@Async and SecurityContext (#872)

* @Async and Spring Security * @Async with SecurityContext propagated * Spring and @Async * Simulated Annealing algorithm * Rebase * Rebase
2016-12-16 10:14:48 +01:00 · 2016-12-16 10:14:48 +01:00 · 8844871e2b
parent 0087a4ab3b
commit 8844871e2b
6 changed files with 126 additions and 31 deletions
--- a/core-java/src/test/java/com/baeldung/algorithms/SimulatedAnnealingTest.java
+++ b/core-java/src/test/java/com/baeldung/algorithms/SimulatedAnnealingTest.java
@ -0,0 +1,13 @@
+package com.baeldung.algorithms;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+public class SimulatedAnnealingTest {
+
+	@Test
+	public void testSimulateAnnealing() {
+		Assert.assertTrue(SimulatedAnnealing.simulateAnnealing(10, 1000, 0.9) > 0);
+	}
+
+}
--- a/spring-security-rest/src/main/java/org/baeldung/spring/SecurityJavaConfig.java
+++ b/spring-security-rest/src/main/java/org/baeldung/spring/SecurityJavaConfig.java
@ -1,8 +1,7 @@
 package org.baeldung.spring;

 import org.baeldung.security.MySavedRequestAwareAuthenticationSuccessHandler;
-import org.baeldung.security.RestAuthenticationEntryPoint;
-import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.config.MethodInvokingFactoryBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.Configuration;
@ -10,6 +9,7 @@ import org.springframework.security.config.annotation.authentication.builders.Au
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;

@Configuration
@ -17,11 +17,11 @@ import org.springframework.security.web.authentication.SimpleUrlAuthenticationFa
@ComponentScan("org.baeldung.security")
 public class SecurityJavaConfig extends WebSecurityConfigurerAdapter {

-    @Autowired
-    private RestAuthenticationEntryPoint restAuthenticationEntryPoint;
+//    @Autowired
+//    private RestAuthenticationEntryPoint restAuthenticationEntryPoint;

-    @Autowired
-    private MySavedRequestAwareAuthenticationSuccessHandler authenticationSuccessHandler;
+//    @Autowired
+//    private MySavedRequestAwareAuthenticationSuccessHandler authenticationSuccessHandler;

    public SecurityJavaConfig() {
        super();
@ -38,17 +38,21 @@ public class SecurityJavaConfig extends WebSecurityConfigurerAdapter {
    protected void configure(final HttpSecurity http) throws Exception {// @formatter:off
        http
        .csrf().disable()
+        .authorizeRequests()
+        .and()
        .exceptionHandling()
-        .authenticationEntryPoint(restAuthenticationEntryPoint)
+//        .authenticationEntryPoint(restAuthenticationEntryPoint)
        .and()
        .authorizeRequests()
        .antMatchers("/api/csrfAttacker*").permitAll()
        .antMatchers("/api/customer/**").permitAll()
        .antMatchers("/api/foos/**").authenticated()
+        .antMatchers("/api/async/**").authenticated()
        .and()
-        .formLogin()
-        .successHandler(authenticationSuccessHandler)
-        .failureHandler(new SimpleUrlAuthenticationFailureHandler())
+        .httpBasic()
+//        .and()
+//        .successHandler(authenticationSuccessHandler)
+//        .failureHandler(new SimpleUrlAuthenticationFailureHandler())
        .and()
        .logout();
    } // @formatter:on
@ -62,5 +66,14 @@ public class SecurityJavaConfig extends WebSecurityConfigurerAdapter {
    public SimpleUrlAuthenticationFailureHandler myFailureHandler() {
        return new SimpleUrlAuthenticationFailureHandler();
    }
+    
+    @Bean
+    public MethodInvokingFactoryBean methodInvokingFactoryBean() {
+        MethodInvokingFactoryBean methodInvokingFactoryBean = new MethodInvokingFactoryBean();
+        methodInvokingFactoryBean.setTargetClass(SecurityContextHolder.class);
+        methodInvokingFactoryBean.setTargetMethod("setStrategyName");
+        methodInvokingFactoryBean.setArguments(new String[]{SecurityContextHolder.MODE_INHERITABLETHREADLOCAL});
+        return methodInvokingFactoryBean;
+    }

 }
--- a/spring-security-rest/src/main/java/org/baeldung/web/controller/AsyncController.java
+++ b/spring-security-rest/src/main/java/org/baeldung/web/controller/AsyncController.java
@ -2,13 +2,20 @@ package org.baeldung.web.controller;

 import java.util.concurrent.Callable;

+import org.baeldung.web.service.AsyncService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.multipart.MultipartFile;

@Controller
 public class AsyncController {
+	
+	@Autowired
+	private AsyncService asyncService;

