added runAsAdmin api

scm-core/src/main/java/sonia/scm/web/security/AdministrationContext.java

@@ -0,0 +1,60 @@
+/**
+ * Copyright (c) 2010, Sebastian Sdorra
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. Neither the name of SCM-Manager; nor the names of its
+ *    contributors may be used to endorse or promote products derived from this
+ *    software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * http://bitbucket.org/sdorra/scm-manager
+ *
+ */
+
+
+
+package sonia.scm.web.security;
+
+/**
+ * Execute actions with administration privileges.
+ *
+ * @author Sebastian Sdorra
+ * @since 1.6
+ */
+public interface AdministrationContext
+{
+
+  /**
+   * Executes the given action with administration privileges.
+   *
+   *
+   * @param action to execute
+   */
+  public void runAsAdmin(PrivilegedAction action);
+
+  /**
+   * Executes the given action with administration privileges.
+   *
+   *
+   * @param actionClass  to execute
+   */
+  public void runAsAdmin(Class<? extends PrivilegedAction> actionClass);
+}

scm-core/src/main/java/sonia/scm/web/security/PrivilegedAction.java

@@ -0,0 +1,41 @@
+/**
+ * Copyright (c) 2010, Sebastian Sdorra
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. Neither the name of SCM-Manager; nor the names of its
+ *    contributors may be used to endorse or promote products derived from this
+ *    software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * http://bitbucket.org/sdorra/scm-manager
+ *
+ */
+
+
+
+package sonia.scm.web.security;
+
+/**
+ *
+ * @author Sebastian Sdorra
+ * @since 1.6
+ */
+public interface PrivilegedAction extends Runnable {}

scm-webapp/src/main/java/sonia/scm/ScmContextListener.java

@@ -49,6 +49,7 @@ import sonia.scm.store.StoreFactory;
 import sonia.scm.user.UserManager;
 import sonia.scm.util.IOUtil;
 import sonia.scm.web.security.AuthenticationManager;
+import sonia.scm.web.security.LocalSecurityContextHolder;
 
 //~--- JDK imports ------------------------------------------------------------
 
@@ -93,6 +94,9 @@ public class ScmContextListener extends GuiceServletContextListener
 
       // close CacheManager
       IOUtil.close(injector.getInstance(CacheManager.class));
+
+      // remove thread local store
+      injector.getInstance(LocalSecurityContextHolder.class).destroy();
     }
 
     super.contextDestroyed(servletContextEvent);

scm-webapp/src/main/java/sonia/scm/ScmServletModule.java

@@ -35,6 +35,7 @@ package sonia.scm;
 
 //~--- non-JDK imports --------------------------------------------------------
 
+import com.google.inject.name.Names;
 import com.google.inject.servlet.ServletModule;
 
 import org.slf4j.Logger;
@@ -76,9 +77,13 @@ import sonia.scm.util.DebugServlet;
 import sonia.scm.util.ScmConfigurationUtil;
 import sonia.scm.web.cgi.CGIExecutorFactory;
 import sonia.scm.web.cgi.DefaultCGIExecutorFactory;
+import sonia.scm.web.security.AdministrationContext;
 import sonia.scm.web.security.AuthenticationManager;
 import sonia.scm.web.security.BasicSecurityContext;
 import sonia.scm.web.security.ChainAuthenticatonManager;
+import sonia.scm.web.security.DefaultAdministrationContext;
+import sonia.scm.web.security.LocalSecurityContextHolder;
+import sonia.scm.web.security.SecurityContextProvider;
 import sonia.scm.web.security.WebSecurityContext;
 
 //~--- JDK imports ------------------------------------------------------------
@@ -206,8 +211,12 @@ public class ScmServletModule extends ServletModule
 
