You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by ra...@apache.org on 2019/01/09 17:26:00 UTC

[tomee] 12/48: TOMEE-2365 - Added default IdentityStore.

This is an automated email from the ASF dual-hosted git repository.

radcortez pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomee.git

commit f1315f6c3eea5363272942415145ef34aab6c399
Author: Roberto Cortez <ra...@yahoo.com>
AuthorDate: Mon Dec 24 17:16:06 2018 +0000

    TOMEE-2365 - Added default IdentityStore.
---
 tomee/tomee-security/pom.xml                       | 14 +++++
 .../enterprise/identitystore/IdentityStore.java    | 38 +++++++++++--
 .../identitystore/TomEEDefaultIdentityStore.java   | 64 ++++++++++++++++++++++
 3 files changed, 111 insertions(+), 5 deletions(-)

diff --git a/tomee/tomee-security/pom.xml b/tomee/tomee-security/pom.xml
index 09e19f3..a472bf6 100644
--- a/tomee/tomee-security/pom.xml
+++ b/tomee/tomee-security/pom.xml
@@ -37,8 +37,22 @@
     <dependency>
       <groupId>org.apache.tomee</groupId>
       <artifactId>javaee-api</artifactId>
+      <scope>provided</scope>
     </dependency>
     <dependency>
+      <groupId>org.apache.tomcat</groupId>
+      <artifactId>tomcat-catalina</artifactId>
+      <scope>provided</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.tomee</groupId>
+      <artifactId>tomee-loader</artifactId>
+      <version>${project.version}</version>
+      <scope>provided</scope>
+    </dependency>
+
+    <!-- Test -->
+    <dependency>
       <groupId>${project.groupId}</groupId>
       <artifactId>tomee-embedded</artifactId>
       <version>${project.version}</version>
diff --git a/tomee/tomee-security/src/main/java/javax/security/enterprise/identitystore/IdentityStore.java b/tomee/tomee-security/src/main/java/javax/security/enterprise/identitystore/IdentityStore.java
index badb400..36d2538 100644
--- a/tomee/tomee-security/src/main/java/javax/security/enterprise/identitystore/IdentityStore.java
+++ b/tomee/tomee-security/src/main/java/javax/security/enterprise/identitystore/IdentityStore.java
@@ -17,17 +17,45 @@
 package javax.security.enterprise.identitystore;
 
 import javax.security.enterprise.credential.Credential;
+import java.lang.invoke.MethodHandles;
+import java.util.EnumSet;
 import java.util.Set;
 
+import static java.lang.invoke.MethodType.methodType;
+import static java.util.Collections.emptySet;
+import static javax.security.enterprise.identitystore.CredentialValidationResult.NOT_VALIDATED_RESULT;
+import static javax.security.enterprise.identitystore.IdentityStore.ValidationType.PROVIDE_GROUPS;
+import static javax.security.enterprise.identitystore.IdentityStore.ValidationType.VALIDATE;
+
 public interface IdentityStore {
+    Set<ValidationType> DEFAULT_VALIDATION_TYPES = EnumSet.of(VALIDATE, PROVIDE_GROUPS);
 
-    enum ValidationType { VALIDATE, PROVIDE_GROUPS }
+    default CredentialValidationResult validate(Credential credential) {
+        try {
+            return CredentialValidationResult.class.cast(
+                    MethodHandles.lookup()
+                                 .bind(this, "validate", methodType(CredentialValidationResult.class, credential.getClass()))
+                                 .invoke(credential));
+        } catch (NoSuchMethodException e) {
+            return NOT_VALIDATED_RESULT;
+        } catch (Throwable e) {
+            throw new IllegalStateException(e);
+        }
+    }
 
-    CredentialValidationResult validate(Credential credential);
+    default Set<String> getCallerGroups(CredentialValidationResult validationResult) {
+        return emptySet();
+    }
 
-    Set<String> getCallerGroups(CredentialValidationResult validationResult);
+    default int priority() {
+        return 100;
+    }
 
-    int priority();
+    default Set<ValidationType> validationTypes() {
+        return DEFAULT_VALIDATION_TYPES;
+    }
 
-    Set<ValidationType> validationTypes();
+    enum ValidationType {
+        VALIDATE, PROVIDE_GROUPS
+    }
 }
diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/identitystore/TomEEDefaultIdentityStore.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/identitystore/TomEEDefaultIdentityStore.java
new file mode 100644
index 0000000..a687ae1
--- /dev/null
+++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/identitystore/TomEEDefaultIdentityStore.java
@@ -0,0 +1,64 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.security.identitystore;
+
+import org.apache.catalina.User;
+import org.apache.catalina.UserDatabase;
+import org.apache.catalina.core.StandardServer;
+import org.apache.catalina.deploy.NamingResourcesImpl;
+import org.apache.tomcat.util.descriptor.web.ContextResource;
+import org.apache.tomee.loader.TomcatHelper;
+
+import javax.annotation.PostConstruct;
+import javax.enterprise.context.ApplicationScoped;
+import javax.security.enterprise.credential.UsernamePasswordCredential;
+import javax.security.enterprise.identitystore.CredentialValidationResult;
+import javax.security.enterprise.identitystore.IdentityStore;
+import java.util.HashSet;
+import java.util.Optional;
+import java.util.Set;
+
+@ApplicationScoped
+public class TomEEDefaultIdentityStore implements IdentityStore {
+    private UserDatabase userDatabase;
+
+    @PostConstruct
+    private void init() throws Exception {
+        final StandardServer server = TomcatHelper.getServer();
+        final NamingResourcesImpl resources = server.getGlobalNamingResources();
+        final ContextResource userDataBaseResource = resources.findResource("UserDatabase");
+        userDatabase = (UserDatabase) server.getGlobalNamingContext().lookup(userDataBaseResource.getName());
+    }
+
+    public CredentialValidationResult validate(final UsernamePasswordCredential credential) {
+        return Optional.ofNullable(userDatabase.findUser(credential.getCaller()))
+                       .filter(user -> user.getPassword().equals(credential.getPasswordAsString()))
+                       .map(user -> new CredentialValidationResult(user.getUsername(), getUserRoles(user)))
+                       .orElse(CredentialValidationResult.INVALID_RESULT);
+    }
+
+    @Override
+    public Set<String> getCallerGroups(final CredentialValidationResult validationResult) {
+        return validationResult.getCallerGroups();
+    }
+
+    private Set<String> getUserRoles(final User user) {
+        final Set<String> roles = new HashSet<>();
+        user.getRoles().forEachRemaining(role -> roles.add(role.getRolename()));
+        return roles;
+    }
+}