Announcement Announcement Module
Collapse
No announcement yet.
How to pass User from thread to thread Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to pass User from thread to thread

    Hi all !

    I think I need a RUN_AS configuration, but I'm not too sure about it... Let me explain.

    One of my Spring Controller should spawn off a thread, and that new thread needs access to the authenticated user. How should I pass the user around ?

    Do I really need RUN_AS ? If so, how should I go about configuring it ? I have a very basic configuration set up, and nothing has changed from the Acegi Security System default configuration.

    Thanks for any help !
    François

  • #2
    Francois, if spawning a new thread you'll need to ensure the ContextHolder (a ThreadLocal) contents gets copied to the new thread. How to do that is really up to you, as Acegi Security provides no hooks for that purpose. You shouldn't need RUN_AS unless you want to actually replace the current user, which doesn't seem to be the goal.

    Comment


    • #3
      Hi Ben,

      Here's what I'm doing at the moment:
      Code:
      final SecureContext secureContext =
              (SecureContext) ContextHolder.getContext();
      if (null == secureContext)
          throw new NotAuthentifiedException("Could not access context");
      
      executor.execute(
              new Runnable() {
                  public void run() {
                      SecureContext subContext =
                              (SecureContext) ContextHolder.getContext();
                      if (null == subContext) {
                          ContextHolder.setContext(secureContext);
                      }
      
                      ContextHolder.getContext().validate();
      
                      delegate.crawl(page, maxDepth, keywords, listener);
                  }
              });
      I'm guessing this is what you suggested. But, according to my tests, I am not able to pass the SecureContext from thread to thread. The SecureContext gets invalidated when the request terminates, which changes the Authentication in my new Thread. Should I instead copy the Authentication into a new SecureContext ? How would that affect me ? Would security be compromised ?

      Thanks,
      François

      Comment


      • #4
        Hi François,

        Can you explain what goes wrong in your tests that leads you to think that you can't pass the context between threads and at what point you see the failure? Have you tried to reproduce it in a simple test you can post?

        I can't see why there should be a problem. The fact that the ThreadLocal contents are reset for the original thread shouldn't affect the contents in the new one at all. At what point do you see the Authentication changing? Although the SecureContext is set to null at the end of a request, I'm not aware of anwhere that the authentication within the context is modified (other than when authentication fails), so I don't see how this would affect the context reference in the new thread.

        Luke.

        Comment


        • #5
          Luke, I know I need a repro recipe, but I just don't know how to do authn without using the web server at all.

          The way I tested was to show SecureContext both before and after I entered the new thread. I don't have a log anymore, so I'll go from memory. The log looked like this:

          Code:
          http-processor5 - Preparing to start new thread - SecureContext@1234[principal=X, password=[PROTECTED], ...]
          pool1-thread2 - In new thread, SecureContext@1234[principal=X, password=[PROTECTED], ...]
          http-processor5 - Returning from Controller#handleRequest()
          pool1-thread2 - Attempting to save to DB
          pool1-thread2 - InvalidContextException - no authn in context
          [i]stack trace omitted[/i]
          That's what I remember seeing. I'll try and get back to the prior state (never committed the bad code) and post back.

          Thanks,
          François

          Comment


          • #6
            I can't see any problems with your code either. Did you sort it out?

            Comment

            Working...
            X