Missing Authentication object after new Thread invocation

[memento]

Hello!

Spring 2.5.4
Spring Security 2.0.3

In my application's service layer I have a service that starts a new Task by calling ThreadPoolTaskExecutor's execute() method.
Our Task implements Runnable.

The task itselfs runs now in an own thread with a separate Hibernate transaction and loads ACL secured objects from the database.

The problem is, that the Authentication object is not available in the new thread.

How can I gain access to the authentication object from in the thread? Any ideas?

Thanks in advance.

[chudak]

That's because the SecurityContext holder is bound to a thread local variable.

[memento]

Thank you chudak.
That's clear but:

How can I gain access to the authentication object from in the thread?

[chudak]

Thank you chudak.
That's clear but:

You could read the documentation?

[memento]

Thank you for the link to InheritableThreadLocalSecurityContextHolderStrateg y.
The API leaks documentation of usage.

Does anyone know how to become a SecurityContext setup in a Thread started via:

Code:

getTaskExecutor().execute(task);

Aim: Make SecurityContext's authentication of ThreadLocal available in the new Thread.

[chudak]

Thank you for the link to InheritableThreadLocalSecurityContextHolderStrateg y.
The API leaks documentation of usage.

Does anyone know how to become a SecurityContext setup in a Thread started via:

Code:

getTaskExecutor().execute(task);

Aim: Make SecurityContext's authentication of ThreadLocal available in the new Thread.

The inheritable thread local context holder uses an inheritable thread local to hold the security context. This means that any threads that your thread starts will inherit the visibility of the security context.

You just have to swap you the context holder implementation that you want spring security to use.

http://static.springframework.org/sp...ew.html#d4e593

This link explains this and also explains how to change the strategy that is used.

If you read the javadoc here:

http://static.springframework.org/sp...extHolder.html

You will read

There are two ways to specify the desired strategy mode String. The first is to specify it via the system property keyed on SYSTEM_PROPERTY. The second is to call setStrategyName(String) before using the class. If neither approach is used, the class will default to using MODE_THREADLOCAL, which is backwards compatible, has fewer JVM incompatibilities and is appropriate on servers (whereas MODE_GLOBAL is definitely inappropriate for server use).

So, you can either set the indicated system property when your container starts or you can tickle the strategy name field when you application starts up. You could do this with a methodinvokingfactorybean:

Code:

<bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
        <property name="targetClass">
            <value>org.springframework.security.context.SecurityContextHolder</value>
        </property>
        <property name="targetMethod">
            <value>setStrategyName</value>
        </property>
         <property name="arguments">
            <list>
                <value><util:constant static-field="org.springframework.security.context.SecurityContextHolder.MODE_INHERITABLETHREADLOCAL"/>
</value>
            </list>
        </property>
</bean>

Note that the inheritable thread local will ONLY work if the thread that of execution that is authenticated spawns another thread. If you have a pool of executor threads that your authenticated thread is dispatching control to, it will not work. In that case there is no EASY solution to your problem. You will have to come up with one on your own.

[memento]

Thanks chudak for this very good explanation.

I used the MethodInvocation approach which works fine for my purposes.