From a3c4dfd25ec649b875a8d74a28c13d301c4e9818 Mon Sep 17 00:00:00 2001 From: Matija Obreza Date: Wed, 5 Dec 2018 21:46:22 +0100 Subject: [PATCH] SpringSecurityAuditorAware fetches AclSid#id directly with getSidId() --- .../blocks/security/SecurityContextUtil.java | 13 +++++--- .../security/SpringSecurityAuditorAware.java | 31 ++++++++++++++----- .../persistence/AclSidPersistence.java | 8 +++++ .../security/service/CustomAclService.java | 8 +++++ .../service/impl/CustomAclServiceImpl.java | 9 +++++- 5 files changed, 55 insertions(+), 14 deletions(-) diff --git a/security/src/main/java/org/genesys/blocks/security/SecurityContextUtil.java b/security/src/main/java/org/genesys/blocks/security/SecurityContextUtil.java index 8fe3dbc..2f531d8 100644 --- a/security/src/main/java/org/genesys/blocks/security/SecurityContextUtil.java +++ b/security/src/main/java/org/genesys/blocks/security/SecurityContextUtil.java @@ -56,18 +56,21 @@ public class SecurityContextUtil { * @return true if obtained, false if not obtained. */ private static synchronized boolean updatePermissionEvaluator() { + return (permissionEvaluator = updateBean(PermissionEvaluator.class)) != null; + } + + static final T updateBean(Class clazz) { ApplicationContext context = CurrentApplicationContext.getContext(); if (context != null) { try { - permissionEvaluator = context.getBean(PermissionEvaluator.class); - return true; + return context.getBean(clazz); } catch (BeansException e) { - LOG.warn("Could not find PermissionEvaluator instance in your context"); + LOG.warn("Could not find {} instance in your context: {}", clazz, e.getMessage()); } } else { LOG.warn("You should initialize a bean instance of org.genesys.blocks.util.CurrentApplicationContext in your context"); } - return false; + return null; } /** @@ -122,7 +125,7 @@ public class SecurityContextUtil { if (principal instanceof AclSid) { return (T) principal; } else { - LOG.warn("Principal {} is not AclSid, but type {}", principal, principal.getClass()); + LOG.warn("Principal {} is not AclSid, but type {}. Auth of type {}", principal, principal.getClass(), authentication.getClass()); } } diff --git a/security/src/main/java/org/genesys/blocks/security/SpringSecurityAuditorAware.java b/security/src/main/java/org/genesys/blocks/security/SpringSecurityAuditorAware.java index a4be914..57af8e8 100644 --- a/security/src/main/java/org/genesys/blocks/security/SpringSecurityAuditorAware.java +++ b/security/src/main/java/org/genesys/blocks/security/SpringSecurityAuditorAware.java @@ -15,10 +15,14 @@ */ package org.genesys.blocks.security; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; import org.genesys.blocks.security.model.AclSid; +import org.genesys.blocks.security.service.CustomAclService; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.data.domain.AuditorAware; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.stereotype.Component; /** @@ -28,7 +32,10 @@ import org.springframework.stereotype.Component; public class SpringSecurityAuditorAware implements AuditorAware { /** The Constant LOG. */ - public static final Log LOG = LogFactory.getLog(SpringSecurityAuditorAware.class); + private static final Logger LOG = LoggerFactory.getLogger(SpringSecurityAuditorAware.class); + + @Autowired + private CustomAclService aclService; /* * (non-Javadoc) @@ -36,13 +43,21 @@ public class SpringSecurityAuditorAware implements AuditorAware { */ @Override public Long getCurrentAuditor() { - final AclSid sid = SecurityContextUtil.getCurrentUser(); + final Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); - if (sid == null) { - SpringSecurityAuditorAware.LOG.trace("No AclSid in security context, can't specify createdBy/lastUpdatedBy"); + if (authentication != null) { + Object principal = authentication.getPrincipal(); + if (principal instanceof AclSid) { + return ((AclSid) principal).getId(); + } else if (principal instanceof String) { + return aclService.getSidId((String) principal); + } else { + LOG.warn("Principal {} is not AclSid, but type {}. Auth of type {}", principal, principal.getClass(), authentication.getClass()); + } } - - return sid == null ? null : sid.getId(); + + LOG.warn("No security principal available."); + return null; } } diff --git a/security/src/main/java/org/genesys/blocks/security/persistence/AclSidPersistence.java b/security/src/main/java/org/genesys/blocks/security/persistence/AclSidPersistence.java index 0e7b5aa..6a3241c 100644 --- a/security/src/main/java/org/genesys/blocks/security/persistence/AclSidPersistence.java +++ b/security/src/main/java/org/genesys/blocks/security/persistence/AclSidPersistence.java @@ -53,4 +53,12 @@ public interface AclSidPersistence extends JpaRepository { @Query("select sid from AclSid sid where sid.principal = false") List listAuthoritySids(); + /** + * Gets the sid id. + * + * @param sid the sid + * @return the sid id + */ + @Query("select sid.id from AclSid sid where sid.sid = :sid") + Long getSidId(@Param("sid") String sid); } diff --git a/security/src/main/java/org/genesys/blocks/security/service/CustomAclService.java b/security/src/main/java/org/genesys/blocks/security/service/CustomAclService.java index 50ffb7c..0899f90 100644 --- a/security/src/main/java/org/genesys/blocks/security/service/CustomAclService.java +++ b/security/src/main/java/org/genesys/blocks/security/service/CustomAclService.java @@ -228,4 +228,12 @@ public interface CustomAclService { * missing ACL-aware entities, remove obsolete {@link AclClass}. */ void cleanupAcl(); + + /** + * Gets the sid id. + * + * @param sid the sid + * @return the sid id + */ + Long getSidId(String sid); } diff --git a/security/src/main/java/org/genesys/blocks/security/service/impl/CustomAclServiceImpl.java b/security/src/main/java/org/genesys/blocks/security/service/impl/CustomAclServiceImpl.java index 9da0cf0..dfc7b5d 100644 --- a/security/src/main/java/org/genesys/blocks/security/service/impl/CustomAclServiceImpl.java +++ b/security/src/main/java/org/genesys/blocks/security/service/impl/CustomAclServiceImpl.java @@ -44,6 +44,7 @@ import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.acls.domain.BasePermission; import org.springframework.security.acls.model.Permission; import org.springframework.stereotype.Service; +import org.springframework.transaction.annotation.Isolation; import org.springframework.transaction.annotation.Propagation; import org.springframework.transaction.annotation.Transactional; @@ -93,7 +94,13 @@ public class CustomAclServiceImpl implements CustomAclService { public AclSid getSid(Long id) { return aclSidPersistence.findOne(id); } - + + @Override + @Transactional(readOnly = true, propagation = Propagation.REQUIRES_NEW, isolation = Isolation.READ_UNCOMMITTED) + public Long getSidId(String sid) { + return aclSidPersistence.getSidId(sid); + } + @Override @Transactional(propagation = Propagation.REQUIRED) public AclSid getAuthoritySid(String authority) { -- GitLab