@async and SecurityContext (eugenp#872)

* @async and Spring Security

* @async with SecurityContext propagated

* Spring and @async

* Simulated Annealing algorithm

* Rebase

* Rebase

Author: maibin

core-java/src/test/java/com/baeldung/algorithms/SimulatedAnnealingTest.java

@@ -0,0 +1,13 @@
+package com.baeldung.algorithms;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+public class SimulatedAnnealingTest {
+
+	@Test
+	public void testSimulateAnnealing() {
+		Assert.assertTrue(SimulatedAnnealing.simulateAnnealing(10, 1000, 0.9) > 0);
+	}
+
+}

spring-security-rest/src/main/java/org/baeldung/spring/SecurityJavaConfig.java

@@ -1,27 +1,27 @@
 package org.baeldung.spring;
 
 import org.baeldung.security.MySavedRequestAwareAuthenticationSuccessHandler;
-import org.baeldung.security.RestAuthenticationEntryPoint;
-import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.config.MethodInvokingFactoryBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
 
 @Configuration
 @EnableWebSecurity
 @ComponentScan("org.baeldung.security")
 public class SecurityJavaConfig extends WebSecurityConfigurerAdapter {
 
-    @Autowired
-    private RestAuthenticationEntryPoint restAuthenticationEntryPoint;
+//    @Autowired
+//    private RestAuthenticationEntryPoint restAuthenticationEntryPoint;
 
-    @Autowired
-    private MySavedRequestAwareAuthenticationSuccessHandler authenticationSuccessHandler;
+//    @Autowired
+//    private MySavedRequestAwareAuthenticationSuccessHandler authenticationSuccessHandler;
 
     public SecurityJavaConfig() {
         super();
@@ -38,17 +38,21 @@ protected void configure(final AuthenticationManagerBuilder auth) throws Excepti
     protected void configure(final HttpSecurity http) throws Exception {// @formatter:off
         http
         .csrf().disable()
+        .authorizeRequests()
+        .and()
         .exceptionHandling()
-        .authenticationEntryPoint(restAuthenticationEntryPoint)
+//        .authenticationEntryPoint(restAuthenticationEntryPoint)
         .and()
         .authorizeRequests()
         .antMatchers("/api/csrfAttacker*").permitAll()
         .antMatchers("/api/customer/**").permitAll()
         .antMatchers("/api/foos/**").authenticated()
+        .antMatchers("/api/async/**").authenticated()
         .and()
-        .formLogin()
-        .successHandler(authenticationSuccessHandler)
-        .failureHandler(new SimpleUrlAuthenticationFailureHandler())
+        .httpBasic()
+//        .and()
+//        .successHandler(authenticationSuccessHandler)
+//        .failureHandler(new SimpleUrlAuthenticationFailureHandler())
         .and()
         .logout();
     } // @formatter:on
@@ -62,5 +66,14 @@ public MySavedRequestAwareAuthenticationSuccessHandler mySuccessHandler() {
     public SimpleUrlAuthenticationFailureHandler myFailureHandler() {
         return new SimpleUrlAuthenticationFailureHandler();
     }
+    
+    @Bean
+    public MethodInvokingFactoryBean methodInvokingFactoryBean() {
+        MethodInvokingFactoryBean methodInvokingFactoryBean = new MethodInvokingFactoryBean();
+        methodInvokingFactoryBean.setTargetClass(SecurityContextHolder.class);
+        methodInvokingFactoryBean.setTargetMethod("setStrategyName");
+        methodInvokingFactoryBean.setArguments(new String[]{SecurityContextHolder.MODE_INHERITABLETHREADLOCAL});
+        return methodInvokingFactoryBean;
+    }
 
 }

spring-security-rest/src/main/java/org/baeldung/web/controller/AsyncController.java

@@ -2,13 +2,20 @@
 
 import java.util.concurrent.Callable;
 
+import org.baeldung.web.service.AsyncService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.multipart.MultipartFile;
 
 @Controller
 public class AsyncController {
+	
+	@Autowired
+	private AsyncService asyncService;
 
 	@RequestMapping(method = RequestMethod.POST, value = "/upload")
 	public Callable<Boolean> processUpload(final MultipartFile file) {
@@ -20,5 +27,11 @@ public Boolean call() throws Exception {
 			}
 		};
 	}
+	
+	@RequestMapping(method = RequestMethod.GET, value = "/async")
+	@ResponseBody
+	public Boolean checkIfContextPropagated() throws Exception{
+		return asyncService.checkIfPrincipalPropagated().call() && asyncService.checkIfContextPropagated(SecurityContextHolder.getContext());
+	}
 
