View Javadoc
1   /*
2    * Copyright (C) 2007-2012 Argeo GmbH
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *         http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package org.argeo.cms.spring;
17  
18  import java.security.AccessController;
19  import java.security.PrivilegedAction;
20  import java.util.ArrayList;
21  import java.util.List;
22  
23  import javax.security.auth.Subject;
24  
25  import org.eclipse.gemini.blueprint.context.DependencyInitializationAwareBeanPostProcessor;
26  import org.springframework.beans.BeansException;
27  import org.springframework.beans.factory.support.AbstractBeanFactory;
28  import org.springframework.beans.factory.support.SecurityContextProvider;
29  import org.springframework.beans.factory.support.SimpleSecurityContextProvider;
30  import org.springframework.context.ApplicationContext;
31  import org.springframework.context.ApplicationContextAware;
32  
33  /**
34   * Executes with a system authentication the instantiation and initialization
35   * methods of the application context where it has been defined.
36   */
37  public class AuthenticatedApplicationContextInitialization extends
38  		AbstractSystemExecution implements
39  		DependencyInitializationAwareBeanPostProcessor, ApplicationContextAware {
40  	/** If non empty, restricts to these beans */
41  	private List<String> beanNames = new ArrayList<String>();
42  
43  	public Object postProcessBeforeInitialization(Object bean, String beanName)
44  			throws BeansException {
45  		if (beanNames.size() == 0 || beanNames.contains(beanName))
46  			authenticateAsSystem();
47  		return bean;
48  	}
49  
50  	public Object postProcessAfterInitialization(Object bean, String beanName)
51  			throws BeansException {
52  		if (beanNames.size() == 0 || beanNames.contains(beanName))
53  			deauthenticateAsSystem();
54  		return bean;
55  	}
56  
57  	public void setBeanNames(List<String> beanNames) {
58  		this.beanNames = beanNames;
59  	}
60  
61  	@Override
62  	public void setApplicationContext(ApplicationContext applicationContext)
63  			throws BeansException {
64  		if (applicationContext.getAutowireCapableBeanFactory() instanceof AbstractBeanFactory) {
65  			final AbstractBeanFactory beanFactory = ((AbstractBeanFactory) applicationContext
66  					.getAutowireCapableBeanFactory());
67  			// retrieve subject's access control context
68  			// and set it as the bean factory security context
69  			Subject.doAs(getSubject(), new PrivilegedAction<Void>() {
70  				@Override
71  				public Void run() {
72  					SecurityContextProvider scp = new SimpleSecurityContextProvider(
73  							AccessController.getContext());
74  					beanFactory.setSecurityContextProvider(scp);
75  					return null;
76  				}
77  			});
78  		}
79  	}
80  }