You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by ra...@apache.org on 2019/01/09 17:26:28 UTC

[tomee] 40/48: TOMEE-2365 - Implemented AutoApplySessionInterceptor.

This is an automated email from the ASF dual-hosted git repository.

radcortez pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomee.git

commit 429493011b829ffe33def7db0082bc3081eae7b7
Author: Roberto Cortez <ra...@yahoo.com>
AuthorDate: Mon Jan 7 17:04:42 2019 +0000

    TOMEE-2365 - Implemented AutoApplySessionInterceptor.
---
 .../security/cdi/AutoApplySessionInterceptor.java  | 76 ++++++++++++++++++++++
 .../tomee/security/cdi/TomEESecurityExtension.java |  1 +
 2 files changed, 77 insertions(+)

diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/AutoApplySessionInterceptor.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/AutoApplySessionInterceptor.java
new file mode 100644
index 0000000..5ed0aaa
--- /dev/null
+++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/AutoApplySessionInterceptor.java
@@ -0,0 +1,76 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.security.cdi;
+
+import javax.annotation.Priority;
+import javax.interceptor.AroundInvoke;
+import javax.interceptor.Interceptor;
+import javax.interceptor.InvocationContext;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.message.callback.CallerPrincipalCallback;
+import javax.security.enterprise.AuthenticationStatus;
+import javax.security.enterprise.authentication.mechanism.http.AutoApplySession;
+import javax.security.enterprise.authentication.mechanism.http.HttpMessageContext;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.security.Principal;
+import java.util.Arrays;
+
+import static javax.interceptor.Interceptor.Priority.PLATFORM_BEFORE;
+
+@AutoApplySession
+@Interceptor
+@Priority(PLATFORM_BEFORE + 200)
+public class AutoApplySessionInterceptor {
+    @AroundInvoke
+    public Object intercept(final InvocationContext invocationContext) throws Exception {
+        if (invocationContext.getMethod().getName().equals("validateRequest") &&
+            Arrays.equals(invocationContext.getMethod().getParameterTypes(), new Class<?>[]{
+                    HttpServletRequest.class,
+                    HttpServletResponse.class,
+                    HttpMessageContext.class
+            })) {
+            return validateRequest(invocationContext);
+        }
+
+        return invocationContext.proceed();
+    }
+
+    private AuthenticationStatus validateRequest(final InvocationContext invocationContext)
+            throws Exception {
+
+        final HttpMessageContext httpMessageContext = (HttpMessageContext) invocationContext.getParameters()[2];
+
+        final Principal principal = httpMessageContext.getRequest().getUserPrincipal();
+        if (principal == null) {
+            final Object authenticationStatus = invocationContext.proceed();
+
+            if (AuthenticationStatus.SUCCESS.equals(authenticationStatus)) {
+                httpMessageContext.getMessageInfo().getMap().put("javax.servlet.http.registerSession", "true");
+            }
+
+            return (AuthenticationStatus) authenticationStatus;
+        } else {
+            final CallerPrincipalCallback callerPrincipalCallback =
+                    new CallerPrincipalCallback(httpMessageContext.getClientSubject(), principal);
+
+            httpMessageContext.getHandler().handle(new Callback[] {callerPrincipalCallback});
+
+            return AuthenticationStatus.SUCCESS;
+        }
+    }
+}
diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityExtension.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityExtension.java
index 2fb9ef5..9343c3e 100644
--- a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityExtension.java
+++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityExtension.java
@@ -53,6 +53,7 @@ public class TomEESecurityExtension implements Extension {
         beforeBeanDiscovery.addAnnotatedType(beanManager.createAnnotatedType(TomEEDefaultIdentityStore.class));
         beforeBeanDiscovery.addAnnotatedType(beanManager.createAnnotatedType(TomEEIdentityStoreHandler.class));
 
+        beforeBeanDiscovery.addAnnotatedType(beanManager.createAnnotatedType(AutoApplySessionInterceptor.class));
         beforeBeanDiscovery.addAnnotatedType(beanManager.createAnnotatedType(LoginToContinueInterceptor.class));
     }