You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by ra...@apache.org on 2019/01/09 17:26:24 UTC
[tomee] 36/48: TOMEE-2365 - Final step of form authentication.
Retrieve original request and authentication data and pass it to the
original requested resource.
This is an automated email from the ASF dual-hosted git repository.
radcortez pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomee.git
commit e635b265a610e6196c329a36972f5c4bbc6d9f48
Author: Roberto Cortez <ra...@yahoo.com>
AuthorDate: Fri Dec 28 14:58:24 2018 +0000
TOMEE-2365 - Final step of form authentication. Retrieve original request and authentication data and pass it to the original requested resource.
---
.../security/cdi/LoginToContinueInterceptor.java | 20 +++++++++++--
.../security/http/LoginToContinueMechanism.java | 9 ++++++
.../security/http/SavedHttpServletRequest.java | 34 ++++++++++++++++++++++
.../security/servlet/FormAuthServletTest.java | 5 ++--
4 files changed, 63 insertions(+), 5 deletions(-)
diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/LoginToContinueInterceptor.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/LoginToContinueInterceptor.java
index 1e0b0f3..612f779 100644
--- a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/LoginToContinueInterceptor.java
+++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/LoginToContinueInterceptor.java
@@ -17,6 +17,8 @@
package org.apache.tomee.security.cdi;
import org.apache.tomee.security.http.LoginToContinueMechanism;
+import org.apache.tomee.security.http.SavedAuthentication;
+import org.apache.tomee.security.http.SavedHttpServletRequest;
import org.apache.tomee.security.http.SavedRequest;
import javax.annotation.Priority;
@@ -33,6 +35,8 @@ import java.util.Arrays;
import static javax.interceptor.Interceptor.Priority.PLATFORM_BEFORE;
import static javax.security.enterprise.AuthenticationStatus.SEND_FAILURE;
import static javax.security.enterprise.AuthenticationStatus.SUCCESS;
+import static org.apache.tomee.security.http.LoginToContinueMechanism.clearRequestAndAuthentication;
+import static org.apache.tomee.security.http.LoginToContinueMechanism.getAuthentication;
import static org.apache.tomee.security.http.LoginToContinueMechanism.getRequest;
import static org.apache.tomee.security.http.LoginToContinueMechanism.hasAuthentication;
import static org.apache.tomee.security.http.LoginToContinueMechanism.hasRequest;
@@ -127,10 +131,20 @@ public class LoginToContinueInterceptor {
}
if (isOnOriginalURLAfterAuthenticate(httpMessageContext)) {
- return null;
+ final SavedRequest savedRequest = getRequest(httpMessageContext.getRequest());
+ final SavedAuthentication savedAuthentication = getAuthentication(httpMessageContext.getRequest());
+
+ clearRequestAndAuthentication(httpMessageContext.getRequest());
+
+ final SavedHttpServletRequest savedHttpServletRequest =
+ new SavedHttpServletRequest(httpMessageContext.getRequest(), savedRequest);
+
+ return httpMessageContext.withRequest(savedHttpServletRequest)
+ .notifyContainerAboutLogin(savedAuthentication.getPrincipal(),
+ savedAuthentication.getGroups());
}
- return null;
+ return (AuthenticationStatus) invocationContext.proceed();
}
private boolean isOnInitialProtectedURL(final HttpMessageContext httpMessageContext) {
@@ -142,7 +156,7 @@ public class LoginToContinueInterceptor {
}
private boolean isOnOriginalURLAfterAuthenticate(final HttpMessageContext httpMessageContext) {
- return false;
+ return hasRequest(httpMessageContext.getRequest()) && hasAuthentication(httpMessageContext.getRequest());
}
private LoginToContinue getLoginToContinue(final InvocationContext invocationContext) {
diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/http/LoginToContinueMechanism.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/http/LoginToContinueMechanism.java
index e67b4b4..7871595 100644
--- a/tomee/tomee-security/src/main/java/org/apache/tomee/security/http/LoginToContinueMechanism.java
+++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/http/LoginToContinueMechanism.java
@@ -132,4 +132,13 @@ public interface LoginToContinueMechanism {
static boolean hasAuthentication(final HttpServletRequest request) {
return request.getSession().getAttribute(AUTHENTICATION) != null;
}
+
+ static SavedAuthentication getAuthentication(final HttpServletRequest request) {
+ return (SavedAuthentication) request.getSession().getAttribute(AUTHENTICATION);
+ }
+
+ static void clearRequestAndAuthentication(final HttpServletRequest request) {
+ request.getSession().removeAttribute(ORIGINAL_REQUEST);
+ request.getSession().removeAttribute(AUTHENTICATION);
+ }
}
diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/http/SavedHttpServletRequest.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/http/SavedHttpServletRequest.java
new file mode 100644
index 0000000..5a91d5b
--- /dev/null
+++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/http/SavedHttpServletRequest.java
@@ -0,0 +1,34 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.security.http;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletRequestWrapper;
+
+public class SavedHttpServletRequest extends HttpServletRequestWrapper {
+ private final SavedRequest savedRequest;
+
+ public SavedHttpServletRequest(final HttpServletRequest request, final SavedRequest savedRequest) {
+ super(request);
+ this.savedRequest = savedRequest;
+ }
+
+ @Override
+ public String getMethod() {
+ return savedRequest.getMethod();
+ }
+}
diff --git a/tomee/tomee-security/src/test/java/org/apache/tomee/security/servlet/FormAuthServletTest.java b/tomee/tomee-security/src/test/java/org/apache/tomee/security/servlet/FormAuthServletTest.java
index f006388..8a63dd6 100644
--- a/tomee/tomee-security/src/test/java/org/apache/tomee/security/servlet/FormAuthServletTest.java
+++ b/tomee/tomee-security/src/test/java/org/apache/tomee/security/servlet/FormAuthServletTest.java
@@ -48,8 +48,9 @@ public class FormAuthServletTest extends AbstractTomEESecurityTest {
login.getInputByName("j_username").setValueAttribute("tomcat");
login.getInputByName("j_password").setValueAttribute("tomcat");
- final HtmlPage submit = login.getInputByName("submit").click();
- System.out.println("submit.toString() = " + submit.toString());
+ final Page result = login.getInputByName("submit").click();
+ assertEquals(200, result.getWebResponse().getStatusCode());
+ assertEquals("ok!", result.getWebResponse().getContentAsString());
}
@ApplicationScoped