You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by jl...@apache.org on 2021/03/26 17:01:16 UTC
[tomee-jakarta] branch master updated (b726891 -> e351947)
This is an automated email from the ASF dual-hosted git repository.
jlmonteiro pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/tomee-jakarta.git.
from b726891 Remove src/patch/java reference
new 7a43bb1 Add a few provided dependencies so IntelliJ does not complain too much
new e351947 Add patched Tomcat callback handler for Jaspic
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
transform/pom.xml | 53 ++++++-
.../authenticator/jaspic/CallbackHandlerImpl.java | 156 +++++++++++++++++++++
2 files changed, 208 insertions(+), 1 deletion(-)
create mode 100644 transform/src/patch/java/org/apache/catalina/authenticator/jaspic/CallbackHandlerImpl.java
[tomee-jakarta] 02/02: Add patched Tomcat callback handler for
Jaspic
Posted by jl...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
jlmonteiro pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomee-jakarta.git
commit e3519472995f104e03e058d7b9900f3cadd259a6
Author: Jean-Louis Monteiro <jl...@tomitribe.com>
AuthorDate: Fri Mar 26 17:53:13 2021 +0100
Add patched Tomcat callback handler for Jaspic
---
.../authenticator/jaspic/CallbackHandlerImpl.java | 156 +++++++++++++++++++++
1 file changed, 156 insertions(+)
diff --git a/transform/src/patch/java/org/apache/catalina/authenticator/jaspic/CallbackHandlerImpl.java b/transform/src/patch/java/org/apache/catalina/authenticator/jaspic/CallbackHandlerImpl.java
new file mode 100644
index 0000000..6e4e60c
--- /dev/null
+++ b/transform/src/patch/java/org/apache/catalina/authenticator/jaspic/CallbackHandlerImpl.java
@@ -0,0 +1,156 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.authenticator.jaspic;
+
+import org.apache.catalina.Contained;
+import org.apache.catalina.Container;
+import org.apache.catalina.realm.GenericPrincipal;
+import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.res.StringManager;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.message.callback.CallerPrincipalCallback;
+import javax.security.auth.message.callback.GroupPrincipalCallback;
+import javax.security.auth.message.callback.PasswordValidationCallback;
+import java.io.IOException;
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+
+/**
+ * This is a clone of Tomcat default callback handler but with a better handling of the Generic Principals when more than
+ * one callback is used.
+ *
+ * For instance https://github.com/apache/tomcat/blob/master/java/org/apache/catalina/authenticator/jaspic/CallbackHandlerImpl.java#L96
+ * keeps adding new Generic Principals even for the same name whereas the authenticator base
+ * https://github.com/apache/tomcat/blob/master/java/org/apache/catalina/authenticator/AuthenticatorBase.java#L956
+ * randomly picks the first one. So it results in random failures
+ *
+ * See https://github.com/eclipse-ee4j/jakartaee-tck/issues/575
+ */
+public class CallbackHandlerImpl implements CallbackHandler, Contained {
+
+ private static final StringManager sm = StringManager.getManager(
+ org.apache.catalina.authenticator.jaspic.CallbackHandlerImpl.class);
+ private final Log log = LogFactory.getLog(org.apache.catalina.authenticator.jaspic.CallbackHandlerImpl.class); // must not be static
+
+ private Container container;
+
+
+ @Override
+ public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+
+ String name = null;
+ Principal principal = null;
+ Subject subject = null;
+ String[] groups = null;
+
+ if (callbacks != null) {
+ // Need to combine data from multiple callbacks so use this to hold
+ // the data
+ // Process the callbacks
+ for (Callback callback : callbacks) {
+ if (callback instanceof CallerPrincipalCallback) {
+ CallerPrincipalCallback cpc = (CallerPrincipalCallback) callback;
+ name = cpc.getName();
+ principal = cpc.getPrincipal();
+ subject = cpc.getSubject();
+ } else if (callback instanceof GroupPrincipalCallback) {
+ GroupPrincipalCallback gpc = (GroupPrincipalCallback) callback;
+ groups = gpc.getGroups();
+ } else if (callback instanceof PasswordValidationCallback) {
+ if (container == null) {
