X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=security%2Fruntime%2Forg.argeo.security.core%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fsecurity%2Fcore%2FKeyBasedSystemExecutionService.java;h=3235a9602bdad53f8aed8dcfe05765644353fdf1;hb=149023e5969377045847bbecf24b0898b18a67a9;hp=d586d1178268af09ed507bea46390eac1c41ef33;hpb=977a7a352131b082a98739f15e421f2bff747567;p=lgpl%2Fargeo-commons.git

diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/KeyBasedSystemExecutionService.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/KeyBasedSystemExecutionService.java
index d586d1178..3235a9602 100644
--- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/KeyBasedSystemExecutionService.java
+++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/KeyBasedSystemExecutionService.java
@@ -1,5 +1,10 @@
 package org.argeo.security.core;
 
+import java.security.AccessController;
+
+import javax.security.auth.Subject;
+
+import org.argeo.ArgeoException;
 import org.argeo.security.SystemExecutionService;
 import org.springframework.core.task.SimpleAsyncTaskExecutor;
 import org.springframework.core.task.TaskExecutor;
@@ -8,11 +13,12 @@ import org.springframework.security.AuthenticationManager;
 import org.springframework.security.context.SecurityContext;
 import org.springframework.security.context.SecurityContextHolder;
 
-public class KeyBasedSystemExecutionService implements SystemExecutionService {
+public class KeyBasedSystemExecutionService implements SystemExecutionService,
+		TaskExecutor {
 	private AuthenticationManager authenticationManager;
 	private String systemAuthenticationKey;
 
-	public void executeAsSystem(Runnable runnable) {
+	public void execute(Runnable runnable) {
 		wrapWithSystemAuthentication(runnable).run();
 	}
 
@@ -35,12 +41,33 @@ public class KeyBasedSystemExecutionService implements SystemExecutionService {
 			public void run() {
 				SecurityContext securityContext = SecurityContextHolder
 						.getContext();
+				Authentication currentAuth = securityContext
+						.getAuthentication();
+				if (currentAuth != null)
+					throw new ArgeoException(
+							"System execution on an already authenticated thread: "
+									+ currentAuth + ", THREAD="
+									+ Thread.currentThread().getId());
+
+				Subject subject = Subject.getSubject(AccessController
+						.getContext());
+				if (subject != null
+						&& !subject.getPrincipals(Authentication.class)
+								.isEmpty())
+					throw new ArgeoException(
+							"There is already an authenticated subject: "
+									+ subject);
+
 				Authentication auth = authenticationManager
 						.authenticate(new InternalAuthentication(
 								systemAuthenticationKey));
 				securityContext.setAuthentication(auth);
-
-				runnable.run();
+				try {
+					runnable.run();
+				} finally {
+					// remove the authentication
+					securityContext.setAuthentication(null);
+				}
 			}
 		};
 	}