SpringSecurityAuditorAware fetches AclSid#id directly with getSidId()

a3c4dfd2 · Matija Obreza · bd408e8a · a3c4dfd2 · a3c4dfd2 · a3c4dfd2
Commit a3c4dfd2 authored Dec 05, 2018 by Matija Obreza
5 changed files
--- a/security/src/main/java/org/genesys/blocks/security/SecurityContextUtil.java
+++ b/security/src/main/java/org/genesys/blocks/security/SecurityContextUtil.java
@@ -56,18 +56,21 @@ public class SecurityContextUtil {
 	 * @return true if obtained, false if not obtained.
 	 */
 	private static synchronized boolean updatePermissionEvaluator() {
+		return (permissionEvaluator = updateBean(PermissionEvaluator.class)) != null;
+	}
+	
+	static final <T> T updateBean(Class<T> clazz) {
 		ApplicationContext context = CurrentApplicationContext.getContext();
 		if (context != null) {
 			try {
-				permissionEvaluator = context.getBean(PermissionEvaluator.class);
-				return true;
+				return context.getBean(clazz);
 			} catch (BeansException e) {
-				LOG.warn("Could not find PermissionEvaluator instance in your context");
+				LOG.warn("Could not find {} instance in your context: {}", clazz, e.getMessage());
 			}
 		} else {
 			LOG.warn("You should initialize a bean instance of org.genesys.blocks.util.CurrentApplicationContext in your context");
 		}
-		return false;
+		return null;
 	}

 	/**
@@ -122,7 +125,7 @@ public class SecurityContextUtil {
 			if (principal instanceof AclSid) {
 				return (T) principal;
 			} else {
-				LOG.warn("Principal {} is not AclSid, but type {}", principal, principal.getClass());
+				LOG.warn("Principal {} is not AclSid, but type {}. Auth of type {}", principal, principal.getClass(), authentication.getClass());
 			}
 		}


--- a/security/src/main/java/org/genesys/blocks/security/SpringSecurityAuditorAware.java
+++ b/security/src/main/java/org/genesys/blocks/security/SpringSecurityAuditorAware.java
@@ -15,10 +15,14 @@
 */
 package org.genesys.blocks.security;

-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
 import org.genesys.blocks.security.model.AclSid;
+import org.genesys.blocks.security.service.CustomAclService;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.domain.AuditorAware;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Component;

 /**
@@ -28,7 +32,10 @@ import org.springframework.stereotype.Component;
 public class SpringSecurityAuditorAware implements AuditorAware<Long> {

 	/** The Constant LOG. */
-	public static final Log LOG = LogFactory.getLog(SpringSecurityAuditorAware.class);
+	private static final Logger LOG = LoggerFactory.getLogger(SpringSecurityAuditorAware.class);
+
+	@Autowired
+	private CustomAclService aclService;

 	/*
 	 * (non-Javadoc)
@@ -36,13 +43,21 @@ public class SpringSecurityAuditorAware implements AuditorAware<Long> {
 	 */
 	@Override
 	public Long getCurrentAuditor() {
-		final AclSid sid = SecurityContextUtil.getCurrentUser();
+		final Authentication authentication = SecurityContextHolder.getContext().getAuthentication();

-		if (sid == null) {
-			SpringSecurityAuditorAware.LOG.trace("No AclSid in security context, can't specify createdBy/lastUpdatedBy");
+		if (authentication != null) {
+			Object principal = authentication.getPrincipal();
+			if (principal instanceof AclSid) {
+				return ((AclSid) principal).getId();
+			} else if (principal instanceof String) {
+				return aclService.getSidId((String) principal);
+			} else {
+				LOG.warn("Principal {} is not AclSid, but type {}. Auth of type {}", principal, principal.getClass(), authentication.getClass());
+			}
 		}
-
-		return sid == null ? null : sid.getId();
+		
+		LOG.warn("No security principal available.");
+		return null;
 	}

 }
--- a/security/src/main/java/org/genesys/blocks/security/persistence/AclSidPersistence.java
+++ b/security/src/main/java/org/genesys/blocks/security/persistence/AclSidPersistence.java
@@ -53,4 +53,12 @@ public interface AclSidPersistence extends JpaRepository<AclSid, Long> {
 	@Query("select sid from AclSid sid where sid.principal = false")
 	List<AclSid> listAuthoritySids();

+	/**
+	 * Gets the sid id.
+	 *
+	 * @param sid the sid
+	 * @return the sid id
+	 */
+	@Query("select sid.id from AclSid sid where sid.sid = :sid")
+	Long getSidId(@Param("sid") String sid);
 }
--- a/security/src/main/java/org/genesys/blocks/security/service/CustomAclService.java
+++ b/security/src/main/java/org/genesys/blocks/security/service/CustomAclService.java
@@ -228,4 +228,12 @@ public interface CustomAclService {
 	 * missing ACL-aware entities, remove obsolete {@link AclClass}.
 	 */
 	void cleanupAcl();
+
+	/**
+	 * Gets the sid id.
+	 *
+	 * @param sid the sid
+	 * @return the sid id
+	 */
+	Long getSidId(String sid);
 }
--- a/security/src/main/java/org/genesys/blocks/security/service/impl/CustomAclServiceImpl.java
+++ b/security/src/main/java/org/genesys/blocks/security/service/impl/CustomAclServiceImpl.java
@@ -44,6 +44,7 @@ import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.acls.domain.BasePermission;
 import org.springframework.security.acls.model.Permission;
 import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Isolation;
 import org.springframework.transaction.annotation.Propagation;
 import org.springframework.transaction.annotation.Transactional;

@@ -93,7 +94,13 @@ public class CustomAclServiceImpl implements CustomAclService {
 	public AclSid getSid(Long id) {
 		return aclSidPersistence.findOne(id);
 	}
-
+	
+	@Override
+	@Transactional(readOnly = true, propagation = Propagation.REQUIRES_NEW, isolation = Isolation.READ_UNCOMMITTED)
+	public Long getSidId(String sid) {
+		return aclSidPersistence.getSidId(sid);
+	}
+	
 	@Override
 	@Transactional(propagation = Propagation.REQUIRED)
 	public AclSid getAuthoritySid(String authority) {