     // bind security stuff
     bind(AuthenticationManager.class).to(ChainAuthenticatonManager.class);
-    bind(SecurityContext.class).to(BasicSecurityContext.class);
+    bind(LocalSecurityContextHolder.class);
-    bind(WebSecurityContext.class).to(BasicSecurityContext.class);
+    bind(WebSecurityContext.class).annotatedWith(Names.named("userSession")).to(
+        BasicSecurityContext.class);
+    bind(SecurityContext.class).toProvider(SecurityContextProvider.class);
+    bind(WebSecurityContext.class).toProvider(SecurityContextProvider.class);
+    bind(AdministrationContext.class).to(DefaultAdministrationContext.class);
 
     // bind security cache
     bind(CacheManager.class).to(EhCacheManager.class);

scm-webapp/src/main/java/sonia/scm/web/security/AdministrationSecurityContext.java

@@ -0,0 +1,146 @@
+/**
+ * Copyright (c) 2010, Sebastian Sdorra
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. Neither the name of SCM-Manager; nor the names of its
+ *    contributors may be used to endorse or promote products derived from this
+ *    software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * http://bitbucket.org/sdorra/scm-manager
+ *
+ */
+
+
+
+package sonia.scm.web.security;
+
+//~--- non-JDK imports --------------------------------------------------------
+
+import sonia.scm.user.User;
+
+//~--- JDK imports ------------------------------------------------------------
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ *
+ * @author Sebastian Sdorra
+ */
+public class AdministrationSecurityContext implements WebSecurityContext
+{
+
+  /**
+   * Constructs ...
+   *
+   *
+   * @param user
+   */
+  public AdministrationSecurityContext(User user)
+  {
+    this.user = user;
+  }
+
+  //~--- methods --------------------------------------------------------------
+
+  /**
+   * Method description
+   *
+   *
+   * @param request
+   * @param response
+   * @param username
+   * @param password
+   *
+   * @return
+   */
+  @Override
+  public User authenticate(HttpServletRequest request,
+                           HttpServletResponse response, String username,
+                           String password)
+  {
+    throw new UnsupportedOperationException("Not supported yet.");
+  }
+
+  /**
+   * Method description
+   *
+   *
+   * @param request
+   * @param response
+   */
+  @Override
+  public void logout(HttpServletRequest request, HttpServletResponse response)
+  {
+    throw new UnsupportedOperationException("Not supported yet.");
+  }
+
+  //~--- get methods ----------------------------------------------------------
+
+  /**
+   * Method description
+   *
+   *
+   * @return
+   */
+  @Override
+  public Collection<String> getGroups()
+  {
+    return groups;
+  }
+
+  /**
+   * Method description
+   *
+   *
+   * @return
+   */
+  @Override
+  public User getUser()
+  {
+    return user;
+  }
+
+  /**
+   * Method description
+   *
+   *
+   * @return
+   */
+  @Override
+  public boolean isAuthenticated()
+  {
+    return true;
+  }
+
+  //~--- fields ---------------------------------------------------------------
+
+  /** Field description */
+  private List<String> groups = new ArrayList<String>();
+
+  /** Field description */
+  private User user;
+}

scm-webapp/src/main/java/sonia/scm/web/security/DefaultAdministrationContext.java