 }

spring-security-rest/src/main/java/org/baeldung/web/service/AsyncService.java

@@ -0,0 +1,11 @@
+package org.baeldung.web.service;
+
+import java.util.concurrent.Callable;
+
+public interface AsyncService {
+	
+	Callable<Boolean> checkIfPrincipalPropagated();
+	
+	Boolean checkIfContextPropagated(Object context);
+
+}

spring-security-rest/src/main/java/org/baeldung/web/service/AsyncServiceImpl.java

@@ -0,0 +1,36 @@
+package org.baeldung.web.service;
+
+import java.util.concurrent.Callable;
+
+import org.apache.log4j.Logger;
+import org.springframework.scheduling.annotation.Async;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Service;
+
+@Service
+public class AsyncServiceImpl implements AsyncService {
+
+	private static final Logger log = Logger.getLogger(AsyncService.class);
+
+	@Override
+	public Callable<Boolean> checkIfPrincipalPropagated() {
+		Object before = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
+		log.info("Before new thread: " + before);
+		return new Callable<Boolean>() {
+			public Boolean call() throws Exception {
+				Object after = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
+				log.info("New thread: " + after);
+				return before == after;
+			}
+		};
+	}
+
+	@Async
+	@Override
+	public Boolean checkIfContextPropagated(Object context) {
+		log.info("Before @Async: " + context);
+		log.info("Inside @Async: " + SecurityContextHolder.getContext());
+		return context == SecurityContextHolder.getContext();
+	}
+
+}

spring-security-rest/src/main/resources/webSecurityConfig.xml

@@ -1,33 +1,42 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans"
-    xmlns:sec="http://www.springframework.org/schema/security"
-    xsi:schemaLocation="
+<beans:beans xmlns="http://www.springframework.org/schema/security"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans"
+	xmlns:sec="http://www.springframework.org/schema/security"
+	xmlns:p="http://www.springframework.org/schema/p"
+	xsi:schemaLocation="
       http://www.springframework.org/schema/security
       http://www.springframework.org/schema/security/spring-security-4.2.xsd
       http://www.springframework.org/schema/beans
-      http://www.springframework.org/schema/beans/spring-beans-4.3.xsd"
->
+      http://www.springframework.org/schema/beans/spring-beans-4.2.xsd">
 
-    <http use-expressions="true" entry-point-ref="restAuthenticationEntryPoint">
-        <intercept-url pattern="/api/**" access="isAuthenticated()"/>
+	<http use-expressions="true" entry-point-ref="restAuthenticationEntryPoint">
+		<intercept-url pattern="/api/**" access="isAuthenticated()" />
 
-        <csrf disabled="true"/>
+		<csrf disabled="true" />
 
-        <form-login authentication-success-handler-ref="mySuccessHandler" authentication-failure-handler-ref="myFailureHandler"/>
+		<form-login authentication-success-handler-ref="mySuccessHandler"
+			authentication-failure-handler-ref="myFailureHandler" />
 
-        <logout/>
-    </http>
+		<logout />
+	</http>
 
-    <beans:bean id="mySuccessHandler" class="org.baeldung.security.MySavedRequestAwareAuthenticationSuccessHandler"/>
-    <beans:bean id="myFailureHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"/>
+	<beans:bean id="mySuccessHandler"
+		class="org.baeldung.security.MySavedRequestAwareAuthenticationSuccessHandler" />
+	<beans:bean id="myFailureHandler"
+		class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler" />
 
-    <authentication-manager alias="authenticationManager">
-        <authentication-provider>
-            <user-service>
-                <user name="temporary" password="temporary" authorities="ROLE_ADMIN"/>
-                <user name="user" password="userPass" authorities="ROLE_USER"/>
-            </user-service>
-        </authentication-provider>
-    </authentication-manager>
+	<authentication-manager alias="authenticationManager">
+		<authentication-provider>
+			<user-service>
+				<user name="temporary" password="temporary" authorities="ROLE_ADMIN" />
+				<user name="user" password="userPass" authorities="ROLE_USER" />
+			</user-service>
+		</authentication-provider>
+	</authentication-manager>
+
+	<beans:bean
+		class="org.springframework.beans.factory.config.MethodInvoki‌​ngFactoryBean"
+		p:targetClass="org.springframework.security.core.context.Sec‌​urityContextHolder"
+		p:targetMethod="setStrategyName" p:arguments="MODE_INHERITABLETHREADLOCAL" />
 
 </beans:beans>