You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by rm...@apache.org on 2012/06/01 01:42:28 UTC
svn commit: r1344942 - in
/openejb/trunk/openejb/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina:
OpenEJBSecurityListener.java TomEEJAASRealm.java
Author: rmannibucau
Date: Thu May 31 23:42:27 2012
New Revision: 1344942
URL: http://svn.apache.org/viewvc?rev=1344942&view=rev
Log:
TOMEE-212 managing request.login() in our securityservice
Added:
openejb/trunk/openejb/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/TomEEJAASRealm.java
Modified:
openejb/trunk/openejb/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/OpenEJBSecurityListener.java
Modified: openejb/trunk/openejb/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/OpenEJBSecurityListener.java
URL: http://svn.apache.org/viewvc/openejb/trunk/openejb/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/OpenEJBSecurityListener.java?rev=1344942&r1=1344941&r2=1344942&view=diff
==============================================================================
--- openejb/trunk/openejb/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/OpenEJBSecurityListener.java (original)
+++ openejb/trunk/openejb/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/OpenEJBSecurityListener.java Thu May 31 23:42:27 2012
@@ -23,6 +23,8 @@ import javax.servlet.AsyncListener;
import java.io.IOException;
public class OpenEJBSecurityListener implements AsyncListener {
+ static final ThreadLocal<Request> requests = new ThreadLocal<Request>();
+
private TomcatSecurityService securityService;
private Object oldState = null;
private Request request;
@@ -50,13 +52,18 @@ public class OpenEJBSecurityListener imp
public void enter() {
if (securityService != null && request.getWrapper() != null) {
+ requests.set(request);
oldState = securityService.enterWebApp(request.getWrapper().getRealm(), request.getPrincipal(), request.getWrapper().getRunAs());
}
}
public void exit() {
if (securityService != null) {
- securityService.exitWebApp(oldState);
+ try {
+ securityService.exitWebApp(oldState);
+ } finally {
+ requests.remove();
+ }
}
}
}
Added: openejb/trunk/openejb/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/TomEEJAASRealm.java
URL: http://svn.apache.org/viewvc/openejb/trunk/openejb/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/TomEEJAASRealm.java?rev=1344942&view=auto
==============================================================================
--- openejb/trunk/openejb/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/TomEEJAASRealm.java (added)
+++ openejb/trunk/openejb/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/TomEEJAASRealm.java Thu May 31 23:42:27 2012
@@ -0,0 +1,30 @@
+package org.apache.tomee.catalina;
+
+import java.security.Principal;
+import javax.security.auth.callback.CallbackHandler;
+import org.apache.catalina.realm.JAASRealm;
+import org.apache.openejb.loader.SystemInstance;
+import org.apache.openejb.spi.SecurityService;
+
+public class TomEEJAASRealm extends JAASRealm {
+ @Override
+ protected Principal authenticate(String username, CallbackHandler callbackHandler) {
+ final Principal principal = super.authenticate(username, callbackHandler);
+ if (principal == null) {
+ return null;
+ }
+
+ final TomcatSecurityService ss = (TomcatSecurityService) SystemInstance.get().getComponent(SecurityService.class);
+ if (ss != null) {
+ // normally we don't care about oldstate because the listener already contains one
+ // which is the previous one
+ // so no need to clean twice here
+ if (OpenEJBSecurityListener.requests.get() != null) {
+ ss.enterWebApp(this, principal, OpenEJBSecurityListener.requests.get().getWrapper().getRunAs());
+ } else {
+ ss.enterWebApp(this, principal, null);
+ }
+ }
+ return principal;
+ }
+}
Re: JAAS Realm change (Re: svn commit: r1344942)
Posted by Romain Manni-Bucau <rm...@gmail.com>.
done
- Romain
2012/6/1 David Blevins <da...@gmail.com>
> > public class OpenEJBSecurityListener implements AsyncListener {
> > + static final ThreadLocal<Request> requests = new
> ThreadLocal<Request>();
>
>
> > +public class TomEEJAASRealm extends JAASRealm {
> [...]
> > + // so no need to clean twice here
> > + if (OpenEJBSecurityListener.requests.get() != null) {
> > + ss.enterWebApp(this, principal,
> OpenEJBSecurityListener.requests.get().getWrapper().getRunAs());
>
> Slight style change to better encapsulate this thread local.
>
> Let's move the ThreadLocal to be a non-static private field in
> TomEEJAASRealm, then add 'enter(Request)' and 'exit()' methods to
> TomEEJAASRealm.
>
> The OpenEJBSecurityListener would then check the realm impl to see if it
> was TomEEJAASRealm and call the enter/exit methods instead of doing the
> thread local management itself.
>
> Slight tweak which makes it clearer who needs the ThreadLocal and also
> prevents its use in places where we don't intent (and it actually wouldn't
> exist at all unless you were using the JAASRealm which is not common).
>
> Thoughts?
>
>
> -David
>
>
>
JAAS Realm change (Re: svn commit: r1344942)
Posted by David Blevins <da...@gmail.com>.
> public class OpenEJBSecurityListener implements AsyncListener {
> + static final ThreadLocal<Request> requests = new ThreadLocal<Request>();
> +public class TomEEJAASRealm extends JAASRealm {
[...]
> + // so no need to clean twice here
> + if (OpenEJBSecurityListener.requests.get() != null) {
> + ss.enterWebApp(this, principal, OpenEJBSecurityListener.requests.get().getWrapper().getRunAs());
Slight style change to better encapsulate this thread local.
Let's move the ThreadLocal to be a non-static private field in TomEEJAASRealm, then add 'enter(Request)' and 'exit()' methods to TomEEJAASRealm.
The OpenEJBSecurityListener would then check the realm impl to see if it was TomEEJAASRealm and call the enter/exit methods instead of doing the thread local management itself.
Slight tweak which makes it clearer who needs the ThreadLocal and also prevents its use in places where we don't intent (and it actually wouldn't exist at all unless you were using the JAASRealm which is not common).
Thoughts?
-David