Commit a3c4dfd2 authored by Matija Obreza's avatar Matija Obreza

SpringSecurityAuditorAware fetches AclSid#id directly with getSidId()

parent bd408e8a
...@@ -56,18 +56,21 @@ public class SecurityContextUtil { ...@@ -56,18 +56,21 @@ public class SecurityContextUtil {
* @return true if obtained, false if not obtained. * @return true if obtained, false if not obtained.
*/ */
private static synchronized boolean updatePermissionEvaluator() { private static synchronized boolean updatePermissionEvaluator() {
return (permissionEvaluator = updateBean(PermissionEvaluator.class)) != null;
}
static final <T> T updateBean(Class<T> clazz) {
ApplicationContext context = CurrentApplicationContext.getContext(); ApplicationContext context = CurrentApplicationContext.getContext();
if (context != null) { if (context != null) {
try { try {
permissionEvaluator = context.getBean(PermissionEvaluator.class); return context.getBean(clazz);
return true;
} catch (BeansException e) { } catch (BeansException e) {
LOG.warn("Could not find PermissionEvaluator instance in your context"); LOG.warn("Could not find {} instance in your context: {}", clazz, e.getMessage());
} }
} else { } else {
LOG.warn("You should initialize a bean instance of org.genesys.blocks.util.CurrentApplicationContext in your context"); LOG.warn("You should initialize a bean instance of org.genesys.blocks.util.CurrentApplicationContext in your context");
} }
return false; return null;
} }
/** /**
...@@ -122,7 +125,7 @@ public class SecurityContextUtil { ...@@ -122,7 +125,7 @@ public class SecurityContextUtil {
if (principal instanceof AclSid) { if (principal instanceof AclSid) {
return (T) principal; return (T) principal;
} else { } else {
LOG.warn("Principal {} is not AclSid, but type {}", principal, principal.getClass()); LOG.warn("Principal {} is not AclSid, but type {}. Auth of type {}", principal, principal.getClass(), authentication.getClass());
} }
} }
......
...@@ -15,10 +15,14 @@ ...@@ -15,10 +15,14 @@
*/ */
package org.genesys.blocks.security; package org.genesys.blocks.security;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.genesys.blocks.security.model.AclSid; import org.genesys.blocks.security.model.AclSid;
import org.genesys.blocks.security.service.CustomAclService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.domain.AuditorAware; import org.springframework.data.domain.AuditorAware;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
/** /**
...@@ -28,7 +32,10 @@ import org.springframework.stereotype.Component; ...@@ -28,7 +32,10 @@ import org.springframework.stereotype.Component;
public class SpringSecurityAuditorAware implements AuditorAware<Long> { public class SpringSecurityAuditorAware implements AuditorAware<Long> {
/** The Constant LOG. */ /** The Constant LOG. */
public static final Log LOG = LogFactory.getLog(SpringSecurityAuditorAware.class); private static final Logger LOG = LoggerFactory.getLogger(SpringSecurityAuditorAware.class);
@Autowired
private CustomAclService aclService;
/* /*
* (non-Javadoc) * (non-Javadoc)
...@@ -36,13 +43,21 @@ public class SpringSecurityAuditorAware implements AuditorAware<Long> { ...@@ -36,13 +43,21 @@ public class SpringSecurityAuditorAware implements AuditorAware<Long> {
*/ */
@Override @Override
public Long getCurrentAuditor() { public Long getCurrentAuditor() {
final AclSid sid = SecurityContextUtil.getCurrentUser(); final Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (sid == null) { if (authentication != null) {
SpringSecurityAuditorAware.LOG.trace("No AclSid in security context, can't specify createdBy/lastUpdatedBy"); Object principal = authentication.getPrincipal();
if (principal instanceof AclSid) {
return ((AclSid) principal).getId();
} else if (principal instanceof String) {
return aclService.getSidId((String) principal);
} else {
LOG.warn("Principal {} is not AclSid, but type {}. Auth of type {}", principal, principal.getClass(), authentication.getClass());
}
} }
return sid == null ? null : sid.getId(); LOG.warn("No security principal available.");
return null;
} }
} }
...@@ -53,4 +53,12 @@ public interface AclSidPersistence extends JpaRepository<AclSid, Long> { ...@@ -53,4 +53,12 @@ public interface AclSidPersistence extends JpaRepository<AclSid, Long> {
@Query("select sid from AclSid sid where sid.principal = false") @Query("select sid from AclSid sid where sid.principal = false")
List<AclSid> listAuthoritySids(); List<AclSid> listAuthoritySids();
/**
* Gets the sid id.
*
* @param sid the sid
* @return the sid id
*/
@Query("select sid.id from AclSid sid where sid.sid = :sid")
Long getSidId(@Param("sid") String sid);
} }
...@@ -228,4 +228,12 @@ public interface CustomAclService { ...@@ -228,4 +228,12 @@ public interface CustomAclService {
* missing ACL-aware entities, remove obsolete {@link AclClass}. * missing ACL-aware entities, remove obsolete {@link AclClass}.
*/ */
void cleanupAcl(); void cleanupAcl();
/**
* Gets the sid id.
*
* @param sid the sid
* @return the sid id
*/
Long getSidId(String sid);
} }
...@@ -44,6 +44,7 @@ import org.springframework.security.access.prepost.PreAuthorize; ...@@ -44,6 +44,7 @@ import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.acls.domain.BasePermission; import org.springframework.security.acls.domain.BasePermission;
import org.springframework.security.acls.model.Permission; import org.springframework.security.acls.model.Permission;
import org.springframework.stereotype.Service; import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Isolation;
import org.springframework.transaction.annotation.Propagation; import org.springframework.transaction.annotation.Propagation;
import org.springframework.transaction.annotation.Transactional; import org.springframework.transaction.annotation.Transactional;
...@@ -93,7 +94,13 @@ public class CustomAclServiceImpl implements CustomAclService { ...@@ -93,7 +94,13 @@ public class CustomAclServiceImpl implements CustomAclService {
public AclSid getSid(Long id) { public AclSid getSid(Long id) {
return aclSidPersistence.findOne(id); return aclSidPersistence.findOne(id);
} }
@Override
@Transactional(readOnly = true, propagation = Propagation.REQUIRES_NEW, isolation = Isolation.READ_UNCOMMITTED)
public Long getSidId(String sid) {
return aclSidPersistence.getSidId(sid);
}
@Override @Override
@Transactional(propagation = Propagation.REQUIRED) @Transactional(propagation = Propagation.REQUIRED)
public AclSid getAuthoritySid(String authority) { public AclSid getAuthoritySid(String authority) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment