You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by rm...@apache.org on 2015/04/24 20:02:12 UTC
tomee git commit: TOMEE-1559 programmatic way to configure web.xml
security
Repository: tomee
Updated Branches:
refs/heads/master d941fc186 -> fdceeb5d4
TOMEE-1559 programmatic way to configure web.xml security
Project: http://git-wip-us.apache.org/repos/asf/tomee/repo
Commit: http://git-wip-us.apache.org/repos/asf/tomee/commit/fdceeb5d
Tree: http://git-wip-us.apache.org/repos/asf/tomee/tree/fdceeb5d
Diff: http://git-wip-us.apache.org/repos/asf/tomee/diff/fdceeb5d
Branch: refs/heads/master
Commit: fdceeb5d4aa4e9ad1ba3a9bcc64ef4efcc7563dc
Parents: d941fc1
Author: Romain Manni-Bucau <rm...@apache.org>
Authored: Fri Apr 24 20:02:04 2015 +0200
Committer: Romain Manni-Bucau <rm...@apache.org>
Committed: Fri Apr 24 20:02:04 2015 +0200
----------------------------------------------------------------------
.../apache/tomee/embedded/Configuration.java | 23 +++++++
.../org/apache/tomee/embedded/Container.java | 2 +-
.../tomee/embedded/LoginConfigBuilder.java | 65 ++++++++++++++++++++
.../embedded/SecurityConstaintBuilder.java | 59 ++++++++++++++++++
.../internal/StandardContextCustomizer.java | 15 ++++-
.../tomee/embedded/ClasspathAsWebappTest.java | 57 ++++++++++++++---
6 files changed, 209 insertions(+), 12 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/tomee/blob/fdceeb5d/tomee/tomee-embedded/src/main/java/org/apache/tomee/embedded/Configuration.java
----------------------------------------------------------------------
diff --git a/tomee/tomee-embedded/src/main/java/org/apache/tomee/embedded/Configuration.java b/tomee/tomee-embedded/src/main/java/org/apache/tomee/embedded/Configuration.java
index f504b7d..f54aff9 100644
--- a/tomee/tomee-embedded/src/main/java/org/apache/tomee/embedded/Configuration.java
+++ b/tomee/tomee-embedded/src/main/java/org/apache/tomee/embedded/Configuration.java
@@ -19,7 +19,9 @@ package org.apache.tomee.embedded;
import org.apache.openejb.util.NetworkUtil;
import java.io.File;
+import java.util.Collection;
import java.util.HashMap;
+import java.util.LinkedList;
import java.util.Map;
import java.util.Properties;
@@ -47,6 +49,9 @@ public class Configuration {
private String keyAlias;
private String sslProtocol;
+ private LoginConfigBuilder loginConfig;
+ private Collection<SecurityConstaintBuilder> securityConstraints = new LinkedList<>();
+
private boolean deployOpenEjbApp;
private Map<String, String> users;
@@ -274,4 +279,22 @@ public class Configuration {
this.roles.put(user, roles);
return this;
}
+
+ public LoginConfigBuilder getLoginConfig() {
+ return loginConfig;
+ }
+
+ public Configuration loginConfig(final LoginConfigBuilder loginConfig) {
+ this.loginConfig = loginConfig;
+ return this;
+ }
+
+ public Collection<SecurityConstaintBuilder> getSecurityConstraints() {
+ return securityConstraints;
+ }
+
+ public Configuration securityConstaint(final SecurityConstaintBuilder constraint) {
+ securityConstraints.add(constraint);
+ return this;
+ }
}
http://git-wip-us.apache.org/repos/asf/tomee/blob/fdceeb5d/tomee/tomee-embedded/src/main/java/org/apache/tomee/embedded/Container.java
----------------------------------------------------------------------
diff --git a/tomee/tomee-embedded/src/main/java/org/apache/tomee/embedded/Container.java b/tomee/tomee-embedded/src/main/java/org/apache/tomee/embedded/Container.java
index 7e148eb..4934700 100644
--- a/tomee/tomee-embedded/src/main/java/org/apache/tomee/embedded/Container.java
+++ b/tomee/tomee-embedded/src/main/java/org/apache/tomee/embedded/Container.java
@@ -248,7 +248,7 @@ public class Container implements AutoCloseable {
addCallersAsEjbModule(loader, app, additionalCallers);
- systemInstance.addObserver(new StandardContextCustomizer(webModule));
+ systemInstance.addObserver(new StandardContextCustomizer(configuration, webModule));
systemInstance.setComponent(AnnotationDeployer.FolderDDMapper.class, new AnnotationDeployer.FolderDDMapper() {
@Override
public File getDDFolder(final File dir) {
http://git-wip-us.apache.org/repos/asf/tomee/blob/fdceeb5d/tomee/tomee-embedded/src/main/java/org/apache/tomee/embedded/LoginConfigBuilder.java
----------------------------------------------------------------------
diff --git a/tomee/tomee-embedded/src/main/java/org/apache/tomee/embedded/LoginConfigBuilder.java b/tomee/tomee-embedded/src/main/java/org/apache/tomee/embedded/LoginConfigBuilder.java
new file mode 100644
