From 791e8b7416896febc627905f93f81b94b0228470 Mon Sep 17 00:00:00 2001
From: Robert von Burg <eitch@eitchnet.ch>
Date: Tue, 15 Apr 2014 19:20:13 +0200
Subject: [PATCH] [Major] No more static persistence of a Privilege Certificate

Now the certificate is passed into the Service before execution.

This is better than having a static reference which can always lead to
weird behaviour, especially when multiple ClassLoaders come into play.
---
 .../strolch/service/api/AbstractService.java  | 57 +++++++++++++------
 .../service/api/DefaultServiceHandler.java    | 14 ++---
 2 files changed, 46 insertions(+), 25 deletions(-)

diff --git a/src/main/java/li/strolch/service/api/AbstractService.java b/src/main/java/li/strolch/service/api/AbstractService.java
index b2fc27ae4..9df6f1b02 100644
--- a/src/main/java/li/strolch/service/api/AbstractService.java
+++ b/src/main/java/li/strolch/service/api/AbstractService.java
@@ -27,6 +27,8 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import ch.eitchnet.privilege.model.Certificate;
+import ch.eitchnet.privilege.model.PrivilegeContext;
+import ch.eitchnet.utils.dbc.DBC;
 
 /**
  * @author Robert von Burg <eitch@eitchnet.ch>
@@ -37,51 +39,74 @@ public abstract class AbstractService<T extends ServiceArgument, U extends Servi
 	private static final long serialVersionUID = 1L;
 
 	private ComponentContainer container;
-	private Certificate certificate;
+	private PrivilegeContext privilegeContext;
 
 	/**
-	 * @param container
-	 *            the container to set
+	 * @param privilegeContext
+	 *            the privilegeContext to set
 	 */
-	public void setContainer(ComponentContainer container) {
-		this.container = container;
+	public final void setPrivilegeContext(PrivilegeContext privilegeContext) {
+		DBC.PRE.assertNull("PrivilegeContext is already set!", this.privilegeContext);
+		this.privilegeContext = privilegeContext;
 	}
 
 	/**
-	 * @param certificate
-	 *            the certificate to set
+	 * @return the privilegeContext
 	 */
-	public void setCertificate(Certificate certificate) {
-		this.certificate = certificate;
+	public final PrivilegeContext getPrivilegeContext() {
+		return this.privilegeContext;
 	}
 
 	/**
 	 * @return the certificate
 	 */
-	protected Certificate getCertificate() {
-		return this.certificate;
+	protected final Certificate getCertificate() {
+		return this.privilegeContext.getCertificate();
+	}
+
+	/**
+	 * @param container
+	 *            the container to set
+	 */
+	public final void setContainer(ComponentContainer container) {
+		this.container = container;
 	}
 
 	/**
 	 * @return the container
 	 */
-	protected ComponentContainer getContainer() {
+	protected final ComponentContainer getContainer() {
 		return this.container;
 	}
 
-	protected <V> V getComponent(Class<V> clazz) {
+	/**
+	 * @param clazz
+	 * @return
+	 */
+	protected final <V> V getComponent(Class<V> clazz) {
 		return this.container.getComponent(clazz);
 	}
 
-	protected RuntimeConfiguration getRuntimeConfiguration() {
+	/**
+	 * @return
+	 */
+	protected final RuntimeConfiguration getRuntimeConfiguration() {
 		return this.container.getAgent().getStrolchConfiguration().getRuntimeConfiguration();
 	}
 
-	protected StrolchRealm getRealm(String realm) {
+	/**
+	 * @param realm
+	 * @return
+	 */
+	protected final StrolchRealm getRealm(String realm) {
 		return this.container.getRealm(realm);
 	}
 
-	protected StrolchTransaction openTx(String realm) {
+	/**
+	 * @param realm
+	 * @return
+	 */
+	protected final StrolchTransaction openTx(String realm) {
 		return this.container.getRealm(realm).openTx();
 	}
 
diff --git a/src/main/java/li/strolch/service/api/DefaultServiceHandler.java b/src/main/java/li/strolch/service/api/DefaultServiceHandler.java
index 33ac13872..dd86d0133 100644
--- a/src/main/java/li/strolch/service/api/DefaultServiceHandler.java
+++ b/src/main/java/li/strolch/service/api/DefaultServiceHandler.java
@@ -71,15 +71,10 @@ public class DefaultServiceHandler extends StrolchComponent implements ServiceHa
 		long start = System.nanoTime();
 
 		// first check that the caller may perform this service
+		PrivilegeContext privilegeContext = null;
 		if (this.privilegeHandler != null) {
-			// XXX Bad bad bad: remove the need for thread locals...
-			try {
-				PrivilegeContext privilegeContext = this.privilegeHandler.getPrivilegeContext(certificate);
-				PrivilegeContext.set(privilegeContext);
-				privilegeContext.validateAction(service);
-			} finally {
-				PrivilegeContext.set(null);
-			}
+			privilegeContext = this.privilegeHandler.getPrivilegeContext(certificate);
+			privilegeContext.validateAction(service);
 		}
 
 		try {
@@ -87,7 +82,8 @@ public class DefaultServiceHandler extends StrolchComponent implements ServiceHa
 			if (service instanceof AbstractService) {
 				AbstractService<?, ?> abstractService = (AbstractService<?, ?>) service;
 				abstractService.setContainer(getContainer());
-				abstractService.setCertificate(certificate);
+				if (privilegeContext != null)
+					abstractService.setPrivilegeContext(privilegeContext);
 			}
 
 			U serviceResult = service.doService(argument);