You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by jl...@apache.org on 2018/12/10 14:47:24 UTC
[21/38] tomee git commit: WIP
WIP
Project: http://git-wip-us.apache.org/repos/asf/tomee/repo
Commit: http://git-wip-us.apache.org/repos/asf/tomee/commit/1f1b6b34
Tree: http://git-wip-us.apache.org/repos/asf/tomee/tree/1f1b6b34
Diff: http://git-wip-us.apache.org/repos/asf/tomee/diff/1f1b6b34
Branch: refs/heads/master
Commit: 1f1b6b3475c913bae66c4ac0edbd69afceea3af6
Parents: 33c4a48
Author: Jonathan Gallimore <jo...@jrg.me.uk>
Authored: Thu Oct 25 22:34:17 2018 +0200
Committer: Roberto Cortez <ra...@yahoo.com>
Committed: Fri Dec 7 18:11:19 2018 +0000
----------------------------------------------------------------------
.../tomee/microprofile/jwt/MPJWTFilter.java | 28 ++++----------------
1 file changed, 5 insertions(+), 23 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/tomee/blob/1f1b6b34/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/MPJWTFilter.java
----------------------------------------------------------------------
diff --git a/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/MPJWTFilter.java b/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/MPJWTFilter.java
index 3c49e5e..b628bbd 100644
--- a/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/MPJWTFilter.java
+++ b/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/MPJWTFilter.java
@@ -53,18 +53,13 @@ import java.util.function.Function;
import java.util.stream.Collectors;
// async is supported because we only need to do work on the way in
-@WebFilter(asyncSupported = true, urlPatterns = "/*")
+//@WebFilter(asyncSupported = true, urlPatterns = "/*")
public class MPJWTFilter implements Filter {
- private TomcatSecurityService tomcatSecurityService = null;
-
@Override
public void init(final FilterConfig filterConfig) throws ServletException {
}
-
-
-
@Override
public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) throws IOException, ServletException {
final Optional<JWTAuthContextInfo> authContextInfo = getAuthContextInfo();
@@ -77,22 +72,15 @@ public class MPJWTFilter implements Filter {
// now wrap the httpServletRequest and override the principal so CXF can propagate into the SecurityContext
try {
-
-
-
final MPJWTServletRequestWrapper wrappedRequest = new MPJWTServletRequestWrapper(httpServletRequest, authContextInfo.get());
-
- Object state = null;
-
-
chain.doFilter(wrappedRequest, response);
- if (TomcatSecurityService.class.isInstance(securityService)) {
+ Object state = request.getAttribute("MP_JWT_PRE_LOGIN_STATE");
+ final SecurityService securityService = SystemInstance.get().getComponent(SecurityService.class);
+ if (TomcatSecurityService.class.isInstance(securityService) && state != null) {
final TomcatSecurityService tomcatSecurityService = TomcatSecurityService.class.cast(securityService);
tomcatSecurityService.exitWebApp(state);
}
-
-
} catch (final Exception e) {
// this is an alternative to the @Provider bellow which requires registration on the fly
// or users to add it into their webapp for scanning or into the Application itself
@@ -135,8 +123,6 @@ public class MPJWTFilter implements Filter {
@Override
public JsonWebToken apply(final HttpServletRequest request) {
-
-
// not sure it's worth having synchronization inside a single request
// worth case, we would parse and validate the token twice
if (jsonWebToken != null) {
@@ -168,13 +154,9 @@ public class MPJWTFilter implements Filter {
final org.apache.catalina.connector.Request req = OpenEJBSecurityListener.requests.get();
Object state = tomcatSecurityService.enterWebApp(req.getWrapper().getRealm(), jsonWebToken, req.getWrapper().getRunAs());
- request.setAttribute();
+ request.setAttribute("MP_JWT_PRE_LOGIN_STATE", state);
}
-
-
-
-
// TODO Also check if it is an async request and add a listener to close off the state
return jsonWebToken;