You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by ra...@apache.org on 2019/01/09 17:26:03 UTC

[tomee] 15/48: TOMEE-2365 - Additional bean to map Servlets to their Authentication Mechanisms.

This is an automated email from the ASF dual-hosted git repository.

radcortez pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomee.git

commit c57e6dd39b557c8a5d8af46fc35ebdb309170ede
Author: Roberto Cortez <ra...@yahoo.com>
AuthorDate: Mon Dec 24 18:19:54 2018 +0000

    TOMEE-2365 - Additional bean to map Servlets to their Authentication Mechanisms.
---
 .../tomee/security/cdi/TomEESecurityExtension.java | 30 ++++++++++++-
 ...curityServletAuthenticationMechanismMapper.java | 52 ++++++++++++++++++++++
 2 files changed, 80 insertions(+), 2 deletions(-)

diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityExtension.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityExtension.java
index 2f7bf04..3470bd2 100644
--- a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityExtension.java
+++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityExtension.java
@@ -16,12 +16,19 @@
  */
 package org.apache.tomee.security.cdi;
 
+import org.apache.tomee.security.identitystore.TomEEDefaultIdentityStore;
+import org.apache.tomee.security.identitystore.TomEEIdentityStoreHandler;
+
 import javax.enterprise.context.ApplicationScoped;
+import javax.enterprise.context.spi.CreationalContext;
 import javax.enterprise.event.Observes;
 import javax.enterprise.inject.Any;
 import javax.enterprise.inject.Default;
 import javax.enterprise.inject.spi.AfterBeanDiscovery;
 import javax.enterprise.inject.spi.AnnotatedType;
+import javax.enterprise.inject.spi.BeanAttributes;
+import javax.enterprise.inject.spi.BeanManager;
+import javax.enterprise.inject.spi.BeforeBeanDiscovery;
 import javax.enterprise.inject.spi.Extension;
 import javax.enterprise.inject.spi.ProcessAnnotatedType;
 import javax.security.enterprise.authentication.mechanism.http.BasicAuthenticationMechanismDefinition;
@@ -39,7 +46,18 @@ public class TomEESecurityExtension implements Extension {
         }
     }
 
-    void registerAuthenticationMechanism(@Observes final AfterBeanDiscovery afterBeanDiscovery) {
+    void observeBeforeBeanDiscovery(@Observes final BeforeBeanDiscovery beforeBeanDiscovery,
+                                    final BeanManager beanManager) {
+        if (basicAuthentication.isEmpty()) {
+            beforeBeanDiscovery.addAnnotatedType(
+                    beanManager.createAnnotatedType(TomEESecurityServletAuthenticationMechanismMapper.class));
+            beforeBeanDiscovery.addAnnotatedType(beanManager.createAnnotatedType(TomEEDefaultIdentityStore.class));
+            beforeBeanDiscovery.addAnnotatedType(beanManager.createAnnotatedType(TomEEIdentityStoreHandler.class));
+        }
+    }
+
+    void registerAuthenticationMechanism(@Observes final AfterBeanDiscovery afterBeanDiscovery,
+                                         final BeanManager beanManager) {
         if (!basicAuthentication.isEmpty()) {
             afterBeanDiscovery.addBean()
                .id(BasicAuthenticationMechanism.class.getName())
@@ -47,7 +65,15 @@ public class TomEESecurityExtension implements Extension {
                .types(Object.class, HttpAuthenticationMechanism.class, BasicAuthenticationMechanism.class)
                .qualifiers(Default.Literal.INSTANCE, Any.Literal.INSTANCE)
                .scope(ApplicationScoped.class)
-               .createWith(creationalContext -> new BasicAuthenticationMechanism());
+               .createWith((CreationalContext<BasicAuthenticationMechanism> creationalContext) -> {
+                   AnnotatedType<BasicAuthenticationMechanism> annotatedType =
+                           beanManager.createAnnotatedType(BasicAuthenticationMechanism.class);
+                   BeanAttributes<BasicAuthenticationMechanism> beanAttributes =
+                           beanManager.createBeanAttributes(annotatedType);
+                   return beanManager.createBean(beanAttributes, BasicAuthenticationMechanism.class,
+                                                 beanManager.getInjectionTargetFactory(annotatedType))
+                                     .create(creationalContext);
+               });
         }
     }
 }
diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityServletAuthenticationMechanismMapper.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityServletAuthenticationMechanismMapper.java
new file mode 100644
index 0000000..bbad8ef
--- /dev/null
+++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityServletAuthenticationMechanismMapper.java
@@ -0,0 +1,52 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.security.cdi;
+
+import javax.enterprise.context.ApplicationScoped;
+import javax.enterprise.context.Initialized;
+import javax.enterprise.event.Observes;
+import javax.enterprise.inject.spi.CDI;
+import javax.security.enterprise.authentication.mechanism.http.BasicAuthenticationMechanismDefinition;
+import javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletRegistration;
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+
+@ApplicationScoped
+public class TomEESecurityServletAuthenticationMechanismMapper {
+    private final Map<String, HttpAuthenticationMechanism> servletAuthenticationMapper = new ConcurrentHashMap<>();
+
+    public void init(@Observes @Initialized(ApplicationScoped.class) final ServletContext context) {
+        final Map<String, ? extends ServletRegistration> servletRegistrations = context.getServletRegistrations();
+        servletRegistrations.forEach((servletName, servletRegistration) -> {
+            try {
+                final Class<?> servletClass = Thread.currentThread().getContextClassLoader().loadClass(servletName);
+                if (servletClass.isAnnotationPresent(BasicAuthenticationMechanismDefinition.class)) {
+                    servletAuthenticationMapper.put(servletName,
+                                                    CDI.current().select(BasicAuthenticationMechanism.class).get());
+                }
+            } catch (final ClassNotFoundException e) {
+                // Ignore
+            }
+        });
+    }
+
+    public HttpAuthenticationMechanism getCurrentAuthenticationMechanism(final String servletName) {
+        return servletAuthenticationMapper.get(servletName);
+    }
+}