This repository has been archived by the owner on Nov 9, 2017. It is now read-only.
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
rhbz1021357 - Insert the authenticated person into the Security Rules…
…' context for asynchronous processes.
- Loading branch information
Carlos A. Munoz
committed
Oct 22, 2013
1 parent
f1f4304
commit 9154034
Showing
2 changed files
with
25 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -24,12 +24,15 @@ | |
|
||
import javax.security.auth.Subject; | ||
|
||
import org.jboss.seam.Component; | ||
import org.jboss.seam.ScopeType; | ||
import org.jboss.seam.annotations.AutoCreate; | ||
import org.jboss.seam.annotations.Name; | ||
import org.jboss.seam.annotations.Scope; | ||
import org.jboss.seam.annotations.async.Asynchronous; | ||
import org.jboss.seam.security.RunAsOperation; | ||
import org.zanata.action.AuthenticationEvents; | ||
import org.zanata.dao.AccountDAO; | ||
|
||
import lombok.extern.slf4j.Slf4j; | ||
|
||
|
@@ -51,13 +54,14 @@ public class AsynchronousTaskExecutor { | |
@Asynchronous | ||
public <V, H extends AsyncTaskHandle<V>> void runAsynchronously( | ||
final AsyncTask<V, H> task, final Principal runAsPpal, | ||
final Subject runAsSubject) { | ||
final Subject runAsSubject, final String username) { | ||
AsyncUtils.outject(task.getHandle(), ScopeType.EVENT); | ||
|
||
RunAsOperation runAsOp = new RunAsOperation() { | ||
@Override | ||
public void execute() { | ||
try { | ||
prepareSecurityContext(username); | ||
V returnValue = task.call(); | ||
task.getHandle().set(returnValue); | ||
} catch (Exception t) { | ||
|
@@ -82,4 +86,21 @@ public Subject getSubject() { | |
runAsOp.run(); | ||
} | ||
|
||
/** | ||
* Prepares the Drools security context so that it contains all the | ||
* necessary facts for security checking. | ||
*/ | ||
private static void prepareSecurityContext(String username) { | ||
/* | ||
* TODO This should be changed to not need the username. There should be | ||
* a way to simulate a login for asyn tasks, or at least to inherit the | ||
* caller's context | ||
*/ | ||
AccountDAO accountDAO = | ||
(AccountDAO) Component.getInstance(AccountDAO.class); | ||
AuthenticationEvents authEvts = | ||
(AuthenticationEvents) Component | ||
.getInstance(AuthenticationEvents.class); | ||
authEvts.loginSuccessful(accountDAO.getByUsername(username)); | ||
This comment has been minimized.
Sorry, something went wrong.
This comment has been minimized.
Sorry, something went wrong.
carlosmunoz
Member
|
||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Which invokes log.info("Account {0} authenticated", account.getUsername()); So. Many. Log. Statements.
I really wish we could do away with the need for authenticatedPerson in security.drl, but in the meantime, perhaps we could separate the idea of "login successful" from inserting authenticatedPerson into the security context.