You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by ra...@apache.org on 2019/01/09 17:25:52 UTC
[tomee] 04/48: TOMEE-2365 - Initial implementation classes with
ServerAuthModule to support Security spec Authentication Mechanisms.
This is an automated email from the ASF dual-hosted git repository.
radcortez pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomee.git
commit a3e8dce0abc9e567852279b1a14a431dbf008cd9
Author: Roberto Cortez <ra...@yahoo.com>
AuthorDate: Fri Dec 14 23:32:29 2018 +0000
TOMEE-2365 - Initial implementation classes with ServerAuthModule to support Security spec Authentication Mechanisms.
---
.../provider/TomEESecurityAuthConfigProvider.java | 44 ++++++++++++++++
.../provider/TomEESecurityServerAuthConfig.java | 58 ++++++++++++++++++++++
.../provider/TomEESecurityServerAuthContext.java | 51 +++++++++++++++++++
.../provider/TomEESecurityServerAuthModule.java | 57 +++++++++++++++++++++
.../TomEESecurityServletContainerInitializer.java | 34 +++++++++++++
.../javax.servlet.ServletContainerInitializer | 17 +++++++
.../tomee/security/servlet/SimpleServletTest.java | 4 +-
7 files changed, 264 insertions(+), 1 deletion(-)
diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/provider/TomEESecurityAuthConfigProvider.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/provider/TomEESecurityAuthConfigProvider.java
new file mode 100644
index 0000000..6654089
--- /dev/null
+++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/provider/TomEESecurityAuthConfigProvider.java
@@ -0,0 +1,44 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.security.provider;
+
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.config.AuthConfigProvider;
+import javax.security.auth.message.config.ClientAuthConfig;
+import javax.security.auth.message.config.ServerAuthConfig;
+
+public class TomEESecurityAuthConfigProvider implements AuthConfigProvider {
+ @Override
+ public ClientAuthConfig getClientAuthConfig(final String layer, final String appContext,
+ final CallbackHandler handler)
+ throws AuthException, SecurityException {
+ return null;
+ }
+
+ @Override
+ public ServerAuthConfig getServerAuthConfig(final String layer, final String appContext,
+ final CallbackHandler handler)
+ throws AuthException, SecurityException {
+ return new TomEESecurityServerAuthConfig();
+ }
+
+ @Override
+ public void refresh() {
+
+ }
+}
diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/provider/TomEESecurityServerAuthConfig.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/provider/TomEESecurityServerAuthConfig.java
new file mode 100644
index 0000000..bee97ce
--- /dev/null
+++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/provider/TomEESecurityServerAuthConfig.java
@@ -0,0 +1,58 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.security.provider;
+
+import javax.security.auth.Subject;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.MessageInfo;
+import javax.security.auth.message.config.ServerAuthConfig;
+import javax.security.auth.message.config.ServerAuthContext;
+import java.util.Map;
+
+public class TomEESecurityServerAuthConfig implements ServerAuthConfig {
+ @Override
+ public ServerAuthContext getAuthContext(final String authContextID, final Subject serviceSubject,
+ final Map properties)
+ throws AuthException {
+ return new TomEESecurityServerAuthContext();
+ }
+
+ @Override
+ public String getAppContext() {
+ return null;
+ }
+
+ @Override
+ public String getAuthContextID(final MessageInfo messageInfo) throws IllegalArgumentException {
+ return null;
+ }
+
+ @Override
+ public String getMessageLayer() {
+ return null;
+ }
+
+ @Override
+ public boolean isProtected() {
+ return false;
+ }
+
+ @Override
+ public void refresh() {
+
+ }
+}
diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/provider/TomEESecurityServerAuthContext.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/provider/TomEESecurityServerAuthContext.java
new file mode 100644
index 0000000..6161a9b
--- /dev/null
+++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/provider/TomEESecurityServerAuthContext.java
@@ -0,0 +1,51 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.security.provider;
+
+import javax.security.auth.Subject;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.AuthStatus;
+import javax.security.auth.message.MessageInfo;
+import javax.security.auth.message.config.ServerAuthContext;
+
+public class TomEESecurityServerAuthContext implements ServerAuthContext {
+ private TomEESecurityServerAuthModule serverAuthModule;
+
+ public TomEESecurityServerAuthContext() throws AuthException {
+ this.serverAuthModule = new TomEESecurityServerAuthModule();
+ this.serverAuthModule.initialize(null, null, null, null);
+ }
+
+ @Override
