link SystemExecutionService} using a key-based * {@link InternalAuthentication} */ -public class KeyBasedSystemExecutionService implements SystemExecutionService { - private AuthenticationManager authenticationManager; - private String systemAuthenticationKey; - +public class KeyBasedSystemExecutionService extends AbstractSystemExecution + implements SystemExecutionService { public void execute(Runnable runnable) { try { wrapWithSystemAuthentication(Executors.callable(runnable)).call(); + } catch (RuntimeException e) { + throw e; } catch (Exception e) { throw new ArgeoException( "Exception when running system authenticated task", e); @@ -44,46 +52,13 @@ public class KeyBasedSystemExecutionService implements SystemExecutionService { return new Callable() { public T call() throws Exception { - SecurityContext securityContext = SecurityContextHolder - .getContext(); - Authentication currentAuth = securityContext - .getAuthentication(); - if (currentAuth != null) - throw new ArgeoException( - "System execution on an already authenticated thread: " - + currentAuth + ", THREAD=" - + Thread.currentThread().getId()); - - Subject subject = Subject.getSubject(AccessController - .getContext()); - if (subject != null - && !subject.getPrincipals(Authentication.class) - .isEmpty()) - throw new ArgeoException( - "There is already an authenticated subject: " - + subject); - - Authentication auth = authenticationManager - .authenticate(new InternalAuthentication( - systemAuthenticationKey)); - securityContext.setAuthentication(auth); + authenticateAsSystem(); try { return runnable.call(); } finally { - // remove the authentication - securityContext.setAuthentication(null); +// deauthenticateAsSystem(); } } }; } - - public void setAuthenticationManager( - AuthenticationManager authenticationManager) { - this.authenticationManager = authenticationManager; - } - - public void setSystemAuthenticationKey(String systemAuthenticationKey) { - this.systemAuthenticationKey = systemAuthenticationKey; - } - }