TrustedSystemStartupSession.java

/*
 * This program is free software; you can redistribute it and/or modify it under the 
 * terms of the GNU General Public License, version 2 as published by the Free Software 
 * Foundation.
 *
 * You should have received a copy of the GNU General Public License along with this 
 * program; if not, you can obtain a copy at http://www.gnu.org/licenses/gpl-2.0.html 
 * or from the Free Software Foundation, Inc., 
 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; 
 * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 * See the GNU General Public License for more details.
 *
 * Copyright 2006 - 2008 Pentaho Corporation.  All rights reserved. 
 * 
 */
package org.pentaho.platform.engine.security.session;

import org.pentaho.platform.api.engine.IAclVoter;
import org.pentaho.platform.engine.core.system.PentahoSystem;
import org.pentaho.platform.engine.core.system.SystemStartupSession;
import org.pentaho.platform.engine.security.SecurityHelper;
import org.springframework.security.Authentication;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;

/**
 * A "bootstrap" session used to initialize the platform.
 * 
 * <p>This is a specialization of <code>SystemStartupSession</code> 
 * that is implicitly trusted to be authenticated. In other words, this session does not get populated with an 
 * <code>Authentication</code> by <code>SecurityStartupFilter</code> (since that filter only runs during a request). 
 * This session is populated with an <code>Authentication</code> during its construction. The 
 * <code>Authentication</code> put in this session contains the Pentaho administrator role so that it has permission to 
 * execute any global action sequences.</p>
 * 
 * <p>While this class is appropriate for a db-based solution repository (one that enforces security), it should also 
 * work with a file-based solution repository. You would only need to use the superclass with file-based solution 
 * repository if you did not want to create a dependency on this project.</p>
 * 
 * @author mlowery
 */
public class TrustedSystemStartupSession extends SystemStartupSession {

  private static final long serialVersionUID = 6609958707270830980L;

  public TrustedSystemStartupSession() {
    super();
    setAuthenticated(getName());
    // create authentication
    GrantedAuthority[] roles;
    IAclVoter aclVoter = PentahoSystem.get(IAclVoter.class, null);
    if (aclVoter != null) {
      roles = new GrantedAuthority[1];
      roles[0] = aclVoter.getAdminRole();
    } else {
      // silently ignore a missing IAclVoter (access will be denied for lack of roles)
      roles = new GrantedAuthority[0];
    }
    Authentication auth = new UsernamePasswordAuthenticationToken(getName(), "", roles); //$NON-NLS-1$
    SecurityHelper.setPrincipal(auth, this);
  }

}