+ public void cleanSubject(final MessageInfo messageInfo, final Subject subject)
+ throws AuthException {
+ serverAuthModule.cleanSubject(messageInfo, subject);
+ }
+
+ @Override
+ public AuthStatus secureResponse(final MessageInfo messageInfo, final Subject serviceSubject)
+ throws AuthException {
+ return serverAuthModule.secureResponse(messageInfo, serviceSubject);
+ }
+
+ @Override
+ public AuthStatus validateRequest(final MessageInfo messageInfo, final Subject clientSubject,
+ final Subject serviceSubject)
+ throws AuthException {
+ return serverAuthModule.validateRequest(messageInfo, clientSubject, serviceSubject);
+ }
+}
diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/provider/TomEESecurityServerAuthModule.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/provider/TomEESecurityServerAuthModule.java
new file mode 100644
index 0000000..03418b4
--- /dev/null
+++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/provider/TomEESecurityServerAuthModule.java
@@ -0,0 +1,57 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.security.provider;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.AuthStatus;
+import javax.security.auth.message.MessageInfo;
+import javax.security.auth.message.MessagePolicy;
+import javax.security.auth.message.module.ServerAuthModule;
+import java.util.Map;
+
+public class TomEESecurityServerAuthModule implements ServerAuthModule {
+ @Override
+ public Class[] getSupportedMessageTypes() {
+ return new Class[0];
+ }
+
+ @Override
+ public void initialize(final MessagePolicy requestPolicy, final MessagePolicy responsePolicy,
+ final CallbackHandler handler,
+ final Map options) throws AuthException {
+
+ }
+
+ @Override
+ public void cleanSubject(final MessageInfo messageInfo, final Subject subject) throws AuthException {
+
+ }
+
+ @Override
+ public AuthStatus secureResponse(final MessageInfo messageInfo, final Subject serviceSubject) throws AuthException {
+ return AuthStatus.SUCCESS;
+ }
+
+ @Override
+ public AuthStatus validateRequest(final MessageInfo messageInfo, final Subject clientSubject,
+ final Subject serviceSubject)
+ throws AuthException {
+ return AuthStatus.SUCCESS;
+ }
+}
diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/servlet/TomEESecurityServletContainerInitializer.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/servlet/TomEESecurityServletContainerInitializer.java
new file mode 100644
index 0000000..fd49140
--- /dev/null
+++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/servlet/TomEESecurityServletContainerInitializer.java
@@ -0,0 +1,34 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.security.servlet;
+
+import org.apache.tomee.security.provider.TomEESecurityAuthConfigProvider;
+
+import javax.security.auth.message.config.AuthConfigFactory;
+import javax.servlet.ServletContainerInitializer;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
+import java.util.Set;
+
+public class TomEESecurityServletContainerInitializer implements ServletContainerInitializer {
+ @Override
+ public void onStartup(final Set<Class<?>> c, final ServletContext ctx) throws ServletException {
+ AuthConfigFactory.getFactory()
+ .registerConfigProvider(new TomEESecurityAuthConfigProvider(), null, null,
+ "TomEE Security JSR-375");
+ }
+}
diff --git a/tomee/tomee-security/src/main/resources/META-INF/services/javax.servlet.ServletContainerInitializer b/tomee/tomee-security/src/main/resources/META-INF/services/javax.servlet.ServletContainerInitializer
new file mode 100644
index 0000000..b70f313
--- /dev/null
+++ b/tomee/tomee-security/src/main/resources/META-INF/services/javax.servlet.ServletContainerInitializer
@@ -0,0 +1,17 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+org.apache.tomee.security.servlet.TomEESecurityServletContainerInitializer
diff --git a/tomee/tomee-security/src/test/java/org/apache/tomee/security/servlet/SimpleServletTest.java b/tomee/tomee-security/src/test/java/org/apache/tomee/security/servlet/SimpleServletTest.java
index a9eabcb..e645971 100644
--- a/tomee/tomee-security/src/test/java/org/apache/tomee/security/servlet/SimpleServletTest.java
+++ b/tomee/tomee-security/src/test/java/org/apache/tomee/security/servlet/SimpleServletTest.java
@@ -41,7 +41,9 @@ public class SimpleServletTest {
.http(NetworkUtil.getNextAvailablePort())
.property("openejb.container.additional.exclude", "org.apache.tomee.security.")
.property("openejb.additional.include", "tomee-"))
- .deployPathsAsWebapp(JarLocation.jarLocation(SimpleServletTest.class))) {
+ .deployPathsAsWebapp(
+ JarLocation.jarLocation(SimpleServletTest.class),
+ JarLocation.jarLocation(TomEESecurityServletContainerInitializer.class))) {
assertEquals("ok!", IO.slurp(
new URL("http://localhost:" + container.getConfiguration().getHttpPort() + "/servlet")));