Concurrency Support

在大多数环境中，安全性以 Thread`为基础存储。这意味着当对一个新的 `Thread`进行处理时，`SecurityContext`会丢失。Spring Security 提供了一些基础设施来帮助使管理变得更加容易。Spring Security 为在多线程环境中使用 Spring Security 提供低级抽象。事实上，这是 Spring Security 建立在与 `AsyncContext.start(Runnable)和 Spring MVC Async Integration集成的基础之上。

In most environments, Security is stored on a per-Thread basis. This means that when work is done on a new Thread, the SecurityContext is lost. Spring Security provides some infrastructure to help make this much easier to manage. Spring Security provides low-level abstractions for working with Spring Security in multi-threaded environments. In fact, this is what Spring Security builds on to integrate with AsyncContext.start(Runnable) and Spring MVC Async Integration.

DelegatingSecurityContextRunnable

Spring Security 的并发支持中最基本的构建模块之一是 DelegatingSecurityContextRunnable。它包装了一个委托 Runnable，并使用指定的 SecurityContext 为委托初始化 SecurityContextHolder。然后它调用委托 Runnable，确保之后清除 SecurityContextHolder。DelegatingSecurityContextRunnable 看起来是这样的：

One of the most fundamental building blocks within Spring Security’s concurrency support is the DelegatingSecurityContextRunnable. It wraps a delegate Runnable to initialize the SecurityContextHolder with a specified SecurityContext for the delegate. It then invokes the delegate Runnable, ensuring to clear the SecurityContextHolder afterwards. The DelegatingSecurityContextRunnable looks something like this:

public void run() {
try {
	SecurityContextHolder.setContext(securityContext);
	delegate.run();
} finally {
	SecurityContextHolder.clearContext();
}
}

虽然非常简单，但它使将 SecurityContext`从一个 `Thread`无缝地传输到另一个 `Thread`变得容易。这很重要，因为在大多数情况下，`SecurityContextHolder`都是基于每个 `Thread`采取行动的。例如，您可能已使用 Spring Security 的 <global-method-security>`支持来保护您的某个服务。现在，您可以将当前 Thread`的 `SecurityContext`传输到调用受保护服务的 `Thread。以下示例显示了如何执行此操作：

While very simple, it makes it seamless to transfer the SecurityContext from one Thread to another. This is important since, in most cases, the SecurityContextHolder acts on a per-Thread basis. For example, you might have used Spring Security’s <global-method-security> support to secure one of your services. You can now transfer the SecurityContext of the current Thread to the Thread that invokes the secured service. The following example show how you might do so:

Runnable originalRunnable = new Runnable() {
public void run() {
	// invoke secured service
}
};

SecurityContext context = SecurityContextHolder.getContext();
DelegatingSecurityContextRunnable wrappedRunnable =
	new DelegatingSecurityContextRunnable(originalRunnable, context);

new Thread(wrappedRunnable).start();

前面的代码：

The preceding code:

Creates a Runnable that invokes our secured service. Note that it is not aware of Spring Security.
Obtains the SecurityContext that we wish to use from the SecurityContextHolder and initializes the DelegatingSecurityContextRunnable.
Uses the DelegatingSecurityContextRunnable to create a Thread.
Starts the Thread we created.

由于使用来自 SecurityContextHolder 的 SecurityContext 创建 DelegatingSecurityContextRunnable 很常见，因此它有一个快捷构造函数。以下代码的效果与前面的代码相同：

Since it is common to create a DelegatingSecurityContextRunnable with the SecurityContext from the SecurityContextHolder, there is a shortcut constructor for it. The following code has the same effect as the preceding code:

Runnable originalRunnable = new Runnable() {
public void run() {
	// invoke secured service
}
};

DelegatingSecurityContextRunnable wrappedRunnable =
	new DelegatingSecurityContextRunnable(originalRunnable);

new Thread(wrappedRunnable).start();

我们编写的代码使用起来很简单，但它仍然需要知道我们正在使用 Spring Security。在下一节中，我们将了解如何利用 DelegatingSecurityContextExecutor 来隐藏我们正在使用 Spring Security 的事实。

The code we have is simple to use, but it still requires knowledge that we are using Spring Security. In the next section we will take a look at how we can utilize DelegatingSecurityContextExecutor to hide the fact that we are using Spring Security.

DelegatingSecurityContextExecutor

在前一节中，我们发现 DelegatingSecurityContextRunnable 很容易使用，但并不是最理想的，因为我们必须了解 Spring Security 才能使用它。现在，我们来看看 DelegatingSecurityContextExecutor 如何保护我们的代码，避免了解我们正在使用 Spring Security。

In the previous section, we found that it was easy to use the DelegatingSecurityContextRunnable, but it was not ideal since we had to be aware of Spring Security to use it. Now we look at how DelegatingSecurityContextExecutor can shield our code from any knowledge that we are using Spring Security.

DelegatingSecurityContextExecutor 的设计类似于 DelegatingSecurityContextRunnable 的设计，除了它接受一个委托 Executor，而不是一个委托 Runnable。以下示例显示了如何使用它：

The design of DelegatingSecurityContextExecutor is similar to that of DelegatingSecurityContextRunnable, except that it accepts a delegate Executor instead of a delegate Runnable. The following example shows how to use it:

SecurityContext context = SecurityContextHolder.createEmptyContext();
Authentication authentication =
	UsernamePasswordAuthenticationToken.authenticated("user","doesnotmatter", AuthorityUtils.createAuthorityList("ROLE_USER"));
context.setAuthentication(authentication);

SimpleAsyncTaskExecutor delegateExecutor =
	new SimpleAsyncTaskExecutor();
DelegatingSecurityContextExecutor executor =
	new DelegatingSecurityContextExecutor(delegateExecutor, context);

