You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by jl...@apache.org on 2018/04/16 22:45:08 UTC
[04/38] tomee git commit: See if I can wire into the REST layer
See if I can wire into the REST layer
Project: http://git-wip-us.apache.org/repos/asf/tomee/repo
Commit: http://git-wip-us.apache.org/repos/asf/tomee/commit/9114b2af
Tree: http://git-wip-us.apache.org/repos/asf/tomee/tree/9114b2af
Diff: http://git-wip-us.apache.org/repos/asf/tomee/diff/9114b2af
Branch: refs/heads/master
Commit: 9114b2afc89c06664fcb9a80b1757af729bc7e54
Parents: 7c7236b
Author: Jean-Louis Monteiro <je...@gmail.com>
Authored: Wed Feb 21 16:29:21 2018 +0100
Committer: Jean-Louis Monteiro <je...@gmail.com>
Committed: Wed Feb 21 16:29:21 2018 +0100
----------------------------------------------------------------------
.../server/cxf/rs/CxfRsHttpListener.java | 2 +-
.../rs/event/ExtensionProviderRegistration.java | 9 +-
.../server/cxf/rs/MPJWTSecurityContextTest.java | 183 +++++++++++++++++++
3 files changed, 192 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/tomee/blob/9114b2af/server/openejb-cxf-rs/src/main/java/org/apache/openejb/server/cxf/rs/CxfRsHttpListener.java
----------------------------------------------------------------------
diff --git a/server/openejb-cxf-rs/src/main/java/org/apache/openejb/server/cxf/rs/CxfRsHttpListener.java b/server/openejb-cxf-rs/src/main/java/org/apache/openejb/server/cxf/rs/CxfRsHttpListener.java
index e10172f..305a1c1 100644
--- a/server/openejb-cxf-rs/src/main/java/org/apache/openejb/server/cxf/rs/CxfRsHttpListener.java
+++ b/server/openejb-cxf-rs/src/main/java/org/apache/openejb/server/cxf/rs/CxfRsHttpListener.java
@@ -1019,7 +1019,7 @@ public class CxfRsHttpListener implements RsHttpListener {
}
}
- SystemInstance.get().fireEvent(new ExtensionProviderRegistration(
+ SystemInstance.get().fireEvent(new ExtensionProviderRegistration(server,
AppFinder.findAppContextOrWeb(Thread.currentThread().getContextClassLoader(), AppFinder.AppContextTransformer.INSTANCE), providers));
if (!providers.isEmpty()) {
http://git-wip-us.apache.org/repos/asf/tomee/blob/9114b2af/server/openejb-cxf-rs/src/main/java/org/apache/openejb/server/cxf/rs/event/ExtensionProviderRegistration.java
----------------------------------------------------------------------
diff --git a/server/openejb-cxf-rs/src/main/java/org/apache/openejb/server/cxf/rs/event/ExtensionProviderRegistration.java b/server/openejb-cxf-rs/src/main/java/org/apache/openejb/server/cxf/rs/event/ExtensionProviderRegistration.java
index cfae25c..7af089f 100644
--- a/server/openejb-cxf-rs/src/main/java/org/apache/openejb/server/cxf/rs/event/ExtensionProviderRegistration.java
+++ b/server/openejb-cxf-rs/src/main/java/org/apache/openejb/server/cxf/rs/event/ExtensionProviderRegistration.java
@@ -16,6 +16,7 @@
*/
package org.apache.openejb.server.cxf.rs.event;
+import org.apache.cxf.endpoint.Server;
import org.apache.openejb.AppContext;
import org.apache.openejb.observer.Event;
@@ -25,10 +26,12 @@ import java.util.List;
// this event can allow to add/remove/resort providers
@Event
public class ExtensionProviderRegistration {
+ private final Server server;
private final List<Object> providers;
private final AppContext appContext;
- public ExtensionProviderRegistration(final AppContext ctx, final List<Object> existings) {
+ public ExtensionProviderRegistration(final Server server, final AppContext ctx, final List<Object> existings) {
+ this.server = server;
this.appContext = ctx;
this.providers = existings;
}
@@ -41,6 +44,10 @@ public class ExtensionProviderRegistration {
return providers;
}
+ public Server getServer() {
+ return server;
+ }
+
@Override
public String toString() {
return "ExtensionProviderRegistration{}";
http://git-wip-us.apache.org/repos/asf/tomee/blob/9114b2af/server/openejb-cxf-rs/src/test/java/org/apache/openejb/server/cxf/rs/MPJWTSecurityContextTest.java
----------------------------------------------------------------------
diff --git a/server/openejb-cxf-rs/src/test/java/org/apache/openejb/server/cxf/rs/MPJWTSecurityContextTest.java b/server/openejb-cxf-rs/src/test/java/org/apache/openejb/server/cxf/rs/MPJWTSecurityContextTest.java
new file mode 100644
index 0000000..ed13615
--- /dev/null
+++ b/server/openejb-cxf-rs/src/test/java/org/apache/openejb/server/cxf/rs/MPJWTSecurityContextTest.java
@@ -0,0 +1,183 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.openejb.server.cxf.rs;
+
+import org.apache.cxf.jaxrs.model.ApplicationInfo;
+import org.apache.openejb.jee.WebApp;
+import org.apache.openejb.junit.ApplicationComposer;
+import org.apache.openejb.loader.SystemInstance;
+import org.apache.openejb.observer.Observes;
+import org.apache.openejb.server.cxf.rs.event.ExtensionProviderRegistration;
