do not use subject run as for administration context, because it could affect other threads

2025-11-12 08:25:44 +01:00 · 2014-04-24 08:58:59 +02:00
parent 90004e1d1c
commit ded786209d
1 changed files with 31 additions and 29 deletions
--- a/scm-webapp/src/main/java/sonia/scm/web/security/DefaultAdministrationContext.java
+++ b/scm-webapp/src/main/java/sonia/scm/web/security/DefaultAdministrationContext.java
@@ -86,8 +86,6 @@ public class DefaultAdministrationContext implements AdministrationContext
   *
   *
   * @param injector
-   * @param userSessionProvider
-   * @param contextHolder
   * @param securityManager
   */
  @Inject
@@ -178,6 +176,22 @@ public class DefaultAdministrationContext implements AdministrationContext
    return collection;
  }

+  /**
+   * Method description
+   *
+   *
+   * @return
+   */
+  private Subject createAdminSubject()
+  {
+    //J-
+    return new Subject.Builder(securityManager)
+      .authenticated(true)
+      .principals(principalCollection)
+      .buildSubject();
+    //J+
+  }
+
  /**
   * Method description
   *
@@ -195,12 +209,7 @@ public class DefaultAdministrationContext implements AdministrationContext
    {
      SecurityUtils.setSecurityManager(securityManager);

-      //J-
-      Subject subject = new Subject.Builder(securityManager)
-        .authenticated(true)
-        .principals(principalCollection)
-        .buildSubject(); 
-      //J+
+      Subject subject = createAdminSubject();
      ThreadState state = new SubjectThreadState(subject);

      state.bind();
@@ -240,7 +249,7 @@ public class DefaultAdministrationContext implements AdministrationContext

    if (logger.isInfoEnabled())
    {
-      String username = null;
+      String username;

      if (subject.hasRole(Role.USER))
      {
@@ -255,7 +264,12 @@ public class DefaultAdministrationContext implements AdministrationContext
        action.getClass().getName());
    }

-    subject.runAs(principalCollection);
+    Subject adminSubject = createAdminSubject();
+
+    // do not use runas, because we want only execute this action in this
+    // thread as administrator. Runas could affect other threads
+
+    ThreadContext.bind(adminSubject);

    try
    {
@@ -263,32 +277,20 @@ public class DefaultAdministrationContext implements AdministrationContext
    }
    finally
    {
-
-      PrincipalCollection collection = subject.releaseRunAs();
-
-      if (logger.isDebugEnabled())
-      {
-        logger.debug("release runas for user {}/{}",
-          principal, collection.getPrimaryPrincipal());
-      }
-
-      if (!subject.getPrincipal().equals(principal))
-      {
-        logger.error("release runas failed, {} is not equal with {}, logout.",
-          subject.getPrincipal(), principal);
-        subject.logout();
-      }
+      logger.debug("release administration context for user {}/{}", principal,
+        subject.getPrincipal());
+      ThreadContext.bind(subject);
    }
  }

  //~--- fields ---------------------------------------------------------------

  /** Field description */
-  private Injector injector;
+  private final Injector injector;
+
+  /** Field description */
+  private final org.apache.shiro.mgt.SecurityManager securityManager;

  /** Field description */
  private PrincipalCollection principalCollection;
-
-  /** Field description */
-  private org.apache.shiro.mgt.SecurityManager securityManager;
 }