How can I authenticate a system user for scheduled processes in Spring?

Question

we have a Quartz/Spring Batch job, that for audit logging purposes we'd like to have it "authenticated" as a system user. Some of our methods rely on fetching the SecurityContext to do this. The ways of running this job are trusted (or authenticated). We don't want to actually use a password or other token (since the process is basically always spawned by quartz).

I tried this

private void authenticate() {
    UserDetails admin = userDetailsService.loadUserByUsername( "admin" );

    RunAsUserToken token = new RunAsUserToken(
            UUID.randomUUID().toString(), admin, admin.getAuthorities(), null , null );

    Authentication user = authenticationManager.authenticate( token );

    if ( user.isAuthenticated() ) {
        SecurityContext sc = new SecurityContextImpl();
        sc.setAuthentication( user );
        SecurityContextHolder.setContext( sc );
    }
}

but it resulted in

org.springframework.security.authentication.ProviderNotFoundException: No AuthenticationProvider found for org.springframework.security.access.intercept.RunAsUserToken

and I'm not sure what some of RunAsUserToken parameters do (e.g. key) or what I should be giving it in regards to Credentials.

How can I authenticate or otherwise set the security context as if it was authenticated as this user?

@JohnR yes but I'm not sure how to properly get the context set up with the user like I need to — xenoterracide, Apr 16 '15 at 19:57

baraber · Accepted Answer · 2015-04-19T03:13:11.030

17

I'm not sure yet about the RunAsUserToken. I think it is intended to be used when someone is already authenticated, but the application what to execute something as another user.

I found an example of using it here.

But, maybe you don't really need that. If it is the case, you could just do :

Authentication auth = new UsernamePasswordAuthenticationToken(admin.getUsername(), admin.getPassword(), admin.getAuthorities());
SecurityContextHolder.getContext().setAuthentication(auth);

And then admin will be authenticated. Also, you don't need to use admin.getPassword() since it won't be checked anyway.

Note that you don't have to create the security context : it already exists. I think it is ThreadLocal by default.

edited Apr 19 '15 at 03:13

answered Apr 16 '15 at 20:19

baraber

3,296
27
46

it appears that the `UsernamePasswordAuthenticationToken` (which you mispelled?) should be populated with the first parameter being the principal (we seem to use userd UserDetails ) for that. – xenoterracide Apr 17 '15 at 19:02
2

@xenoterracide : Sorry for the mispell, I corrected it. You are right for the principal : if the rest of your application rely on a UserDetails as the principal, than you'd prefer the pass the admin variable directly. – baraber Apr 19 '15 at 03:24

How can I authenticate a system user for scheduled processes in Spring?

1 Answers1

Linked