You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by re...@apache.org on 2019/11/15 11:13:10 UTC
[tomcat] branch master updated: A few OWB cleanups based on review
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new 2240c8d A few OWB cleanups based on review
2240c8d is described below
commit 2240c8db50e953e72940327c3f0ff6fb002446d2
Author: remm <re...@apache.org>
AuthorDate: Fri Nov 15 12:12:58 2019 +0100
A few OWB cleanups based on review
... That I didn't see before.
Add security filter in addition to the valve.
Use custom appender for shade process.
---
modules/owb/pom.xml | 13 +-
.../OpenWebBeansContextLifecycleListener.java | 38 ++++--
.../webbeans/web/tomcat/OpenWebBeansListener.java | 21 +++
.../web/tomcat/OpenWebBeansSecurityFilter.java | 65 ++++++++++
.../apache/webbeans/web/tomcat/TomcatPlugin.java | 3 +-
.../META-INF/openwebbeans/openwebbeans.properties | 144 +--------------------
webapps/docs/changelog.xml | 10 ++
7 files changed, 140 insertions(+), 154 deletions(-)
diff --git a/modules/owb/pom.xml b/modules/owb/pom.xml
index 1db0fda..4be4fb8 100644
--- a/modules/owb/pom.xml
+++ b/modules/owb/pom.xml
@@ -95,7 +95,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-shade-plugin</artifactId>
- <version>3.0.0</version>
+ <version>3.2.1</version>
<!--<version>3.2.2</version>-->
<executions>
<execution>
@@ -106,7 +106,8 @@
<configuration>
<createDependencyReducedPom>false</createDependencyReducedPom>
<transformers>
- <!--<transformer implementation="org.apache.maven.plugins.shade.resource.properties.OpenWebBeansPropertiesTransformer"/>-->
+ <transformer implementation="org.apache.openwebbeans.maven.shade.OpenWebBeansPropertiesTransformer" />
+ <!-- With Shade 3.2.2 <transformer implementation="org.apache.maven.plugins.shade.resource.properties.OpenWebBeansPropertiesTransformer"/>-->
<transformer implementation="org.apache.maven.plugins.shade.resource.ManifestResourceTransformer">
<mainClass>${mainClass}</mainClass>
</transformer>
@@ -114,6 +115,14 @@
</configuration>
</execution>
</executions>
+ <!-- Remove after Shade 3.2.2 -->
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.openwebbeans</groupId>
+ <artifactId>openwebbeans-maven</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ </dependencies>
</plugin>
</plugins>
</build>
diff --git a/modules/owb/src/main/java/org/apache/webbeans/web/tomcat/OpenWebBeansContextLifecycleListener.java b/modules/owb/src/main/java/org/apache/webbeans/web/tomcat/OpenWebBeansContextLifecycleListener.java
index 909c7f4..e926cd7 100644
--- a/modules/owb/src/main/java/org/apache/webbeans/web/tomcat/OpenWebBeansContextLifecycleListener.java
+++ b/modules/owb/src/main/java/org/apache/webbeans/web/tomcat/OpenWebBeansContextLifecycleListener.java
@@ -36,6 +36,26 @@ import org.apache.webbeans.servlet.WebBeansConfigurationListener;
public class OpenWebBeansContextLifecycleListener implements LifecycleListener {
/**
+ * Add security valve.
+ */
+ protected boolean addSecurityValve = true;
+
+ /**
+ * @return true to add the security valve
+ */
+ public boolean getAddSecurityValve() {
+ return addSecurityValve;
+ }
+
+ /**
+ * Configure if a security valve will be added
+ * @param addSecurityValve the addSecurityValve to set
+ */
+ public void setAddSecurityValve(boolean addSecurityValve) {
+ this.addSecurityValve = addSecurityValve;
+ }
+
+ /**
* Start without a beans.xml file.
