X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=security%2Fruntime%2Forg.argeo.security.core%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fsecurity%2Fcore%2FKeyBasedSystemExecutionService.java;h=3235a9602bdad53f8aed8dcfe05765644353fdf1;hb=da55282938aaebf9fa148454dbc8add9c558501f;hp=a02221e323ce7dba34de0b03e46f5e5b8137948c;hpb=2f510fb09e18bc3d3e902c8131d0037763c5f279;p=lgpl%2Fargeo-commons.git diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/KeyBasedSystemExecutionService.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/KeyBasedSystemExecutionService.java index a02221e32..3235a9602 100644 --- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/KeyBasedSystemExecutionService.java +++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/KeyBasedSystemExecutionService.java @@ -1,5 +1,9 @@ package org.argeo.security.core; +import java.security.AccessController; + +import javax.security.auth.Subject; + import org.argeo.ArgeoException; import org.argeo.security.SystemExecutionService; import org.springframework.core.task.SimpleAsyncTaskExecutor; @@ -39,12 +43,21 @@ public class KeyBasedSystemExecutionService implements SystemExecutionService, .getContext(); Authentication currentAuth = securityContext .getAuthentication(); - if (currentAuth != null) { + if (currentAuth != null) throw new ArgeoException( "System execution on an already authenticated thread: " + currentAuth + ", THREAD=" + Thread.currentThread().getId()); - } + + Subject subject = Subject.getSubject(AccessController + .getContext()); + if (subject != null + && !subject.getPrincipals(Authentication.class) + .isEmpty()) + throw new ArgeoException( + "There is already an authenticated subject: " + + subject); + Authentication auth = authenticationManager .authenticate(new InternalAuthentication( systemAuthenticationKey));