+ log.warn(sm.getString("callbackHandlerImpl.containerMissing", callback.getClass().getName()));
+ } else if (container.getRealm() == null) {
+ log.warn(sm.getString("callbackHandlerImpl.realmMissing",
+ callback.getClass().getName(), container.getName()));
+ } else {
+ PasswordValidationCallback pvc = (PasswordValidationCallback) callback;
+ principal = container.getRealm().authenticate(pvc.getUsername(),
+ String.valueOf(pvc.getPassword()));
+ subject = pvc.getSubject();
+ }
+ } else {
+ log.error(sm.getString("callbackHandlerImpl.jaspicCallbackMissing",
+ callback.getClass().getName()));
+ }
+ }
+
+ // Create the GenericPrincipal
+ Principal gp = getPrincipal(principal, name, groups);
+ if (subject != null && gp != null) {
+
+ // merge if needed
+ String mergeName = gp.getName();
+ List<String> mergeRoles = new ArrayList<>(Arrays.asList(((GenericPrincipal) gp).getRoles()));
+ Principal mergePrincipal = ((GenericPrincipal) gp).getUserPrincipal();
+
+ for (Object oPrincipal : subject.getPrivateCredentials()) {
+ if (!(oPrincipal instanceof GenericPrincipal)) {
+ continue;
+ }
+ final GenericPrincipal privateCredential = (GenericPrincipal) oPrincipal;
+ if (mergeName != null && mergeName.equals(privateCredential.getName())) {
+ mergeRoles.addAll(Arrays.asList(privateCredential.getRoles()));
+ subject.getPrivateCredentials().remove(oPrincipal);
+ }
+ }
+
+ subject.getPrivateCredentials().add(new GenericPrincipal(mergeName, null, mergeRoles, mergePrincipal));
+ }
+ }
+ }
+
+ private Principal getPrincipal(Principal principal, String name, String[] groups) {
+ // If the Principal is cached in the session JASPIC may simply return it
+ if (principal instanceof GenericPrincipal) {
+ return principal;
+ }
+ if (name == null && principal != null) {
+ name = principal.getName();
+ }
+ if (name == null) {
+ return null;
+ }
+ List<String> roles;
+ if (groups == null || groups.length == 0) {
+ roles = Collections.emptyList();
+ } else {
+ roles = Arrays.asList(groups);
+ }
+
+ return new GenericPrincipal(name, null, roles, principal);
+ }
+
+ // Contained interface methods
+ @Override
+ public Container getContainer() {
+ return this.container;
+ }
+
+
+ @Override
+ public void setContainer(Container container) {
+ this.container = container;
+ }
+}
[tomee-jakarta] 01/02: Add a few provided dependencies so IntelliJ
does not complain too much
Posted by jl...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
jlmonteiro pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomee-jakarta.git
commit 7a43bb1320a2eedce8ebd3267cb62626287a5a6b
Author: Jean-Louis Monteiro <jl...@tomitribe.com>
AuthorDate: Fri Mar 26 17:52:56 2021 +0100
Add a few provided dependencies so IntelliJ does not complain too much
---
transform/pom.xml | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 52 insertions(+), 1 deletion(-)
diff --git a/transform/pom.xml b/transform/pom.xml
index 5f7ebaf..b4c44ba 100644
--- a/transform/pom.xml
+++ b/transform/pom.xml
@@ -18,7 +18,8 @@
-->
<!-- $Rev$ $Date$ -->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
@@ -33,5 +34,55 @@
<name>TomEE :: Transform</name>
<description>Patches for TomEE Patch Plugin and Rules associated with the Eclipse Transformer</description>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>build-helper-maven-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>add-source</id>
+ <phase>generate-sources</phase>
+ <goals>
+ <goal>add-source</goal>
+ </goals>
+ <configuration>
+ <sources>
+ <source>src/patch/java</source>
+ </sources>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencies>
+ <!--
+
+ Provided dependencies so that IntelliJ does not complain too much
+
+ -->
+
+ <dependency>
+ <groupId>org.apache.tomee.bom</groupId>
+ <artifactId>tomee-plus</artifactId>
+ <version>${tomee.version}</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.tomee.bom</groupId>
+ <artifactId>tomee-plume</artifactId>
+ <version>${tomee.version}</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>jakarta.platform</groupId>
+ <artifactId>jakarta.jakartaee-api</artifactId>
+ <version>9.0.0</version>
+ <scope>provided</scope>
+ </dependency>
+
+ </dependencies>
</project>