*/
protected boolean startWithoutBeansXml = true;
@@ -88,15 +108,17 @@ public class OpenWebBeansContextLifecycleListener implements LifecycleListener {
((Lifecycle) pipeline).addLifecycleListener(this);
}
}
- // Add security valve
- boolean securityValveFound = false;
- for (Valve valve : pipeline.getValves()) {
- if (valve instanceof OpenWebBeansSecurityValve) {
- securityValveFound = true;
+ if (getAddSecurityValve()) {
+ // Add security valve
+ boolean securityValveFound = false;
+ for (Valve valve : pipeline.getValves()) {
+ if (valve instanceof OpenWebBeansSecurityValve) {
+ securityValveFound = true;
+ }
+ }
+ if (!securityValveFound) {
+ pipeline.addValve(new OpenWebBeansSecurityValve());
}
- }
- if (!securityValveFound) {
- pipeline.addValve(new OpenWebBeansSecurityValve());
}
}
}
diff --git a/modules/owb/src/main/java/org/apache/webbeans/web/tomcat/OpenWebBeansListener.java b/modules/owb/src/main/java/org/apache/webbeans/web/tomcat/OpenWebBeansListener.java
index dcab474..9e74d1e 100644
--- a/modules/owb/src/main/java/org/apache/webbeans/web/tomcat/OpenWebBeansListener.java
+++ b/modules/owb/src/main/java/org/apache/webbeans/web/tomcat/OpenWebBeansListener.java
@@ -35,11 +35,32 @@ public class OpenWebBeansListener extends FrameworkListener {
@Override
protected LifecycleListener createLifecycleListener(Context context) {
OpenWebBeansContextLifecycleListener listener = new OpenWebBeansContextLifecycleListener();
+ listener.setAddSecurityValve(getAddSecurityValve());
listener.setStartWithoutBeansXml(getStartWithoutBeansXml());
return listener;
}
/**
+ * Add security valve.
+ */
+ protected boolean addSecurityValve = true;
+
+ /**
+ * @return true to add the security valve
+ */
+ public boolean getAddSecurityValve() {
+ return addSecurityValve;
+ }
+
+ /**
+ * Configure if a security valve will be added
+ * @param addSecurityValve the addSecurityValve to set
+ */
+ public void setAddSecurityValve(boolean addSecurityValve) {
+ this.addSecurityValve = addSecurityValve;
+ }
+
+ /**
* Start without a beans.xml file.
*/
protected boolean startWithoutBeansXml = true;
diff --git a/modules/owb/src/main/java/org/apache/webbeans/web/tomcat/OpenWebBeansSecurityFilter.java b/modules/owb/src/main/java/org/apache/webbeans/web/tomcat/OpenWebBeansSecurityFilter.java
new file mode 100644
index 0000000..2526cdf
--- /dev/null
+++ b/modules/owb/src/main/java/org/apache/webbeans/web/tomcat/OpenWebBeansSecurityFilter.java
@@ -0,0 +1,65 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.webbeans.web.tomcat;
+
+import java.io.IOException;
+import java.security.Principal;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+
+
+/**
+ * Filter which sets the UserPrincipal into a ThreadLocal
+ * to make it injectable via a CDI Producer. This is an alternative
+ * to the valve to allow configuration at the webapp level as well.
+ */
+public class OpenWebBeansSecurityFilter implements Filter {
+
+ private static ThreadLocal<Principal> principal = new ThreadLocal<>();
+
+ public static Principal getPrincipal() {
+ return principal.get();
+ }
+
+ @Override
+ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
+ throws IOException, ServletException {
+ try {
+ if (request instanceof HttpServletRequest) {
+ Principal p = ((HttpServletRequest) request).getUserPrincipal();
+ if (p != null) {
+ principal.set(p);
+ }
+ }
+
+ // continue with the request
+ chain.doFilter(request, response);
+ } finally {
+ if (principal.get() != null) {
+ principal.remove();
+ }
+ }
+ }
+
+}
diff --git a/modules/owb/src/main/java/org/apache/webbeans/web/tomcat/TomcatPlugin.java b/modules/owb/src/main/java/org/apache/webbeans/web/tomcat/TomcatPlugin.java
index 7eb8f21..3797544 100644
--- a/modules/owb/src/main/java/org/apache/webbeans/web/tomcat/TomcatPlugin.java
+++ b/modules/owb/src/main/java/org/apache/webbeans/web/tomcat/TomcatPlugin.java
@@ -47,7 +47,8 @@ public class TomcatPlugin extends AbstractOwbPlugin {
/**
* Security service implementation.
