You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by ra...@apache.org on 2019/01/09 17:26:24 UTC

[tomee] 36/48: TOMEE-2365 - Final step of form authentication. Retrieve original request and authentication data and pass it to the original requested resource.

This is an automated email from the ASF dual-hosted git repository.

radcortez pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomee.git

commit e635b265a610e6196c329a36972f5c4bbc6d9f48
Author: Roberto Cortez <ra...@yahoo.com>
AuthorDate: Fri Dec 28 14:58:24 2018 +0000

    TOMEE-2365 - Final step of form authentication. Retrieve original request and authentication data and pass it to the original requested resource.
---
 .../security/cdi/LoginToContinueInterceptor.java   | 20 +++++++++++--
 .../security/http/LoginToContinueMechanism.java    |  9 ++++++
 .../security/http/SavedHttpServletRequest.java     | 34 ++++++++++++++++++++++
 .../security/servlet/FormAuthServletTest.java      |  5 ++--
 4 files changed, 63 insertions(+), 5 deletions(-)

diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/LoginToContinueInterceptor.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/LoginToContinueInterceptor.java
index 1e0b0f3..612f779 100644
--- a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/LoginToContinueInterceptor.java
+++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/LoginToContinueInterceptor.java
@@ -17,6 +17,8 @@
 package org.apache.tomee.security.cdi;
 
 import org.apache.tomee.security.http.LoginToContinueMechanism;
+import org.apache.tomee.security.http.SavedAuthentication;
+import org.apache.tomee.security.http.SavedHttpServletRequest;
 import org.apache.tomee.security.http.SavedRequest;
 
 import javax.annotation.Priority;
@@ -33,6 +35,8 @@ import java.util.Arrays;
 import static javax.interceptor.Interceptor.Priority.PLATFORM_BEFORE;
 import static javax.security.enterprise.AuthenticationStatus.SEND_FAILURE;
 import static javax.security.enterprise.AuthenticationStatus.SUCCESS;
+import static org.apache.tomee.security.http.LoginToContinueMechanism.clearRequestAndAuthentication;
+import static org.apache.tomee.security.http.LoginToContinueMechanism.getAuthentication;
 import static org.apache.tomee.security.http.LoginToContinueMechanism.getRequest;
 import static org.apache.tomee.security.http.LoginToContinueMechanism.hasAuthentication;
 import static org.apache.tomee.security.http.LoginToContinueMechanism.hasRequest;
@@ -127,10 +131,20 @@ public class LoginToContinueInterceptor {
         }
 
         if (isOnOriginalURLAfterAuthenticate(httpMessageContext)) {
-            return null;
+            final SavedRequest savedRequest = getRequest(httpMessageContext.getRequest());
+            final SavedAuthentication savedAuthentication = getAuthentication(httpMessageContext.getRequest());
+
+            clearRequestAndAuthentication(httpMessageContext.getRequest());
+
+            final SavedHttpServletRequest savedHttpServletRequest =
+                    new SavedHttpServletRequest(httpMessageContext.getRequest(), savedRequest);
+
+            return httpMessageContext.withRequest(savedHttpServletRequest)
+                                     .notifyContainerAboutLogin(savedAuthentication.getPrincipal(),
+                                                                savedAuthentication.getGroups());
         }
 
-        return null;
+        return (AuthenticationStatus) invocationContext.proceed();
     }
 
     private boolean isOnInitialProtectedURL(final HttpMessageContext httpMessageContext) {
@@ -142,7 +156,7 @@ public class LoginToContinueInterceptor {
     }
 
     private boolean isOnOriginalURLAfterAuthenticate(final HttpMessageContext httpMessageContext) {
-        return false;
+        return hasRequest(httpMessageContext.getRequest()) && hasAuthentication(httpMessageContext.getRequest());
     }
 
     private LoginToContinue getLoginToContinue(final InvocationContext invocationContext) {
diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/http/LoginToContinueMechanism.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/http/LoginToContinueMechanism.java
index e67b4b4..7871595 100644
--- a/tomee/tomee-security/src/main/java/org/apache/tomee/security/http/LoginToContinueMechanism.java
+++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/http/LoginToContinueMechanism.java
@@ -132,4 +132,13 @@ public interface LoginToContinueMechanism {
     static boolean hasAuthentication(final HttpServletRequest request) {
         return request.getSession().getAttribute(AUTHENTICATION) != null;
     }
+
+    static SavedAuthentication getAuthentication(final HttpServletRequest request) {
+        return (SavedAuthentication) request.getSession().getAttribute(AUTHENTICATION);
+    }
+
+    static void clearRequestAndAuthentication(final HttpServletRequest request) {
+        request.getSession().removeAttribute(ORIGINAL_REQUEST);
+        request.getSession().removeAttribute(AUTHENTICATION);
+    }
 }
diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/http/SavedHttpServletRequest.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/http/SavedHttpServletRequest.java
new file mode 100644
index 0000000..5a91d5b
--- /dev/null
+++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/http/SavedHttpServletRequest.java
@@ -0,0 +1,34 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.security.http;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletRequestWrapper;
+
+public class SavedHttpServletRequest extends HttpServletRequestWrapper {
+    private final SavedRequest savedRequest;
+
+    public SavedHttpServletRequest(final HttpServletRequest request, final SavedRequest savedRequest) {
+        super(request);
+        this.savedRequest = savedRequest;
+    }
+
+    @Override
+    public String getMethod() {
+        return savedRequest.getMethod();
+    }
+}
diff --git a/tomee/tomee-security/src/test/java/org/apache/tomee/security/servlet/FormAuthServletTest.java b/tomee/tomee-security/src/test/java/org/apache/tomee/security/servlet/FormAuthServletTest.java
index f006388..8a63dd6 100644
--- a/tomee/tomee-security/src/test/java/org/apache/tomee/security/servlet/FormAuthServletTest.java
+++ b/tomee/tomee-security/src/test/java/org/apache/tomee/security/servlet/FormAuthServletTest.java
@@ -48,8 +48,9 @@ public class FormAuthServletTest extends AbstractTomEESecurityTest {
         login.getInputByName("j_username").setValueAttribute("tomcat");
         login.getInputByName("j_password").setValueAttribute("tomcat");
 
-        final HtmlPage submit = login.getInputByName("submit").click();
-        System.out.println("submit.toString() = " + submit.toString());
+        final Page result = login.getInputByName("submit").click();
+        assertEquals(200, result.getWebResponse().getStatusCode());
+        assertEquals("ok!", result.getWebResponse().getContentAsString());
     }
 
     @ApplicationScoped