Wolfgang Winter (Migrated from SEC-1755) said:

Hi Luke,

I would like to discuss a feature that I am planning to implement in Spring Security - Cibet Control framework integration. Cibet allows controlling of business cases with e.g. dual control principles. Cibet is integrated with Spring Security authorisation. For next release two-man rule will be implemented (see http://en.wikipedia.org/wiki/Two-man_rule) This requires that two persons are authenticated and authorized at the same time. Currently, Spring Security allows only one person to be logged in at the same time because there is only one SecurityContext in SecurityContextHolder. However, it is possible to do it with minimal effort in Cibet. My idea is: 1. first user is logged in 2. for a 2-man rule operation a second user authenticates himself with Spring Security means. User authentication is not in scope of Cibet. The Authentication object is not set into SecurityContextHolder but into Cibet context. 3. In Cibet I implement a CibetMethodSecurityInterceptor (delegating to or inheriting from MethodSecurityInterceptor) with an additional method beforeInvocation(Object object, Authentication auth). This method uses the assigned Authentication object from Cibet context instead of that of SecurityContextHolder. This method never changes SecurityContextHolder and returns an InterceptorStatusToken with isContextHolderRefreshRequired=false 4. The new method in CibetMethodSecurityInterceptor is called from Cibet if Cibet detects that the operation is in 2-man-rule mode additionally to the beforeInvocation(Object object) for the logged in user. 5. Access rules for both users can be defined in Cibet configuration

I would be glad to have your comments on this approach. Do you see any side effects? My goal is also to make everything as easy and intuitive as possible for the user of the frameworks. Do you have any idea how the developer experience could be improved furthermore?

thanks Wolfgang

Comment From: rwinch

This would need to be done using a custom Authentication that handles two principals. It should be handled when gh-2603 is implemented.