Runnable originalRunnable = new Runnable() {
public void run() {
	// invoke secured service
}
};

executor.execute(originalRunnable);

此代码：

This code:

请注意，在此示例中，我们手工创建了 SecurityContext。但是，无论我们在何处或如何获取 SecurityContext（例如，我们可以从 SecurityContextHolder 获取它），这并不重要。* 创建了一个 delegateExecutor，负责执行提交的 Runnable 对象。* 最后，我们创建了一个 DelegatingSecurityContextExecutor，负责使用 DelegatingSecurityContextRunnable 封装传递给 execute 方法的任何 Runnable。然后它将封装的 Runnable 传递给 delegateExecutor。在本例中，对提交给我们的 DelegatingSecurityContextExecutor 的每个 Runnable 使用相同的 SecurityContext。如果我们运行需要由具有提升权限的用户运行的后台任务，这会很好。* 此时，您可能会自问，“How does this shield my code of any knowledge of Spring Security?” 相反，我们可以在自己的代码中创建 SecurityContext 和 DelegatingSecurityContextExecutor，也可以注入一个已初始化的 DelegatingSecurityContextExecutor 实例。

Note that, in this example, we create the SecurityContext by hand. However, it does not matter where or how we get the SecurityContext (for example, we could obtain it from the SecurityContextHolder). * Creates a delegateExecutor that is in charge of executing submitted Runnable objects. * Finally, we create a DelegatingSecurityContextExecutor, which is in charge of wrapping any Runnable that is passed into the execute method with a DelegatingSecurityContextRunnable. It then passes the wrapped Runnable to the delegateExecutor. In this case, the same SecurityContext is used for every Runnable submitted to our DelegatingSecurityContextExecutor. This is nice if we run background tasks that need to be run by a user with elevated privileges. * At this point, you may ask yourself, “How does this shield my code of any knowledge of Spring Security?” Instead of creating the SecurityContext and the DelegatingSecurityContextExecutor in our own code, we can inject an already initialized instance of DelegatingSecurityContextExecutor.

请考虑以下示例：

Consider the following example:

@Autowired
private Executor executor; // becomes an instance of our DelegatingSecurityContextExecutor

public void submitRunnable() {
Runnable originalRunnable = new Runnable() {
	public void run() {
	// invoke secured service
	}
};
executor.execute(originalRunnable);
}

现在，我们的代码不知道 SecurityContext 正在传播到 Thread，originalRunnable 正在运行，SecurityContextHolder 已被清除。在此示例中，同一个用户用于运行每个线程。如果我们希望在调用 executor.execute(Runnable) 处理 originalRunnable 时使用 SecurityContextHolder 中的用户（即当前登录用户），该怎么办？您可以通过从 DelegatingSecurityContextExecutor 构造函数中移除 SecurityContext 参数来实现：

Now our code is unaware that the SecurityContext is being propagated to the Thread, the originalRunnable is run, and the SecurityContextHolder is cleared out. In this example, the same user is being used to run each thread. What if we wanted to use the user from SecurityContextHolder (that is, the currently logged in-user) at the time we invoked executor.execute(Runnable) to process originalRunnable? You can do so by removing the SecurityContext argument from our DelegatingSecurityContextExecutor constructor:

SimpleAsyncTaskExecutor delegateExecutor = new SimpleAsyncTaskExecutor();
DelegatingSecurityContextExecutor executor =
	new DelegatingSecurityContextExecutor(delegateExecutor);

现在，任何时候运行 executor.execute(Runnable)，SecurityContext 首先由 SecurityContextHolder 获取，然后该 SecurityContext 用于创建我们的 DelegatingSecurityContextRunnable。这意味着我们使用用于调用 executor.execute(Runnable) 代码的相同用户来运行我们的 Runnable。

Now, any time executor.execute(Runnable) is run, the SecurityContext is first obtained by the SecurityContextHolder and then that SecurityContext is used to create our DelegatingSecurityContextRunnable. This means that we are running our Runnable with the same user that was used to invoke the executor.execute(Runnable) code.

Spring Security Concurrency Classes

查看 {security-api-url}index.html[Javadoc] 以了解与 Java 并发 API 和 Spring Task 抽象的更多集成。一旦理解了之前的代码，它们便不言自明。

See the {security-api-url}index.html[Javadoc] for additional integrations with both the Java concurrent APIs and the Spring Task abstractions. They are self-explanatory once you understand the previous code.

{security-api-url}org/springframework/security/concurrent/DelegatingSecurityContextCallable.html[DelegatingSecurityContextCallable]
{security-api-url}org/springframework/security/concurrent/DelegatingSecurityContextExecutor.html[DelegatingSecurityContextExecutor]
{security-api-url}org/springframework/security/concurrent/DelegatingSecurityContextExecutorService.html[DelegatingSecurityContextExecutorService]
{security-api-url}org/springframework/security/concurrent/DelegatingSecurityContextRunnable.html[DelegatingSecurityContextRunnable]
{security-api-url}org/springframework/security/concurrent/DelegatingSecurityContextScheduledExecutorService.html[DelegatingSecurityContextScheduledExecutorService]
{security-api-url}org/springframework/security/scheduling/DelegatingSecurityContextSchedulingTaskExecutor.html[DelegatingSecurityContextSchedulingTaskExecutor]
{security-api-url}org/springframework/security/task/DelegatingSecurityContextAsyncTaskExecutor.html[DelegatingSecurityContextAsyncTaskExecutor]
{security-api-url}org/springframework/security/task/DelegatingSecurityContextTaskExecutor.html[DelegatingSecurityContextTaskExecutor]
{security-api-url}org/springframework/security/scheduling/DelegatingSecurityContextTaskScheduler.html[DelegatingSecurityContextTaskScheduler]