You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by ra...@apache.org on 2019/01/09 17:26:03 UTC
[tomee] 15/48: TOMEE-2365 - Additional bean to map Servlets to
their Authentication Mechanisms.
This is an automated email from the ASF dual-hosted git repository.
radcortez pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomee.git
commit c57e6dd39b557c8a5d8af46fc35ebdb309170ede
Author: Roberto Cortez <ra...@yahoo.com>
AuthorDate: Mon Dec 24 18:19:54 2018 +0000
TOMEE-2365 - Additional bean to map Servlets to their Authentication Mechanisms.
---
.../tomee/security/cdi/TomEESecurityExtension.java | 30 ++++++++++++-
...curityServletAuthenticationMechanismMapper.java | 52 ++++++++++++++++++++++
2 files changed, 80 insertions(+), 2 deletions(-)
diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityExtension.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityExtension.java
index 2f7bf04..3470bd2 100644
--- a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityExtension.java
+++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityExtension.java
@@ -16,12 +16,19 @@
*/
package org.apache.tomee.security.cdi;
+import org.apache.tomee.security.identitystore.TomEEDefaultIdentityStore;
+import org.apache.tomee.security.identitystore.TomEEIdentityStoreHandler;
+
import javax.enterprise.context.ApplicationScoped;
+import javax.enterprise.context.spi.CreationalContext;
import javax.enterprise.event.Observes;
import javax.enterprise.inject.Any;
import javax.enterprise.inject.Default;
import javax.enterprise.inject.spi.AfterBeanDiscovery;
import javax.enterprise.inject.spi.AnnotatedType;
+import javax.enterprise.inject.spi.BeanAttributes;
+import javax.enterprise.inject.spi.BeanManager;
+import javax.enterprise.inject.spi.BeforeBeanDiscovery;
import javax.enterprise.inject.spi.Extension;
import javax.enterprise.inject.spi.ProcessAnnotatedType;
import javax.security.enterprise.authentication.mechanism.http.BasicAuthenticationMechanismDefinition;
@@ -39,7 +46,18 @@ public class TomEESecurityExtension implements Extension {
}
}
- void registerAuthenticationMechanism(@Observes final AfterBeanDiscovery afterBeanDiscovery) {
+ void observeBeforeBeanDiscovery(@Observes final BeforeBeanDiscovery beforeBeanDiscovery,
+ final BeanManager beanManager) {
+ if (basicAuthentication.isEmpty()) {
+ beforeBeanDiscovery.addAnnotatedType(
+ beanManager.createAnnotatedType(TomEESecurityServletAuthenticationMechanismMapper.class));
+ beforeBeanDiscovery.addAnnotatedType(beanManager.createAnnotatedType(TomEEDefaultIdentityStore.class));
+ beforeBeanDiscovery.addAnnotatedType(beanManager.createAnnotatedType(TomEEIdentityStoreHandler.class));
+ }
+ }
+
+ void registerAuthenticationMechanism(@Observes final AfterBeanDiscovery afterBeanDiscovery,
+ final BeanManager beanManager) {
if (!basicAuthentication.isEmpty()) {
afterBeanDiscovery.addBean()
.id(BasicAuthenticationMechanism.class.getName())
@@ -47,7 +65,15 @@ public class TomEESecurityExtension implements Extension {
.types(Object.class, HttpAuthenticationMechanism.class, BasicAuthenticationMechanism.class)
.qualifiers(Default.Literal.INSTANCE, Any.Literal.INSTANCE)
.scope(ApplicationScoped.class)
- .createWith(creationalContext -> new BasicAuthenticationMechanism());
+ .createWith((CreationalContext<BasicAuthenticationMechanism> creationalContext) -> {
+ AnnotatedType<BasicAuthenticationMechanism> annotatedType =
+ beanManager.createAnnotatedType(BasicAuthenticationMechanism.class);
+ BeanAttributes<BasicAuthenticationMechanism> beanAttributes =
+ beanManager.createBeanAttributes(annotatedType);
+ return beanManager.createBean(beanAttributes, BasicAuthenticationMechanism.class,
+ beanManager.getInjectionTargetFactory(annotatedType))
+ .create(creationalContext);
+ });
}
}
}
diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityServletAuthenticationMechanismMapper.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityServletAuthenticationMechanismMapper.java
new file mode 100644
index 0000000..bbad8ef
--- /dev/null
+++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityServletAuthenticationMechanismMapper.java
@@ -0,0 +1,52 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.security.cdi;
+
+import javax.enterprise.context.ApplicationScoped;
+import javax.enterprise.context.Initialized;
+import javax.enterprise.event.Observes;
+import javax.enterprise.inject.spi.CDI;
+import javax.security.enterprise.authentication.mechanism.http.BasicAuthenticationMechanismDefinition;
+import javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletRegistration;
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+
+@ApplicationScoped
+public class TomEESecurityServletAuthenticationMechanismMapper {
+ private final Map<String, HttpAuthenticationMechanism> servletAuthenticationMapper = new ConcurrentHashMap<>();
+
+ public void init(@Observes @Initialized(ApplicationScoped.class) final ServletContext context) {
+ final Map<String, ? extends ServletRegistration> servletRegistrations = context.getServletRegistrations();
+ servletRegistrations.forEach((servletName, servletRegistration) -> {
+ try {
+ final Class<?> servletClass = Thread.currentThread().getContextClassLoader().loadClass(servletName);
+ if (servletClass.isAnnotationPresent(BasicAuthenticationMechanismDefinition.class)) {
+ servletAuthenticationMapper.put(servletName,
+ CDI.current().select(BasicAuthenticationMechanism.class).get());
+ }
+ } catch (final ClassNotFoundException e) {
+ // Ignore
+ }
+ });
+ }
+
+ public HttpAuthenticationMechanism getCurrentAuthenticationMechanism(final String servletName) {
+ return servletAuthenticationMapper.get(servletName);
+ }
+}