@@ -0,0 +1,163 @@
+/**
+ * Copyright (c) 2010, Sebastian Sdorra
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. Neither the name of SCM-Manager; nor the names of its
+ *    contributors may be used to endorse or promote products derived from this
+ *    software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, sEVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * http://bitbucket.org/sdorra/scm-manager
+ *
+ */
+
+
+
+package sonia.scm.web.security;
+
+//~--- non-JDK imports --------------------------------------------------------
+
+import com.google.inject.Inject;
+import com.google.inject.Injector;
+import com.google.inject.Provider;
+import com.google.inject.Singleton;
+import com.google.inject.name.Named;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import sonia.scm.user.User;
+import sonia.scm.util.AssertUtil;
+
+//~--- JDK imports ------------------------------------------------------------
+
+import java.net.URL;
+
+import javax.xml.bind.JAXB;
+
+/**
+ *
+ * @author Sebastian Sdorra
+ */
+@Singleton
+public class DefaultAdministrationContext implements AdministrationContext
+{
+
+  /** Field description */
+  public static final String SYSTEM_ACCOUNT =
+    "/sonia/scm/web/security/system-account.xml";
+
+  /** the logger for DefaultAdministrationContext */
+  private static final Logger logger =
+    LoggerFactory.getLogger(DefaultAdministrationContext.class);
+
+  //~--- constructors ---------------------------------------------------------
+
+  /**
+   * Constructs ...
+   *
+   *
+   * @param injector
+   * @param userSessionProvider
+   * @param contextHolder
+   */
+  @Inject
+  public DefaultAdministrationContext(Injector injector,
+          @Named("userSession") Provider<WebSecurityContext> userSessionProvider,
+          LocalSecurityContextHolder contextHolder)
+  {
+    this.injector = injector;
+    this.userSessionProvider = userSessionProvider;
+    this.contextHolder = contextHolder;
+
+    URL url = DefaultAdministrationContext.class.getResource(SYSTEM_ACCOUNT);
+
+    if (url == null)
+    {
+      throw new RuntimeException("could not find resource for system account");
+    }
+
+    User user = JAXB.unmarshal(url, User.class);
+
+    adminContext = new AdministrationSecurityContext(user);
+  }
+
+  //~--- methods --------------------------------------------------------------
+
+  /**
+   * Method description
+   *
+   *
+   * @param action
+   */
+  @Override
+  public void runAsAdmin(PrivilegedAction action)
+  {
+    AssertUtil.assertIsNotNull(action);
+
+    if (logger.isWarnEnabled())
+    {
+      String user = SecurityUtil.getUsername(userSessionProvider);
+
+      logger.warn("user {} executes {} as admin", user,
+                  action.getClass().getName());
+    }
+
+    contextHolder.set(adminContext);
+
+    try
+    {
+      action.run();
+    }
+    finally
+    {
+      contextHolder.remove();
+    }
+  }
+
+  /**
+   * Method description
+   *
+   *
+   * @param actionClass
+   */
+  @Override
+  public void runAsAdmin(Class<? extends PrivilegedAction> actionClass)
+  {
+    PrivilegedAction action = injector.getInstance(actionClass);
+
+    runAsAdmin(action);
+  }
+
+  //~--- fields ---------------------------------------------------------------
+
+  /** Field description */
+  private AdministrationSecurityContext adminContext;
+
+  /** Field description */
+  private LocalSecurityContextHolder contextHolder;
+
+  /** Field description */
+  private Injector injector;
+
+  /** Field description */
+  private Provider<WebSecurityContext> userSessionProvider;
+}

scm-webapp/src/main/java/sonia/scm/web/security/LocalSecurityContextHolder.java

@@ -0,0 +1,96 @@
+/**
+ * Copyright (c) 2010, Sebastian Sdorra
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. Neither the name of SCM-Manager; nor the names of its
+ *    contributors may be used to endorse or promote products derived from this
+ *    software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * http://bitbucket.org/sdorra/scm-manager
+ *
+ */
+
+
+
+package sonia.scm.web.security;
+
+import com.google.inject.Singleton;
+
+/**
+ *
+ * @author Sebastian Sdorra
+ */
+@Singleton
+public class LocalSecurityContextHolder
+{
+
+  /**
+   * Method description
+   *
+   */
+  public void destroy()
+  {
+    store.remove();
+    store = null;
+  }
+
+  /**
+   * Method description
+   *
+   */
+  public void remove()
+  {
+    store.remove();
+  }
+
+  //~--- get methods ----------------------------------------------------------
+
+  /**
+   * Method description
+   *
+   *
+   * @return
+   */
+  public WebSecurityContext get()
+  {
+    return store.get();
+  }
+
+  //~--- set methods ----------------------------------------------------------
+
+  /**
+   * Method description
+   *
+   *
+   * @param value
+   */
+  public void set(WebSecurityContext value)
+  {
+    store.set(value);
+  }
+
+  //~--- fields ---------------------------------------------------------------
+
+  /** Field description */
+  private ThreadLocal<WebSecurityContext> store =
+    new ThreadLocal<WebSecurityContext>();
+}

