You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by ra...@apache.org on 2019/01/09 17:26:00 UTC
[tomee] 12/48: TOMEE-2365 - Added default IdentityStore.
This is an automated email from the ASF dual-hosted git repository.
radcortez pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomee.git
commit f1315f6c3eea5363272942415145ef34aab6c399
Author: Roberto Cortez <ra...@yahoo.com>
AuthorDate: Mon Dec 24 17:16:06 2018 +0000
TOMEE-2365 - Added default IdentityStore.
---
tomee/tomee-security/pom.xml | 14 +++++
.../enterprise/identitystore/IdentityStore.java | 38 +++++++++++--
.../identitystore/TomEEDefaultIdentityStore.java | 64 ++++++++++++++++++++++
3 files changed, 111 insertions(+), 5 deletions(-)
diff --git a/tomee/tomee-security/pom.xml b/tomee/tomee-security/pom.xml
index 09e19f3..a472bf6 100644
--- a/tomee/tomee-security/pom.xml
+++ b/tomee/tomee-security/pom.xml
@@ -37,8 +37,22 @@
<dependency>
<groupId>org.apache.tomee</groupId>
<artifactId>javaee-api</artifactId>
+ <scope>provided</scope>
</dependency>
<dependency>
+ <groupId>org.apache.tomcat</groupId>
+ <artifactId>tomcat-catalina</artifactId>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.tomee</groupId>
+ <artifactId>tomee-loader</artifactId>
+ <version>${project.version}</version>
+ <scope>provided</scope>
+ </dependency>
+
+ <!-- Test -->
+ <dependency>
<groupId>${project.groupId}</groupId>
<artifactId>tomee-embedded</artifactId>
<version>${project.version}</version>
diff --git a/tomee/tomee-security/src/main/java/javax/security/enterprise/identitystore/IdentityStore.java b/tomee/tomee-security/src/main/java/javax/security/enterprise/identitystore/IdentityStore.java
index badb400..36d2538 100644
--- a/tomee/tomee-security/src/main/java/javax/security/enterprise/identitystore/IdentityStore.java
+++ b/tomee/tomee-security/src/main/java/javax/security/enterprise/identitystore/IdentityStore.java
@@ -17,17 +17,45 @@
package javax.security.enterprise.identitystore;
import javax.security.enterprise.credential.Credential;
+import java.lang.invoke.MethodHandles;
+import java.util.EnumSet;
import java.util.Set;
+import static java.lang.invoke.MethodType.methodType;
+import static java.util.Collections.emptySet;
+import static javax.security.enterprise.identitystore.CredentialValidationResult.NOT_VALIDATED_RESULT;
+import static javax.security.enterprise.identitystore.IdentityStore.ValidationType.PROVIDE_GROUPS;
+import static javax.security.enterprise.identitystore.IdentityStore.ValidationType.VALIDATE;
+
public interface IdentityStore {
+ Set<ValidationType> DEFAULT_VALIDATION_TYPES = EnumSet.of(VALIDATE, PROVIDE_GROUPS);
- enum ValidationType { VALIDATE, PROVIDE_GROUPS }
+ default CredentialValidationResult validate(Credential credential) {
+ try {
+ return CredentialValidationResult.class.cast(
+ MethodHandles.lookup()
+ .bind(this, "validate", methodType(CredentialValidationResult.class, credential.getClass()))
+ .invoke(credential));
+ } catch (NoSuchMethodException e) {
+ return NOT_VALIDATED_RESULT;
+ } catch (Throwable e) {
+ throw new IllegalStateException(e);
+ }
+ }
- CredentialValidationResult validate(Credential credential);
+ default Set<String> getCallerGroups(CredentialValidationResult validationResult) {
+ return emptySet();
+ }
- Set<String> getCallerGroups(CredentialValidationResult validationResult);
+ default int priority() {
+ return 100;
+ }
- int priority();
+ default Set<ValidationType> validationTypes() {
+ return DEFAULT_VALIDATION_TYPES;
+ }
- Set<ValidationType> validationTypes();
+ enum ValidationType {
+ VALIDATE, PROVIDE_GROUPS
+ }
}
diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/identitystore/TomEEDefaultIdentityStore.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/identitystore/TomEEDefaultIdentityStore.java
new file mode 100644
index 0000000..a687ae1
--- /dev/null
+++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/identitystore/TomEEDefaultIdentityStore.java
@@ -0,0 +1,64 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.security.identitystore;
+
+import org.apache.catalina.User;
+import org.apache.catalina.UserDatabase;
+import org.apache.catalina.core.StandardServer;
+import org.apache.catalina.deploy.NamingResourcesImpl;
+import org.apache.tomcat.util.descriptor.web.ContextResource;
+import org.apache.tomee.loader.TomcatHelper;
+
+import javax.annotation.PostConstruct;
+import javax.enterprise.context.ApplicationScoped;
+import javax.security.enterprise.credential.UsernamePasswordCredential;
+import javax.security.enterprise.identitystore.CredentialValidationResult;
+import javax.security.enterprise.identitystore.IdentityStore;
+import java.util.HashSet;
+import java.util.Optional;
+import java.util.Set;
+
+@ApplicationScoped
+public class TomEEDefaultIdentityStore implements IdentityStore {
+ private UserDatabase userDatabase;
+
+ @PostConstruct
+ private void init() throws Exception {
+ final StandardServer server = TomcatHelper.getServer();
+ final NamingResourcesImpl resources = server.getGlobalNamingResources();
+ final ContextResource userDataBaseResource = resources.findResource("UserDatabase");
+ userDatabase = (UserDatabase) server.getGlobalNamingContext().lookup(userDataBaseResource.getName());
+ }
+
+ public CredentialValidationResult validate(final UsernamePasswordCredential credential) {
+ return Optional.ofNullable(userDatabase.findUser(credential.getCaller()))
+ .filter(user -> user.getPassword().equals(credential.getPasswordAsString()))
+ .map(user -> new CredentialValidationResult(user.getUsername(), getUserRoles(user)))
+ .orElse(CredentialValidationResult.INVALID_RESULT);
+ }
+
+ @Override
+ public Set<String> getCallerGroups(final CredentialValidationResult validationResult) {
+ return validationResult.getCallerGroups();
+ }
+
+ private Set<String> getUserRoles(final User user) {
+ final Set<String> roles = new HashSet<>();
+ user.getRoles().forEachRemaining(role -> roles.add(role.getRolename()));
+ return roles;
+ }
+}