+import org.apache.openejb.server.cxf.rs.event.ServerCreated;
+import org.apache.openejb.spi.SecurityService;
+import org.apache.openejb.testing.Classes;
+import org.apache.openejb.testing.Configuration;
+import org.apache.openejb.testing.EnableServices;
+import org.apache.openejb.testing.JaxrsProviders;
+import org.apache.openejb.testing.Module;
+import org.apache.openejb.testng.PropertiesBuilder;
+import org.apache.openejb.util.NetworkUtil;
+import org.eclipse.microprofile.auth.LoginConfig;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import javax.ws.rs.ApplicationPath;
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.client.ClientBuilder;
+import javax.ws.rs.container.ContainerRequestContext;
+import javax.ws.rs.container.ContainerRequestFilter;
+import javax.ws.rs.core.Application;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.SecurityContext;
+import javax.ws.rs.ext.Provider;
+import java.io.IOException;
+import java.security.Principal;
+import java.util.Objects;
+import java.util.Properties;
+
+import static org.junit.Assert.assertEquals;
+
+@EnableServices("jax-rs")
+@RunWith(ApplicationComposer.class)
+public class MPJWTSecurityContextTest {
+
+ private static int port = -1;
+
+ @BeforeClass
+ public static void beforeClass() {
+ port = NetworkUtil.getNextAvailablePort();
+ }
+
+ @Configuration
+ public Properties props() {
+ return new PropertiesBuilder()
+ .p("httpejbd.port", Integer.toString(port))
+ .p("observer", "new://Service?class-name=" + Observer.class.getName()) // properly packaged and auto registered
+ .build();
+ }
+
+ @Module
+ @Classes({ Res.class, RestApplication.class})
+ public WebApp war() {
+ return new WebApp()
+ .contextRoot("foo");
+ }
+
+ @Test
+ public void check() throws IOException {
+ assertEquals("true", ClientBuilder.newClient()
+ .target("http://127.0.0.1:" + port)
+ .path("foo/sc")
+ .queryParam("role", "therole")
+ .request()
+ .accept(MediaType.TEXT_PLAIN_TYPE)
+ .get(String.class));
+
+ assertEquals("false", ClientBuilder.newClient()
+ .target("http://127.0.0.1:" + port)
+ .path("foo/sc")
+ .queryParam("role", "another")
+ .request()
+ .accept(MediaType.TEXT_PLAIN_TYPE)
+ .get(String.class));
+ }
+
+ @LoginConfig(authMethod = "MP-JWT")
+ @ApplicationPath("/api")
+ public class RestApplication extends Application {
+
+ }
+
+ @Path("sc")
+ public static class Res {
+ @Context
+ private SecurityContext sc;
+
+ @GET
+ public boolean f() {
+ return sc.isUserInRole("therole");
+ }
+ }
+
+ // this should go into a proper artifact for MP-JWT and have the property file so it gets discovered automatically
+ public static class Observer {
+
+ public void obs(@Observes final ServerCreated event) {
+ System.out.println("Observer.obs");
+ final ApplicationInfo appInfo = (ApplicationInfo) event.getServer().getEndpoint().get("javax.ws.rs.core.Application");
+ final Application application = appInfo.getProvider();
+ final LoginConfig annotation = application.getClass().getAnnotation(LoginConfig.class);
+ if (annotation != null) {
+ // add the ContainerRequestFilter on the fly
+ }
+ }
+
+ public void extension(@Observes final ExtensionProviderRegistration registration) {
+ System.out.println("Observer.extension");
+ // nothing useful here because we cannot access the application
+ final ApplicationInfo appInfo = (ApplicationInfo) registration.getServer().getEndpoint().get("javax.ws.rs.core.Application");
+ final Application application = appInfo.getProvider();
+ final LoginConfig annotation = application.getClass().getAnnotation(LoginConfig.class);
+ if (annotation != null) {
+ // add the ContainerRequestFilter on the fly
+ registration.getProviders().add(new MySecuCtx());
+ }
+ }
+ }
+
+ // this should also be packaged into the same module and delegate to the security service
+ @Provider
+ public static class MySecuCtx implements ContainerRequestFilter {
+
+ private final SecurityService securityService;
+
+ public MySecuCtx() {
+ securityService = SystemInstance.get().getComponent(SecurityService.class);
+ Objects.requireNonNull(securityService, "A security context needs to be properly configured to enforce security in REST services");
+ }
+
+ @Override
+ public void filter(final ContainerRequestContext containerRequestContext) throws IOException {
+
+ containerRequestContext.setSecurityContext(new SecurityContext() {
+ @Override
+ public Principal getUserPrincipal() {
+ return securityService.getCallerPrincipal();
+ }
+
+ @Override
+ public boolean isUserInRole(final String s) {
+ return securityService.isCallerInRole(s);
+ }
+
+ @Override
+ public boolean isSecure() {
+ return false;
+ }
+
+ @Override
+ public String getAuthenticationScheme() {
+ return "MP-JWT";
+ }
+ });
+ }
+ }
+
+}