*/
- private final TomcatSecurityService securityService = new TomcatSecurityService(WebBeansContext.getInstance());
+ private final TomcatSecurityService securityService =
+ (TomcatSecurityService) WebBeansContext.getInstance().getSecurityService();
@Override
public <T> T getSupportedService(Class<T> serviceClass) {
diff --git a/modules/owb/src/main/resources/META-INF/openwebbeans/openwebbeans.properties b/modules/owb/src/main/resources/META-INF/openwebbeans/openwebbeans.properties
index b1d0ae4..fbb0917 100644
--- a/modules/owb/src/main/resources/META-INF/openwebbeans/openwebbeans.properties
+++ b/modules/owb/src/main/resources/META-INF/openwebbeans/openwebbeans.properties
@@ -14,147 +14,5 @@
#KIND, either express or implied. See the License for the
#specific language governing permissions and limitations
#under the License.
-
+configuration.ordinal=1000
org.apache.webbeans.spi.SecurityService=org.apache.webbeans.web.tomcat.TomcatSecurityService
-
-# Remove if using shade 3.2.2 and OpenWebBeansPropertiesTransformer
-org.apache.webbeans.spi.adaptor.ELAdaptor=org.apache.webbeans.el22.EL22Adaptor
-org.apache.webbeans.spi.ContainerLifecycle=org.apache.webbeans.web.lifecycle.WebContainerLifecycle
-org.apache.webbeans.spi.ScannerService=org.apache.webbeans.web.scanner.WebScannerService
-org.apache.webbeans.spi.ContextsService=org.apache.webbeans.web.context.WebContextsService
-org.apache.webbeans.application.jsp=true
-org.apache.webbeans.spi.ConversationService=org.apache.webbeans.web.context.WebConversationService
-org.apache.webbeans.application.supportsConversation=true
-org.apache.webbeans.spi.JNDIService=org.apache.webbeans.corespi.se.DefaultJndiService
-org.apache.webbeans.spi.BeanArchiveService=org.apache.webbeans.xml.DefaultBeanArchiveService
-org.apache.webbeans.spi.ApplicationBoundaryService=org.apache.webbeans.corespi.se.DefaultApplicationBoundaryService
-org.apache.webbeans.spi.LoaderService=org.apache.webbeans.service.DefaultLoaderService
-org.apache.webbeans.spi.deployer.useEjbMetaDataDiscoveryService=false
-org.apache.webbeans.spi.InjectionPointService=org.apache.webbeans.service.DefaultInjectionPointService
-org.apache.webbeans.service.DefaultInjectionPointService.implicitSupport = true
-org.apache.webbeans.useBDABeansXMLScanner=false
-org.apache.webbeans.proxy.mapping.javax.enterprise.context.ApplicationScoped=org.apache.webbeans.intercept.ApplicationScopedBeanInterceptorHandler
-org.apache.webbeans.proxy.mapping.javax.enterprise.context.RequestScoped=org.apache.webbeans.intercept.RequestScopedBeanInterceptorHandler
-org.apache.webbeans.proxy.mapping.javax.enterprise.context.SessionScoped=org.apache.webbeans.intercept.SessionScopedBeanInterceptorHandler
-org.apache.webbeans.web.eagerSessionInitialisation=false
-
-######################### Bean Scanning ########################################################
-# A list of known JARs/paths which should not be scanned for beans
-# if they don't have an explicit META-INF/beans.xml
-org.apache.webbeans.scanExclusionPaths=/jre/lib, \
- /Contents/Home/, \