index 0000000..6b68bd2
--- /dev/null
+++ b/tomee/tomee-embedded/src/main/java/org/apache/tomee/embedded/LoginConfigBuilder.java
@@ -0,0 +1,65 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.tomee.embedded;
+
+import org.apache.tomcat.util.descriptor.web.LoginConfig;
+
+public class LoginConfigBuilder {
+ private final LoginConfig loginConfig = new LoginConfig();
+
+ public LoginConfigBuilder setErrorPage(final String errorPage) {
+ loginConfig.setErrorPage(errorPage);
+ return this;
+ }
+
+ public LoginConfigBuilder setLoginPage(final String loginPage) {
+ loginConfig.setLoginPage(loginPage);
+ return this;
+ }
+
+ public LoginConfigBuilder setRealmName(final String realmName) {
+ loginConfig.setRealmName(realmName);
+ return this;
+ }
+
+ public LoginConfigBuilder setAuthMethod(final String authMethod) {
+ loginConfig.setAuthMethod(authMethod);
+ return this;
+ }
+
+ public LoginConfig build() {
+ return loginConfig;
+ }
+
+ public LoginConfigBuilder basic() {
+ return setAuthMethod("BASIC");
+ }
+
+ public LoginConfigBuilder digest() {
+ return setAuthMethod("DIGEST");
+ }
+
+ public LoginConfigBuilder clientCert() {
+ return setAuthMethod("CLIENT-CERT");
+ }
+
+ public LoginConfigBuilder form() {
+ return setAuthMethod("FORM");
+ }
+}
http://git-wip-us.apache.org/repos/asf/tomee/blob/fdceeb5d/tomee/tomee-embedded/src/main/java/org/apache/tomee/embedded/SecurityConstaintBuilder.java
----------------------------------------------------------------------
diff --git a/tomee/tomee-embedded/src/main/java/org/apache/tomee/embedded/SecurityConstaintBuilder.java b/tomee/tomee-embedded/src/main/java/org/apache/tomee/embedded/SecurityConstaintBuilder.java
new file mode 100644
index 0000000..84151b4
--- /dev/null
+++ b/tomee/tomee-embedded/src/main/java/org/apache/tomee/embedded/SecurityConstaintBuilder.java
@@ -0,0 +1,59 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.embedded;
+
+import org.apache.tomcat.util.descriptor.web.SecurityCollection;
+import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
+
+public class SecurityConstaintBuilder {
+ private final SecurityConstraint securityConstraint = new SecurityConstraint();
+
+ public SecurityConstaintBuilder authConstraint(final boolean authConstraint) {
+ securityConstraint.setAuthConstraint(authConstraint);
+ return this;
+ }
+
+ public SecurityConstaintBuilder setDisplayName(final String displayName) {
+ securityConstraint.setDisplayName(displayName);
+ return this;
+ }
+
+ public SecurityConstaintBuilder setUserConstraint(final String userConstraint) {
+ securityConstraint.setUserConstraint(userConstraint);
+ return this;
+ }
+
+ public SecurityConstaintBuilder addAuthRole(final String authRole) {
+ securityConstraint.addAuthRole(authRole);
+ return this;
+ }
+
+ public SecurityConstaintBuilder addCollection(final String name, final String pattern, final String... methods) {
+ final SecurityCollection collection = new SecurityCollection();
+ collection.setName(name);
+ collection.addPattern(pattern);
+ for (final String httpMethod : methods) {
+ collection.addMethod(httpMethod);
+ }
+ securityConstraint.addCollection(collection);
+ return this;
+ }
+
+ public SecurityConstraint build() {
+ return securityConstraint;
+ }
+}
http://git-wip-us.apache.org/repos/asf/tomee/blob/fdceeb5d/tomee/tomee-embedded/src/main/java/org/apache/tomee/embedded/internal/StandardContextCustomizer.java
----------------------------------------------------------------------
diff --git a/tomee/tomee-embedded/src/main/java/org/apache/tomee/embedded/internal/StandardContextCustomizer.java b/tomee/tomee-embedded/src/main/java/org/apache/tomee/embedded/internal/StandardContextCustomizer.java
index e1d4de6..17ded9e 100644
--- a/tomee/tomee-embedded/src/main/java/org/apache/tomee/embedded/internal/StandardContextCustomizer.java
+++ b/tomee/tomee-embedded/src/main/java/org/apache/tomee/embedded/internal/StandardContextCustomizer.java
@@ -29,6 +29,8 @@ import org.apache.openejb.observer.Observes;
import org.apache.openejb.util.URLs;
import org.apache.openejb.util.reflection.Reflections;
import org.apache.tomee.catalina.TomcatWebAppBuilder;
+import org.apache.tomee.embedded.Configuration;
+import org.apache.tomee.embedded.SecurityConstaintBuilder;
import java.io.File;
import java.net.URL;
@@ -36,9 +38,11 @@ import java.util.List;
public class StandardContextCustomizer {
private final WebModule module;
+ private final Configuration config;
