You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by ra...@apache.org on 2019/01/17 13:10:21 UTC
[tomee] 07/17: TOMEE-2365 - Implemented SecurityContext
isCallerInRole.
This is an automated email from the ASF dual-hosted git repository.
radcortez pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomee.git
commit 348ee7dbec48cfce8e08eeb791c978b3518dd3b4
Author: Roberto Cortez <ra...@yahoo.com>
AuthorDate: Tue Jan 15 23:33:10 2019 +0000
TOMEE-2365 - Implemented SecurityContext isCallerInRole.
---
.../tomee/security/TomEESecurityContext.java | 10 ++++--
.../security/http/TomEEHttpMessageContext.java | 7 +----
.../security/context/SecurityContextTest.java | 36 +++++++++++++++++++++-
3 files changed, 43 insertions(+), 10 deletions(-)
diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/TomEESecurityContext.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/TomEESecurityContext.java
index 57df3f6..1ca2d89 100644
--- a/tomee/tomee-security/src/main/java/org/apache/tomee/security/TomEESecurityContext.java
+++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/TomEESecurityContext.java
@@ -18,6 +18,7 @@ package org.apache.tomee.security;
import org.apache.catalina.authenticator.jaspic.CallbackHandlerImpl;
import org.apache.catalina.connector.Request;
+import org.apache.catalina.realm.GenericPrincipal;
import org.apache.openejb.loader.SystemInstance;
import org.apache.openejb.spi.SecurityService;
import org.apache.tomee.catalina.OpenEJBSecurityListener;
@@ -39,6 +40,7 @@ import javax.security.enterprise.authentication.mechanism.http.AuthenticationPar
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.security.Principal;
+import java.util.ArrayList;
import java.util.Set;
import static javax.security.auth.message.AuthStatus.SEND_CONTINUE;
@@ -68,7 +70,7 @@ public class TomEESecurityContext implements SecurityContext {
@Override
public boolean isCallerInRole(final String role) {
- return false;
+ return securityService.isCallerInRole(role);
}
@Override
@@ -120,13 +122,15 @@ public class TomEESecurityContext implements SecurityContext {
return serverAuthConfig.getAuthContext(null, null, null);
}
- public static void registerContainerAboutLogin(final Principal principal) {
+ public static void registerContainerAboutLogin(final Principal principal, final Set<String> groups) {
final SecurityService securityService = SystemInstance.get().getComponent(SecurityService.class);
if (TomcatSecurityService.class.isInstance(securityService)) {
final TomcatSecurityService tomcatSecurityService = (TomcatSecurityService) securityService;
final Request request = OpenEJBSecurityListener.requests.get();
+ final GenericPrincipal genericPrincipal =
+ new GenericPrincipal(principal.getName(), null, new ArrayList<>(groups), principal);
tomcatSecurityService.enterWebApp(request.getWrapper().getRealm(),
- principal,
+ genericPrincipal,
request.getWrapper().getRunAs());
}
}
diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/http/TomEEHttpMessageContext.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/http/TomEEHttpMessageContext.java
index 16f3c29..ae77887 100644
--- a/tomee/tomee-security/src/main/java/org/apache/tomee/security/http/TomEEHttpMessageContext.java
+++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/http/TomEEHttpMessageContext.java
@@ -17,11 +17,6 @@
package org.apache.tomee.security.http;
import org.apache.catalina.authenticator.jaspic.MessageInfoImpl;
-import org.apache.catalina.connector.Request;
-import org.apache.openejb.loader.SystemInstance;
-import org.apache.openejb.spi.SecurityService;
-import org.apache.tomee.catalina.OpenEJBSecurityListener;
-import org.apache.tomee.catalina.TomcatSecurityService;
import org.apache.tomee.security.TomEESecurityContext;
import org.apache.tomee.security.message.TomEEMessageInfo;
@@ -209,7 +204,7 @@ public final class TomEEHttpMessageContext implements HttpMessageContext {
this.principal = principal;
this.groups = groups;
- TomEESecurityContext.registerContainerAboutLogin(principal);
+ TomEESecurityContext.registerContainerAboutLogin(principal, groups);
return SUCCESS;
}
diff --git a/tomee/tomee-security/src/test/java/org/apache/tomee/security/context/SecurityContextTest.java b/tomee/tomee-security/src/test/java/org/apache/tomee/security/context/SecurityContextTest.java
index fe491fb..4e626bd 100644
--- a/tomee/tomee-security/src/test/java/org/apache/tomee/security/context/SecurityContextTest.java
+++ b/tomee/tomee-security/src/test/java/org/apache/tomee/security/context/SecurityContextTest.java
@@ -17,7 +17,6 @@
package org.apache.tomee.security.context;
import org.apache.tomee.security.AbstractTomEESecurityTest;
-import org.junit.Ignore;
import org.junit.Test;
import javax.inject.Inject;
@@ -73,6 +72,21 @@ public class SecurityContextTest extends AbstractTomEESecurityTest {
}
@Test
+ public void callerInRole() throws Exception {
+ final String servlet = getAppUrl() + "/securityContextRole";
+ final Response response = ClientBuilder.newBuilder()
+ .build()
+ .target(servlet)
+ .queryParam("username", "tomcat")
+ .queryParam("password", "tomcat")
+ .queryParam("role", "tomcat")
+ .request()
+ .get();
+ assertEquals(200, response.getStatus());
+ assertEquals("ok", response.readEntity(String.class));
+ }
+
+ @Test
public void wrongPassword() throws Exception {
final String servlet = getAppUrl() + "/securityContext";
assertEquals(401, ClientBuilder.newBuilder().build()
@@ -127,6 +141,26 @@ public class SecurityContextTest extends AbstractTomEESecurityTest {
}
}
+ @WebServlet(urlPatterns = "/securityContextRole")
+ public static class RoleServlet extends HttpServlet {
+ @Inject
+ private SecurityContext securityContext;
+
+ @Override
+ protected void doGet(final HttpServletRequest req, final HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ final AuthenticationParameters parameters =
+ AuthenticationParameters.withParams()
+ .credential(new UsernamePasswordCredential(req.getParameter("username"),
+ req.getParameter("password")))
+ .newAuthentication(true);
+
+ securityContext.authenticate(req, resp, parameters);
+
+ resp.getWriter().write(securityContext.isCallerInRole(req.getParameter("role")) ? "ok" : "nok");
+ }
+ }
public static class SecurityContextHttpAuthenticationMechanism implements HttpAuthenticationMechanism {
@Inject