scm-webapp/src/main/java/sonia/scm/web/security/SecurityContextProvider.java

@@ -0,0 +1,108 @@
+/**
+ * Copyright (c) 2010, Sebastian Sdorra
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. Neither the name of SCM-Manager; nor the names of its
+ *    contributors may be used to endorse or promote products derived from this
+ *    software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * http://bitbucket.org/sdorra/scm-manager
+ *
+ */
+
+
+
+package sonia.scm.web.security;
+
+//~--- non-JDK imports --------------------------------------------------------
+
+import com.google.inject.Inject;
+import com.google.inject.Provider;
+import com.google.inject.name.Named;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ *
+ * @author Sebastian Sdorra
+ */
+public class SecurityContextProvider implements Provider<WebSecurityContext>
+{
+
+  /** the logger for SecurityContextProvider */
+  private static final Logger logger =
+    LoggerFactory.getLogger(SecurityContextProvider.class);
+
+  //~--- constructors ---------------------------------------------------------
+
+  /**
+   * Constructs ...
+   *
+   *
+   * @param sessionContext
+   * @param localContext
+   */
+  @Inject
+  public SecurityContextProvider(
+          @Named("userSession") Provider<WebSecurityContext> sessionContext,
+          LocalSecurityContextHolder localContext)
+  {
+    this.sessionContext = sessionContext;
+    this.localContext = localContext;
+  }
+
+  //~--- get methods ----------------------------------------------------------
+
+  /**
+   * Method description
+   *
+   *
+   * @return
+   */
+  @Override
+  public WebSecurityContext get()
+  {
+    WebSecurityContext context = localContext.get();
+
+    if (context == null)
+    {
+      context = sessionContext.get();
+    }
+    else if (logger.isDebugEnabled())
+    {
+      String user = SecurityUtil.getUsername(sessionContext);
+
+      logger.debug("return system session for user {}", user);
+    }
+
+    return context;
+  }
+
+  //~--- fields ---------------------------------------------------------------
+
+  /** Field description */
+  private LocalSecurityContextHolder localContext;
+
+  /** Field description */
+  private Provider<WebSecurityContext> sessionContext;
+}

scm-webapp/src/main/java/sonia/scm/web/security/SecurityUtil.java

@@ -0,0 +1,82 @@
+/**
+ * Copyright (c) 2010, Sebastian Sdorra
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. Neither the name of SCM-Manager; nor the names of its
+ *    contributors may be used to endorse or promote products derived from this
+ *    software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * http://bitbucket.org/sdorra/scm-manager
+ *
+ */
+
+
+
+package sonia.scm.web.security;
+
+//~--- non-JDK imports --------------------------------------------------------
+
+import com.google.inject.Provider;
+
+import sonia.scm.SCMContext;
+
+/**
+ *
+ * @author Sebastian Sdorra
+ */
+public class SecurityUtil
+{
+
+  /**
+   * Method description
+   *
+   *
+   * @param securityContextProvider
+   *
+   * @return
+   */
+  public static String getUsername(
+          Provider<WebSecurityContext> securityContextProvider)
+  {
+    return getUsername(securityContextProvider.get());
+  }
+
+  /**
+   * Method description
+   *
+   *
+   * @param securityContext
+   *
+   * @return
+   */
+  public static String getUsername(WebSecurityContext securityContext)
+  {
+    String user = SCMContext.USER_ANONYMOUS;
+
+    if ((securityContext != null) && (securityContext.getUser() != null))
+    {
+      user = securityContext.getUser().getName();
+    }
+
+    return user;
+  }
+}

scm-webapp/src/main/resources/sonia/scm/web/security/system-account.xml

@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+    Document   : system-user.xml
+    Created on : July 30, 2011, 10:49 AM
+    Author     : sdorra
+    Description:
+        Purpose of the document follows.
+-->
+
+<users>
+  <name>scmsystem</name>
+  <displayName>SCM System</displayName>
+  <mail>scm-sytem@scm-manager.com</mail>
+  <password>*</password>
+  <admin>true</admin>
+  <type>xml</type>
+</users>