You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by ra...@apache.org on 2019/01/09 17:26:16 UTC
[tomee] 28/48: TOMEE-2365 - Allow a generic authentication
mechanism for the entire app or specific ones per servlet.
This is an automated email from the ASF dual-hosted git repository.
radcortez pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomee.git
commit 6f8a939a7428f1c8164b26cadf469411148f14ac
Author: Roberto Cortez <ra...@yahoo.com>
AuthorDate: Thu Dec 27 12:32:49 2018 +0000
TOMEE-2365 - Allow a generic authentication mechanism for the entire app or specific ones per servlet.
---
.../cdi/DefaultAuthenticationMechanism.java | 37 ++++++++++++++++++++--
...curityServletAuthenticationMechanismMapper.java | 16 ++++++++++
2 files changed, 51 insertions(+), 2 deletions(-)
diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/DefaultAuthenticationMechanism.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/DefaultAuthenticationMechanism.java
index f7da0a6..54bb000 100644
--- a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/DefaultAuthenticationMechanism.java
+++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/DefaultAuthenticationMechanism.java
@@ -26,23 +26,56 @@ import javax.servlet.http.HttpServletResponse;
@ApplicationScoped
public class DefaultAuthenticationMechanism implements HttpAuthenticationMechanism {
+ private HttpAuthenticationMechanism delegate;
+
+ public DefaultAuthenticationMechanism() {
+ this.delegate = new EmptyAuthenticationMechanism();
+ }
+
@Override
public AuthenticationStatus validateRequest(final HttpServletRequest request, final HttpServletResponse response,
final HttpMessageContext httpMessageContext)
throws AuthenticationException {
- return httpMessageContext.doNothing();
+ return delegate.validateRequest(request, response, httpMessageContext);
}
@Override
public AuthenticationStatus secureResponse(final HttpServletRequest request, final HttpServletResponse response,
final HttpMessageContext httpMessageContext)
throws AuthenticationException {
- return null;
+ return delegate.secureResponse(request, response, httpMessageContext);
}
@Override
public void cleanSubject(final HttpServletRequest request, final HttpServletResponse response,
final HttpMessageContext httpMessageContext) {
+ delegate.cleanSubject(request, response, httpMessageContext);
+ }
+
+ public void setDelegate(final HttpAuthenticationMechanism delegate) {
+ this.delegate = delegate;
+ }
+
+ private static class EmptyAuthenticationMechanism implements HttpAuthenticationMechanism {
+ @Override
+ public AuthenticationStatus validateRequest(final HttpServletRequest request,
+ final HttpServletResponse response,
+ final HttpMessageContext httpMessageContext)
+ throws AuthenticationException {
+ return httpMessageContext.doNothing();
+ }
+
+ @Override
+ public AuthenticationStatus secureResponse(final HttpServletRequest request, final HttpServletResponse response,
+ final HttpMessageContext httpMessageContext)
+ throws AuthenticationException {
+ return httpMessageContext.doNothing();
+ }
+
+ @Override
+ public void cleanSubject(final HttpServletRequest request, final HttpServletResponse response,
+ final HttpMessageContext httpMessageContext) {
+ }
}
}
diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityServletAuthenticationMechanismMapper.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityServletAuthenticationMechanismMapper.java
index fff782e..d054783 100644
--- a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityServletAuthenticationMechanismMapper.java
+++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityServletAuthenticationMechanismMapper.java
@@ -19,6 +19,7 @@ package org.apache.tomee.security.cdi;
import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.context.Initialized;
import javax.enterprise.event.Observes;
+import javax.enterprise.inject.Instance;
import javax.enterprise.inject.spi.CDI;
import javax.inject.Inject;
import javax.security.enterprise.authentication.mechanism.http.BasicAuthenticationMechanismDefinition;
@@ -27,13 +28,17 @@ import javax.security.enterprise.authentication.mechanism.http.HttpAuthenticatio
import javax.servlet.ServletContext;
import javax.servlet.ServletRegistration;
import java.util.Map;
+import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
+import java.util.stream.Collectors;
@ApplicationScoped
public class TomEESecurityServletAuthenticationMechanismMapper {
private final Map<String, HttpAuthenticationMechanism> servletAuthenticationMapper = new ConcurrentHashMap<>();
@Inject
+ private Instance<HttpAuthenticationMechanism> authenticationMechanisms;
+ @Inject
private DefaultAuthenticationMechanism defaultAuthenticationMechanism;
public void init(@Observes @Initialized(ApplicationScoped.class) final ServletContext context) {
@@ -55,6 +60,17 @@ public class TomEESecurityServletAuthenticationMechanismMapper {
// Ignore
}
});
+
+ final Set<HttpAuthenticationMechanism> availableBeans =
+ authenticationMechanisms.stream().collect(Collectors.toSet());
+ availableBeans.removeAll(servletAuthenticationMapper.values());
+ availableBeans.remove(defaultAuthenticationMechanism);
+
+ if (availableBeans.size() == 1) {
+ defaultAuthenticationMechanism.setDelegate(availableBeans.iterator().next());
+ } else if (availableBeans.size() > 1) {
+ throw new IllegalStateException();
+ }
}
public HttpAuthenticationMechanism getCurrentAuthenticationMechanism(final String servletName) {