- public StandardContextCustomizer(final WebModule webModule) {
+ public StandardContextCustomizer(final Configuration configuration, final WebModule webModule) {
module = webModule;
+ config = configuration;
}
public void customize(@Observes final LifecycleEvent event) {
@@ -82,6 +86,15 @@ public class StandardContextCustomizer {
resources.createWebResourceSet(WebResourceRoot.ResourceSetType.RESOURCE_JAR, "/", url, "/META-INF/resources");
}
}
+
+ if (config != null) {
+ if (config.getLoginConfig() != null) {
+ context.setLoginConfig(config.getLoginConfig().build());
+ }
+ for (final SecurityConstaintBuilder sc : config.getSecurityConstraints()) {
+ context.addConstraint(sc.build());
+ }
+ }
break;
case Lifecycle.CONFIGURE_START_EVENT:
SystemInstance.get().getComponent(TomcatWebAppBuilder.class).setFinderOnContextConfig(context, module.appModule());
http://git-wip-us.apache.org/repos/asf/tomee/blob/fdceeb5d/tomee/tomee-embedded/src/test/java/org/apache/tomee/embedded/ClasspathAsWebappTest.java
----------------------------------------------------------------------
diff --git a/tomee/tomee-embedded/src/test/java/org/apache/tomee/embedded/ClasspathAsWebappTest.java b/tomee/tomee-embedded/src/test/java/org/apache/tomee/embedded/ClasspathAsWebappTest.java
index 8475684..ec8227a 100644
--- a/tomee/tomee-embedded/src/test/java/org/apache/tomee/embedded/ClasspathAsWebappTest.java
+++ b/tomee/tomee-embedded/src/test/java/org/apache/tomee/embedded/ClasspathAsWebappTest.java
@@ -22,6 +22,17 @@ import org.apache.openejb.util.NetworkUtil;
import org.junit.Rule;
import org.junit.Test;
+import java.io.IOException;
+import java.lang.reflect.Modifier;
+import java.net.HttpURLConnection;
+import java.net.MalformedURLException;
+import java.net.URI;
+import java.net.URL;
+import java.security.Principal;
+import java.util.Iterator;
+import java.util.Set;
+import java.util.concurrent.CountDownLatch;
+import java.util.concurrent.TimeUnit;
import javax.ejb.EJB;
import javax.ejb.Singleton;
import javax.inject.Inject;
@@ -45,16 +56,10 @@ import javax.ws.rs.ApplicationPath;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.core.Application;
-import java.io.IOException;
-import java.lang.reflect.Modifier;
-import java.net.MalformedURLException;
-import java.net.URI;
-import java.net.URL;
-import java.util.Iterator;
-import java.util.Set;
-import java.util.concurrent.CountDownLatch;
-import java.util.concurrent.TimeUnit;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.SecurityContext;
+import static javax.xml.bind.DatatypeConverter.printBase64Binary;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
@@ -78,7 +83,10 @@ public class ClasspathAsWebappTest {
new Configuration()
.http(NetworkUtil.getNextAvailablePort())
.property("openejb.container.additional.exclude", "org.apache.tomee.embedded.")
- .property("openejb.additional.include", "tomee-"))
+ .property("openejb.additional.include", "tomee-")
+ .user("tomee", "tomeepwd")
+ .loginConfig(new LoginConfigBuilder().basic())
+ .securityConstaint(new SecurityConstaintBuilder().addAuthRole("**").authConstraint(true).addCollection("api", "/api/resource2/")))
.deployPathsAsWebapp(JarLocation.jarLocation(MyInitializer.class))
.inject(this)) {
@@ -128,6 +136,23 @@ public class ClasspathAsWebappTest {
fail(e.getMessage());
}
+ // JAXRS + servlet security
+ try {
+ final URL url = new URL("http://localhost:" + container.getConfiguration().getHttpPort() + "/api/resource2/");
+ final HttpURLConnection c = HttpURLConnection.class.cast(url.openConnection());
+ c.setRequestProperty("Authorization", "Basic " + printBase64Binary("tomee:tomeepwd".getBytes()));
+ assertEquals("tomee", IO.slurp(c.getInputStream()));
+ c.disconnect();
+ } catch (final IOException e) {
+ fail(e.getMessage());
+ }
+ try {
+ assertEquals("tomee", IO.slurp(new URL("http://tomee:tomeepwd@localhost:" + container.getConfiguration().getHttpPort() + "/api/resource2/")));
+ fail("should have been not authorized");
+ } catch (final IOException e) {
+ // ok
+ }
+
// WebSocket
final WebSocketContainer webSocketContainer = ContainerProvider.getWebSocketContainer();
try {
@@ -183,6 +208,18 @@ public class ClasspathAsWebappTest {
}
}
+ @Path("resource2")
+ public static class Secured {
+ @Context
+ private SecurityContext sc;
+
+ @GET
+ public String t() {
+ final Principal principal = sc.getUserPrincipal();
+ return principal.getName();
+ }
+ }
+
@WebServlet(urlPatterns = "/w")
public static class MyWebServlet extends HttpServlet {
@Override