- /dt.jar, \
- /tools.jar, \
- /bootstrap.jar, \
- /asm, \
- /javassist, \
- /xbean-, \
- /jconsole.jar, \
- /geronimo-connector,\
- /geronimo-j2ee-,\
- /geronimo-jpa_,\
- /geronimo-javamail,\
- /geronimo-transaction,\
- /commons-, \
- /arquillian-, \
- /bsh-, \
- /shrinkwrap-, \
- /junit-, \
- /testng-, \
- /openjpa-, \
- /bcel, \
- /hamcrest, \
- /mysql-connector, \
- /testng, \
- /idea_rt, \
- /eclipse, \
- /jcommander, \
- /tomcat, \
- /catalina, \
- /jasper, \
- /jsp-api, \
- /myfaces-api, \
- /myfaces-impl, \
- /servlet-api, \
- /javax, \
- /annotation-api, \
- /el-api, \
- /mojarra, \
- /sisu-guice-, \
- /sisu-inject-, \
- /aether-, \
- /plexus-, \
- /maven-, \
- /guava-, \
- /openwebbeans-, \
- /bcprov-jdk14-, \
- /bcmail-jdk14-, \
- /bctsp-jdk14-, \
- /bcmail-jdk14-, \
- /ss_css2-, \
- /itext-, \
- /pd4ml-, \
- /xmlpull-, \
- /log4j-, \
- /slf4j-, \
- /logkit, \
- /gson-, \
- /xstream-, \
- /httpclient-, \
- /httpcore-, \
- /backport-util-concurrent-, \
- /xml-apis, \
- /xpp3_min-, \
- /bval-core, \
- /bval-jsr, \
- /hsqldb, \
- /quartz-2, \
- /jetty-, \
- /plexus-, \
- /surefire-, \
- /byte-buddy-, \
- /cglib-, \
- /okhttp-, \
- /htmlunit-, \
- /wagon-http-, \
- /wagon-provider-, \
- /wagon-file-, \
- /phantomjsdriver, \
- /error_prone_annotations-, \
- /j2objc-, \
- /xalan-, \
- /aopalliance-, \
- /owasp-, \
- /jdom2-, \
- /jfreechart-, \
- /stax-api-, \
- /jboss-logging-, \
- /barcode4j-, \
- /poi-, \
- /selenium-, \
- /graphene-, \
- /httpmime-, \
- /cssparser-, \
- /animal-sniffer-annotations-, \
- /objenesis-, \
- /xercesImpl-, \
- /neko-htmlunit-, \
- /checker-compat-qual-, \
- /awaitility-, \
- /okio-, \
- /jsr305-, \
- /guice-, \
- /jsoup-
-################################################################################################
-
-
-######################### Bean Scanning ########################################################
-# A list of known classes which might contain final methods but should be proxyable nonetheless
-# Some of those classes are from the JDK and have been proxyable in older versions.
-# This setting can be overridden as jvm param via -Djavax.enterprise.inject.allowProxying.classes=...
-# or an environment key with the name JAVAX_ENTERPRISE_INJECT_ALLOWPROXYING_CLASSES=...
-javax.enterprise.inject.allowProxying.classes=\
- java.util.HashMap, \
- java.util.Calendar
-################################################################################################
-
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 18398b8..c209d6e 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -68,6 +68,16 @@
</add>
</changelog>
</subsection>
+ <subsection name="Other">
+ <changelog>
+ <fix>
+ Improve OWB module based using custom shade appender. (remm)
+ </fix>
+ <fix>
+ Add security filter in OWB module in addition to the valve for more flexibility. (remm)
+ </fix>
+ </changelog>
+ </subsection>
</section>
<section name="Tomcat 9.0.28 (markt)" rtext="release in progress">
<subsection name="Catalina">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org