Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2025-11-12 16:35:45 +01:00
Code Issues Packages Projects Releases Activity

do not use subject run as for administration context, because it could affect other threads

Browse Source
This commit is contained in:
Sebastian Sdorra
2014-04-24 08:58:59 +02:00
parent 90004e1d1c
commit ded786209d
1 changed files with 31 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
scm-webapp/src/main/java/sonia/scm/web/security/DefaultAdministrationContext.java
View File

@@ -86,8 +86,6 @@ public class DefaultAdministrationContext implements AdministrationContext
* *
* *
* @param injector * @param injector
* @param userSessionProvider
* @param contextHolder
* @param securityManager * @param securityManager
*/ */
@Inject @Inject
@@ -178,6 +176,22 @@ public class DefaultAdministrationContext implements AdministrationContext
return collection; return collection;
} }
/**
* Method description
*
*
* @return
*/
private Subject createAdminSubject()
{
//J-
return new Subject.Builder(securityManager)
.authenticated(true)
.principals(principalCollection)
.buildSubject();
//J+
}
/** /**
* Method description * Method description
* *
@@ -195,12 +209,7 @@ public class DefaultAdministrationContext implements AdministrationContext
{ {
SecurityUtils.setSecurityManager(securityManager); SecurityUtils.setSecurityManager(securityManager);
//J- Subject subject = createAdminSubject();
Subject subject = new Subject.Builder(securityManager)
.authenticated(true)
.principals(principalCollection)
.buildSubject();
//J+
ThreadState state = new SubjectThreadState(subject); ThreadState state = new SubjectThreadState(subject);
state.bind(); state.bind();
@@ -240,7 +249,7 @@ public class DefaultAdministrationContext implements AdministrationContext
if (logger.isInfoEnabled()) if (logger.isInfoEnabled())
{ {
String username = null; String username;
if (subject.hasRole(Role.USER)) if (subject.hasRole(Role.USER))
{ {
@@ -255,7 +264,12 @@ public class DefaultAdministrationContext implements AdministrationContext
action.getClass().getName()); action.getClass().getName());
} }
subject.runAs(principalCollection); Subject adminSubject = createAdminSubject();
// do not use runas, because we want only execute this action in this
// thread as administrator. Runas could affect other threads
ThreadContext.bind(adminSubject);
try try
{ {
@@ -263,32 +277,20 @@ public class DefaultAdministrationContext implements AdministrationContext
} }
finally finally
{ {
logger.debug("release administration context for user {}/{}", principal,
PrincipalCollection collection = subject.releaseRunAs(); subject.getPrincipal());
ThreadContext.bind(subject);
if (logger.isDebugEnabled())
{
logger.debug("release runas for user {}/{}",
principal, collection.getPrimaryPrincipal());
}
if (!subject.getPrincipal().equals(principal))
{
logger.error("release runas failed, {} is not equal with {}, logout.",
subject.getPrincipal(), principal);
subject.logout();
}
} }
} }
//~--- fields --------------------------------------------------------------- //~--- fields ---------------------------------------------------------------
/** Field description */ /** Field description */
private Injector injector; private final Injector injector;
/** Field description */
private final org.apache.shiro.mgt.SecurityManager securityManager;
/** Field description */ /** Field description */
private PrincipalCollection principalCollection; private PrincipalCollection principalCollection;
/** Field description */
private org.apache.shiro.mgt.SecurityManager securityManager;
} }