You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openwebbeans.apache.org by rm...@apache.org on 2018/11/06 13:12:38 UTC
svn commit: r1845912 - in /openwebbeans/trunk:
webbeans-spi/src/main/java/org/apache/webbeans/spi/SecurityService.java
webbeans-tomcat7/src/main/java/org/apache/webbeans/web/tomcat7/TomcatSecurityService.java
Author: rmannibucau
Date: Tue Nov 6 13:12:38 2018
New Revision: 1845912
URL: http://svn.apache.org/viewvc?rev=1845912&view=rev
Log:
OWB-1269 ensure TomcatSecurityService principal is contextual
Modified:
openwebbeans/trunk/webbeans-spi/src/main/java/org/apache/webbeans/spi/SecurityService.java
openwebbeans/trunk/webbeans-tomcat7/src/main/java/org/apache/webbeans/web/tomcat7/TomcatSecurityService.java
Modified: openwebbeans/trunk/webbeans-spi/src/main/java/org/apache/webbeans/spi/SecurityService.java
URL: http://svn.apache.org/viewvc/openwebbeans/trunk/webbeans-spi/src/main/java/org/apache/webbeans/spi/SecurityService.java?rev=1845912&r1=1845911&r2=1845912&view=diff
==============================================================================
--- openwebbeans/trunk/webbeans-spi/src/main/java/org/apache/webbeans/spi/SecurityService.java (original)
+++ openwebbeans/trunk/webbeans-spi/src/main/java/org/apache/webbeans/spi/SecurityService.java Tue Nov 6 13:12:38 2018
@@ -42,7 +42,9 @@ import java.util.Properties;
public interface SecurityService
{
/**
- * Gets the current caller identity.
+ * Gets the current caller identity. Note that it must be a contextual (proxy) instance
+ * to respect the scope of the enclosing bean.
+ *
* @return current caller identity or <code>null</code> if none provided.
*/
Principal getCurrentPrincipal();
Modified: openwebbeans/trunk/webbeans-tomcat7/src/main/java/org/apache/webbeans/web/tomcat7/TomcatSecurityService.java
URL: http://svn.apache.org/viewvc/openwebbeans/trunk/webbeans-tomcat7/src/main/java/org/apache/webbeans/web/tomcat7/TomcatSecurityService.java?rev=1845912&r1=1845911&r2=1845912&view=diff
==============================================================================
--- openwebbeans/trunk/webbeans-tomcat7/src/main/java/org/apache/webbeans/web/tomcat7/TomcatSecurityService.java (original)
+++ openwebbeans/trunk/webbeans-tomcat7/src/main/java/org/apache/webbeans/web/tomcat7/TomcatSecurityService.java Tue Nov 6 13:12:38 2018
@@ -18,6 +18,8 @@
*/
package org.apache.webbeans.web.tomcat7;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Proxy;
import java.security.Principal;
import org.apache.webbeans.corespi.security.SimpleSecurityService;
@@ -25,10 +27,37 @@ import org.apache.webbeans.corespi.secur
public class TomcatSecurityService extends SimpleSecurityService
{
+ private final Principal proxy = Principal.class.cast(Proxy.newProxyInstance(
+ TomcatSecurityService.class.getClassLoader(),
+ new Class<?>[]{Principal.class, Unwrap.class}, (proxy, method, args) ->
+ {
+ try
+ {
+ final Principal principal = TomcatSecurityFilter.getPrincipal();
+ if (principal == null)
+ {
+ return null;
+ }
+ if (Unwrap.class == method.getDeclaringClass())
+ {
+ return principal;
+ }
+ return method.invoke(principal, args);
+ }
+ catch (final InvocationTargetException ite)
+ {
+ throw ite.getTargetException();
+ }
+ }));
+
@Override
public Principal getCurrentPrincipal()
{
- return TomcatSecurityFilter.getPrincipal();
+ return proxy;
}
+ public interface Unwrap
+ {
+ Principal get();
+ }
}