You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by jl...@apache.org on 2015/01/08 15:27:31 UTC
[1/2] tomee git commit: TOMEE-1487 implement an CDI event based realm
Repository: tomee
Updated Branches:
refs/heads/develop a7006405b -> 82d7cd49b
TOMEE-1487 implement an CDI event based realm
Project: http://git-wip-us.apache.org/repos/asf/tomee/repo
Commit: http://git-wip-us.apache.org/repos/asf/tomee/commit/82d7cd49
Tree: http://git-wip-us.apache.org/repos/asf/tomee/tree/82d7cd49
Diff: http://git-wip-us.apache.org/repos/asf/tomee/diff/82d7cd49
Branch: refs/heads/develop
Commit: 82d7cd49b13b61ef0d9f6381144f9564d0887974
Parents: 4b4447a
Author: Jean-Louis Monteiro <je...@gmail.com>
Authored: Thu Jan 8 14:56:45 2015 +0100
Committer: Jean-Louis Monteiro <je...@gmail.com>
Committed: Thu Jan 8 14:57:00 2015 +0100
----------------------------------------------------------------------
.../tests/realm/CdiEventRealmIntegTest.java | 7 +-
.../tests/realm/CdiEventRealmTest.java | 50 ++--------
.../rest-jaas/src/main/webapp/WEB-INF/web.xml | 3 +
.../tomee/catalina/realm/CdiEventRealm.java | 100 ++++++-------------
.../event/FindSecurityConstraintsEvent.java | 40 +++++---
.../realm/event/HasResourcePermissionEvent.java | 63 ------------
.../catalina/realm/event/HasRoleEvent.java | 55 ----------
.../realm/event/HasUserDataPermissionEvent.java | 55 ----------
8 files changed, 70 insertions(+), 303 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/tomee/blob/82d7cd49/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/realm/CdiEventRealmIntegTest.java
----------------------------------------------------------------------
diff --git a/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/realm/CdiEventRealmIntegTest.java b/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/realm/CdiEventRealmIntegTest.java
index d8c1b06..e4dd363 100644
--- a/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/realm/CdiEventRealmIntegTest.java
+++ b/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/realm/CdiEventRealmIntegTest.java
@@ -55,7 +55,7 @@ public class CdiEventRealmIntegTest
return ShrinkWrap.create(WebArchive.class, "realm-test.war")
.addClasses(MultiAuthenticator.class, MyService.class)
.addAsWebResource(EmptyAsset.INSTANCE, "beans.xml")
- .addAsManifestResource(new StringAsset("<Context preemptive=\"true\" antiJARLocking=\"true\">\n" +
+ .addAsManifestResource(new StringAsset("<Context preemptiveAuthentication=\"true\" antiJARLocking=\"true\">\n" +
"<Valve className=\"" + BasicAuthenticator.class.getName() + "\" />\n" +
"<Realm className=\"" + CdiEventRealm.class.getName() + "\" />\n" +
"</Context>"), "context.xml");
@@ -98,7 +98,7 @@ public class CdiEventRealmIntegTest
@GET
@RolesAllowed("admin")
public String hello() {
- return authenticator.stacked ? "ok" : "ko";
+ return authenticator.isStacked() ? "ok" : "ko";
}
}
@@ -107,8 +107,7 @@ public class CdiEventRealmIntegTest
private boolean stacked = false;
public void authenticate(@Observes final UserPasswordAuthenticationEvent event) {
- System.err.println(">> enter > " + event.getUsername());
- assertEquals("secret", event.getCredential());
+ if (!"secret".equals(event.getCredential())) return; // not authenticated
event.setPrincipal(new GenericPrincipal(event.getUsername(), "", Arrays.asList(event.getUsername())));
}
http://git-wip-us.apache.org/repos/asf/tomee/blob/82d7cd49/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/realm/CdiEventRealmTest.java
----------------------------------------------------------------------
diff --git a/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/realm/CdiEventRealmTest.java b/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/realm/CdiEventRealmTest.java
index c9e1b9e..8c7aae6 100644
--- a/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/realm/CdiEventRealmTest.java
+++ b/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/realm/CdiEventRealmTest.java
@@ -17,22 +17,18 @@
package org.apache.openejb.arquillian.tests.realm;
import org.apache.catalina.Context;
-import org.apache.catalina.Wrapper;
import org.apache.catalina.connector.Request;
-import org.apache.catalina.connector.Response;
import org.apache.catalina.realm.GenericPrincipal;
import org.apache.openejb.jee.WebApp;
import org.apache.openejb.junit.ApplicationComposer;
import org.apache.openejb.testing.Classes;
import org.apache.openejb.testing.Module;
+import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.apache.tomee.catalina.realm.CdiEventRealm;
import org.apache.tomee.catalina.realm.event.DigestAuthenticationEvent;
import org.apache.tomee.catalina.realm.event.FindSecurityConstraintsEvent;
import org.apache.tomee.catalina.realm.event.GssAuthenticationEvent;
-import org.apache.tomee.catalina.realm.event.HasResourcePermissionEvent;
-import org.apache.tomee.catalina.realm.event.HasRoleEvent;
-import org.apache.tomee.catalina.realm.event.HasUserDataPermissionEvent;
import org.apache.tomee.catalina.realm.event.SslAuthenticationEvent;
import org.apache.tomee.catalina.realm.event.UserPasswordAuthenticationEvent;
import org.ietf.jgss.GSSContext;
