You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by ra...@apache.org on 2019/01/09 17:26:06 UTC

[tomee] 18/48: TOMEE-2365 - Properly override validate method on default Identity Store.

This is an automated email from the ASF dual-hosted git repository.

radcortez pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomee.git

commit 627224f89078b0e1adad09864ca3b471f534e8e0
Author: Roberto Cortez <ra...@yahoo.com>
AuthorDate: Wed Dec 26 16:15:36 2018 +0000

    TOMEE-2365 - Properly override validate method on default Identity Store.
---
 .../identitystore/TomEEDefaultIdentityStore.java        | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/identitystore/TomEEDefaultIdentityStore.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/identitystore/TomEEDefaultIdentityStore.java
index a687ae1..48caa07 100644
--- a/tomee/tomee-security/src/main/java/org/apache/tomee/security/identitystore/TomEEDefaultIdentityStore.java
+++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/identitystore/TomEEDefaultIdentityStore.java
@@ -25,6 +25,7 @@ import org.apache.tomee.loader.TomcatHelper;
 
 import javax.annotation.PostConstruct;
 import javax.enterprise.context.ApplicationScoped;
+import javax.security.enterprise.credential.Credential;
 import javax.security.enterprise.credential.UsernamePasswordCredential;
 import javax.security.enterprise.identitystore.CredentialValidationResult;
 import javax.security.enterprise.identitystore.IdentityStore;
@@ -44,11 +45,17 @@ public class TomEEDefaultIdentityStore implements IdentityStore {
         userDatabase = (UserDatabase) server.getGlobalNamingContext().lookup(userDataBaseResource.getName());
     }
 
-    public CredentialValidationResult validate(final UsernamePasswordCredential credential) {
-        return Optional.ofNullable(userDatabase.findUser(credential.getCaller()))
-                       .filter(user -> user.getPassword().equals(credential.getPasswordAsString()))
-                       .map(user -> new CredentialValidationResult(user.getUsername(), getUserRoles(user)))
-                       .orElse(CredentialValidationResult.INVALID_RESULT);
+    @Override
+    public CredentialValidationResult validate(final Credential credential) {
+        if (credential instanceof UsernamePasswordCredential) {
+            final UsernamePasswordCredential usernamePasswordCredential = (UsernamePasswordCredential) credential;
+            return Optional.ofNullable(userDatabase.findUser(usernamePasswordCredential.getCaller()))
+                           .filter(user -> user.getPassword().equals(usernamePasswordCredential.getPasswordAsString()))
+                           .map(user -> new CredentialValidationResult(user.getUsername(), getUserRoles(user)))
+                           .orElse(CredentialValidationResult.INVALID_RESULT);
+        }
+
+        return CredentialValidationResult.NOT_VALIDATED_RESULT;
     }
 
     @Override