 	@RequestMapping(method = RequestMethod.POST, value = "/upload")
 	public Callable<Boolean> processUpload(final MultipartFile file) {
@ -20,5 +27,11 @@ public class AsyncController {
 			}
 		};
 	}
+	
+	@RequestMapping(method = RequestMethod.GET, value = "/async")
+	@ResponseBody
+	public Boolean checkIfContextPropagated() throws Exception{
+		return asyncService.checkIfPrincipalPropagated().call() && asyncService.checkIfContextPropagated(SecurityContextHolder.getContext());
+	}

 }
--- a/spring-security-rest/src/main/java/org/baeldung/web/service/AsyncService.java
+++ b/spring-security-rest/src/main/java/org/baeldung/web/service/AsyncService.java
@ -0,0 +1,11 @@
+package org.baeldung.web.service;
+
+import java.util.concurrent.Callable;
+
+public interface AsyncService {
+	
+	Callable<Boolean> checkIfPrincipalPropagated();
+	
+	Boolean checkIfContextPropagated(Object context);
+
+}
--- a/spring-security-rest/src/main/java/org/baeldung/web/service/AsyncServiceImpl.java
+++ b/spring-security-rest/src/main/java/org/baeldung/web/service/AsyncServiceImpl.java
@ -0,0 +1,36 @@
+package org.baeldung.web.service;
+
+import java.util.concurrent.Callable;
+
+import org.apache.log4j.Logger;
+import org.springframework.scheduling.annotation.Async;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Service;
+
+@Service
+public class AsyncServiceImpl implements AsyncService {
+
+	private static final Logger log = Logger.getLogger(AsyncService.class);
+
+	@Override
+	public Callable<Boolean> checkIfPrincipalPropagated() {
+		Object before = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
+		log.info("Before new thread: " + before);
+		return new Callable<Boolean>() {
+			public Boolean call() throws Exception {
+				Object after = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
+				log.info("New thread: " + after);
+				return before == after;
+			}
+		};
+	}
+
+	@Async
+	@Override
+	public Boolean checkIfContextPropagated(Object context) {
+		log.info("Before @Async: " + context);
+		log.info("Inside @Async: " + SecurityContextHolder.getContext());
+		return context == SecurityContextHolder.getContext();
+	}
+
+}
--- a/spring-security-rest/src/main/resources/webSecurityConfig.xml
+++ b/spring-security-rest/src/main/resources/webSecurityConfig.xml
@ -1,33 +1,42 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans"
-    xmlns:sec="http://www.springframework.org/schema/security"
-    xsi:schemaLocation="
+<beans:beans xmlns="http://www.springframework.org/schema/security"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans"
+	xmlns:sec="http://www.springframework.org/schema/security"
+	xmlns:p="http://www.springframework.org/schema/p"
+	xsi:schemaLocation="
      http://www.springframework.org/schema/security
      http://www.springframework.org/schema/security/spring-security-4.2.xsd
      http://www.springframework.org/schema/beans
-      http://www.springframework.org/schema/beans/spring-beans-4.3.xsd"
->
+      http://www.springframework.org/schema/beans/spring-beans-4.2.xsd">

-    <http use-expressions="true" entry-point-ref="restAuthenticationEntryPoint">
-        <intercept-url pattern="/api/**" access="isAuthenticated()"/>
+	<http use-expressions="true" entry-point-ref="restAuthenticationEntryPoint">
+		<intercept-url pattern="/api/**" access="isAuthenticated()" />

-        <csrf disabled="true"/>
+		<csrf disabled="true" />

-        <form-login authentication-success-handler-ref="mySuccessHandler" authentication-failure-handler-ref="myFailureHandler"/>
+		<form-login authentication-success-handler-ref="mySuccessHandler"
+			authentication-failure-handler-ref="myFailureHandler" />

-        <logout/>
-    </http>
+		<logout />
+	</http>

-    <beans:bean id="mySuccessHandler" class="org.baeldung.security.MySavedRequestAwareAuthenticationSuccessHandler"/>
-    <beans:bean id="myFailureHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"/>
+	<beans:bean id="mySuccessHandler"
+		class="org.baeldung.security.MySavedRequestAwareAuthenticationSuccessHandler" />
+	<beans:bean id="myFailureHandler"
+		class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler" />

-    <authentication-manager alias="authenticationManager">
-        <authentication-provider>
-            <user-service>
-                <user name="temporary" password="temporary" authorities="ROLE_ADMIN"/>
-                <user name="user" password="userPass" authorities="ROLE_USER"/>
-            </user-service>
-        </authentication-provider>
-    </authentication-manager>
+	<authentication-manager alias="authenticationManager">
+		<authentication-provider>
+			<user-service>
+				<user name="temporary" password="temporary" authorities="ROLE_ADMIN" />
+				<user name="user" password="userPass" authorities="ROLE_USER" />
+			</user-service>
+		</authentication-provider>
+	</authentication-manager>
+
+	<beans:bean
+		class="org.springframework.beans.factory.config.MethodInvoki‌ngFactoryBean"
+		p:targetClass="org.springframework.security.core.context.Sec‌urityContextHolder"
+		p:targetMethod="setStrategyName" p:arguments="MODE_INHERITABLETHREADLOCAL" />

 </beans:beans>