Junior Member
How to pass User from thread to thread
Hi all !
I think I need a RUN_AS configuration, but I'm not too sure about it... Let me explain.
One of my Spring Controller should spawn off a thread, and that new thread needs access to the authenticated user. How should I pass the user around ?
Do I really need RUN_AS ? If so, how should I go about configuring it ? I have a very basic configuration set up, and nothing has changed from the Acegi Security System default configuration.
Thanks for any help !
François
Senior Member
Spring Team
Francois, if spawning a new thread you'll need to ensure the ContextHolder (a ThreadLocal) contents gets copied to the new thread. How to do that is really up to you, as Acegi Security provides no hooks for that purpose. You shouldn't need RUN_AS unless you want to actually replace the current user, which doesn't seem to be the goal.
Junior Member
Hi Ben,
Here's what I'm doing at the moment:
I'm guessing this is what you suggested. But, according to my tests, I am not able to pass the SecureContext from thread to thread. The SecureContext gets invalidated when the request terminates, which changes the Authentication in my new Thread. Should I instead copy the Authentication into a new SecureContext ? How would that affect me ? Would security be compromised ?Code:final SecureContext secureContext = (SecureContext) ContextHolder.getContext(); if (null == secureContext) throw new NotAuthentifiedException("Could not access context"); executor.execute( new Runnable() { public void run() { SecureContext subContext = (SecureContext) ContextHolder.getContext(); if (null == subContext) { ContextHolder.setContext(secureContext); } ContextHolder.getContext().validate(); delegate.crawl(page, maxDepth, keywords, listener); } });
Thanks,
François
Senior Member
Acegi Security System TeamSpring Team
Hi François,
Can you explain what goes wrong in your tests that leads you to think that you can't pass the context between threads and at what point you see the failure? Have you tried to reproduce it in a simple test you can post?
I can't see why there should be a problem. The fact that the ThreadLocal contents are reset for the original thread shouldn't affect the contents in the new one at all. At what point do you see the Authentication changing? Although the SecureContext is set to null at the end of a request, I'm not aware of anwhere that the authentication within the context is modified (other than when authentication fails), so I don't see how this would affect the context reference in the new thread.
Luke.
Junior Member
Luke, I know I need a repro recipe, but I just don't know how to do authn without using the web server at all.
The way I tested was to show SecureContext both before and after I entered the new thread. I don't have a log anymore, so I'll go from memory. The log looked like this:
That's what I remember seeing. I'll try and get back to the prior state (never committed the bad code) and post back.Code:http-processor5 - Preparing to start new thread - SecureContext@1234[principal=X, password=[PROTECTED], ...] pool1-thread2 - In new thread, SecureContext@1234[principal=X, password=[PROTECTED], ...] http-processor5 - Returning from Controller#handleRequest() pool1-thread2 - Attempting to save to DB pool1-thread2 - InvalidContextException - no authn in context [i]stack trace omitted[/i]
Thanks,
François
Senior Member
Spring Team
I can't see any problems with your code either. Did you sort it out?
Posting Permissions
