You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by jl...@apache.org on 2018/12/10 14:47:26 UTC
[23/38] tomee git commit: WIP
WIP
Project: http://git-wip-us.apache.org/repos/asf/tomee/repo
Commit: http://git-wip-us.apache.org/repos/asf/tomee/commit/33c4a484
Tree: http://git-wip-us.apache.org/repos/asf/tomee/tree/33c4a484
Diff: http://git-wip-us.apache.org/repos/asf/tomee/diff/33c4a484
Branch: refs/heads/master
Commit: 33c4a484c263e330d65a6aa7b118805765d93d7e
Parents: deb17d9
Author: Jonathan Gallimore <jo...@jrg.me.uk>
Authored: Wed Oct 24 12:13:20 2018 +0200
Committer: Roberto Cortez <ra...@yahoo.com>
Committed: Fri Dec 7 18:11:19 2018 +0000
----------------------------------------------------------------------
.../tomee/microprofile/jwt/MPJWTFilter.java | 30 +++++++++++++++-----
1 file changed, 23 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/tomee/blob/33c4a484/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/MPJWTFilter.java
----------------------------------------------------------------------
diff --git a/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/MPJWTFilter.java b/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/MPJWTFilter.java
index a26bca6..3c49e5e 100644
--- a/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/MPJWTFilter.java
+++ b/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/MPJWTFilter.java
@@ -55,11 +55,16 @@ import java.util.stream.Collectors;
// async is supported because we only need to do work on the way in
@WebFilter(asyncSupported = true, urlPatterns = "/*")
public class MPJWTFilter implements Filter {
+
+ private TomcatSecurityService tomcatSecurityService = null;
+
@Override
public void init(final FilterConfig filterConfig) throws ServletException {
- // nothing so far
}
+
+
+
@Override
public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) throws IOException, ServletException {
final Optional<JWTAuthContextInfo> authContextInfo = getAuthContextInfo();
@@ -74,16 +79,11 @@ public class MPJWTFilter implements Filter {
try {
- final org.apache.catalina.connector.Request req = OpenEJBSecurityListener.requests.get();
+
final MPJWTServletRequestWrapper wrappedRequest = new MPJWTServletRequestWrapper(httpServletRequest, authContextInfo.get());
Object state = null;
- final SecurityService securityService = SystemInstance.get().getComponent(SecurityService.class);
- if (TomcatSecurityService.class.isInstance(securityService)) {
- final TomcatSecurityService tomcatSecurityService = TomcatSecurityService.class.cast(securityService);
- state = tomcatSecurityService.enterWebApp(req.getWrapper().getRealm(), wrappedRequest.getUserPrincipal(), req.getWrapper().getRunAs());
- }
chain.doFilter(wrappedRequest, response);
@@ -135,6 +135,8 @@ public class MPJWTFilter implements Filter {
@Override
public JsonWebToken apply(final HttpServletRequest request) {
+
+
// not sure it's worth having synchronization inside a single request
// worth case, we would parse and validate the token twice
if (jsonWebToken != null) {
@@ -159,6 +161,20 @@ public class MPJWTFilter implements Filter {
}
// TODO - do the login here, save the state to the request so we can recover it later.
+
+ final SecurityService securityService = SystemInstance.get().getComponent(SecurityService.class);
+ if (TomcatSecurityService.class.isInstance(securityService)) {
+ TomcatSecurityService tomcatSecurityService = TomcatSecurityService.class.cast(securityService);
+ final org.apache.catalina.connector.Request req = OpenEJBSecurityListener.requests.get();
+ Object state = tomcatSecurityService.enterWebApp(req.getWrapper().getRealm(), jsonWebToken, req.getWrapper().getRunAs());
+
+ request.setAttribute();
+ }
+
+
+
+
+
// TODO Also check if it is an async request and add a listener to close off the state
return jsonWebToken;