X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=security%2Fruntime%2Forg.argeo.security.core%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fsecurity%2Fcore%2FKeyBasedSystemExecutionService.java;h=3235a9602bdad53f8aed8dcfe05765644353fdf1;hb=149023e5969377045847bbecf24b0898b18a67a9;hp=08ef6428ad925f9cc19db8ffece144002df41218;hpb=03db65bd74ce09b696a4c5af15a58df988e5368d;p=lgpl%2Fargeo-commons.git diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/KeyBasedSystemExecutionService.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/KeyBasedSystemExecutionService.java index 08ef6428a..3235a9602 100644 --- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/KeyBasedSystemExecutionService.java +++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/KeyBasedSystemExecutionService.java @@ -1,5 +1,10 @@ package org.argeo.security.core; +import java.security.AccessController; + +import javax.security.auth.Subject; + +import org.argeo.ArgeoException; import org.argeo.security.SystemExecutionService; import org.springframework.core.task.SimpleAsyncTaskExecutor; import org.springframework.core.task.TaskExecutor; @@ -36,6 +41,23 @@ public class KeyBasedSystemExecutionService implements SystemExecutionService, public void run() { SecurityContext securityContext = SecurityContextHolder .getContext(); + Authentication currentAuth = securityContext + .getAuthentication(); + if (currentAuth != null) + throw new ArgeoException( + "System execution on an already authenticated thread: " + + currentAuth + ", THREAD=" + + Thread.currentThread().getId()); + + Subject subject = Subject.getSubject(AccessController + .getContext()); + if (subject != null + && !subject.getPrincipals(Authentication.class) + .isEmpty()) + throw new ArgeoException( + "There is already an authenticated subject: " + + subject); + Authentication auth = authenticationManager .authenticate(new InternalAuthentication( systemAuthenticationKey));