@@ -40,13 +36,11 @@ import org.junit.Test;
import org.junit.runner.RunWith;
import javax.enterprise.event.Observes;
-import java.io.IOException;
import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
-import java.util.concurrent.atomic.AtomicInteger;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
@@ -111,18 +105,12 @@ public class CdiEventRealmTest {
public void find() {
final SecurityConstraint[] securityConstraints = new CdiEventRealm().findSecurityConstraints(mock(Request.class), mock(Context.class));
assertEquals(1, securityConstraints.length);
- assertEquals("awesome", securityConstraints[0].getDisplayName());
- }
-
- @Test
- public void has() throws IOException {
- new CdiEventRealm().hasResourcePermission(mock(Request.class), mock(Response.class), new SecurityConstraint[0], mock(Context.class));
- new CdiEventRealm().hasRole(mock(Wrapper.class), mock(Principal.class), "admin");
- new CdiEventRealm().hasUserDataPermission(mock(Request.class), mock(Response.class), new SecurityConstraint[0]);
-
- assertEquals(1, MultiAuthenticator.hasResourcePermission.get());
- assertEquals(1, MultiAuthenticator.hasRole.get());
- assertEquals(1, MultiAuthenticator.hasUserDataPermission.get());
+ final SecurityConstraint c = securityConstraints[0];
+ assertEquals("CONFIDENTIAL", c.getUserConstraint());
+ assertEquals(2, c.findAuthRoles().length);
+ assertEquals(1, c.findCollections().length);
+ SecurityCollection sc = c.findCollections()[0];
+ assertTrue(sc.findPattern("/*"));
}
private GenericPrincipal getGenericPrincipal(Principal principal) {
@@ -133,10 +121,6 @@ public class CdiEventRealmTest {
public static class MultiAuthenticator {
- public static final AtomicInteger hasRole = new AtomicInteger(0);
- public static final AtomicInteger hasResourcePermission = new AtomicInteger(0);
- public static final AtomicInteger hasUserDataPermission = new AtomicInteger(0);
-
public void authenticate(@Observes final UserPasswordAuthenticationEvent event) {
assertEquals("john", event.getUsername());
assertEquals("secret", event.getCredential());
@@ -166,24 +150,8 @@ public class CdiEventRealmTest {
}
public void findSecurityConstraints(@Observes FindSecurityConstraintsEvent event) {
- SecurityConstraint mock = mock(SecurityConstraint.class);
- when(mock.getDisplayName()).thenReturn("awesome");
- event.addSecurityConstraint(mock);
- }
-
- public void hasResourcePermission(@Observes HasResourcePermissionEvent event) throws IOException {
- hasResourcePermission.incrementAndGet();
- event.setHasResourcePermission(true);
- }
-
- public void hasRole(@Observes final HasRoleEvent event) {
- hasRole.incrementAndGet();
- event.setHasRole(true);
- }
-
- public void hasUserDataPermission(@Observes final HasUserDataPermissionEvent event) throws IOException {
- hasUserDataPermission.incrementAndGet();
- event.setHasUserDataPermission(true);
+ event.addRoles("admin", "user");
+ event.setUserConstraint("CONFIDENTIAL");
}
}
http://git-wip-us.apache.org/repos/asf/tomee/blob/82d7cd49/examples/rest-jaas/src/main/webapp/WEB-INF/web.xml
----------------------------------------------------------------------
diff --git a/examples/rest-jaas/src/main/webapp/WEB-INF/web.xml b/examples/rest-jaas/src/main/webapp/WEB-INF/web.xml
index 6e61ac2..1c6fb24 100644
--- a/examples/rest-jaas/src/main/webapp/WEB-INF/web.xml
+++ b/examples/rest-jaas/src/main/webapp/WEB-INF/web.xml
@@ -35,6 +35,9 @@
<role-name>*</role-name>
<!-- we'll use JAAS so don't filter too much here -->
</auth-constraint>
+ <user-data-constraint>
+ <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+ </user-data-constraint>
</security-constraint>
<security-role>
http://git-wip-us.apache.org/repos/asf/tomee/blob/82d7cd49/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/CdiEventRealm.java
----------------------------------------------------------------------
diff --git a/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/CdiEventRealm.java b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/CdiEventRealm.java
index 33d1c6b..ce5725f 100644
--- a/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/CdiEventRealm.java
+++ b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/CdiEventRealm.java
@@ -16,29 +16,20 @@
*/
package org.apache.tomee.catalina.realm;
-import org.apache.catalina.Container;
import org.apache.catalina.Context;
-import org.apache.catalina.CredentialHandler;
-import org.apache.catalina.Realm;
-import org.apache.catalina.Wrapper;
import org.apache.catalina.connector.Request;
-import org.apache.catalina.connector.Response;
+import org.apache.catalina.realm.RealmBase;
+import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.apache.tomee.catalina.realm.event.DigestAuthenticationEvent;
import org.apache.tomee.catalina.realm.event.FindSecurityConstraintsEvent;
import org.apache.tomee.catalina.realm.event.GssAuthenticationEvent;
-import org.apache.tomee.catalina.realm.event.HasResourcePermissionEvent;
-import org.apache.tomee.catalina.realm.event.HasRoleEvent;
-import org.apache.tomee.catalina.realm.event.HasUserDataPermissionEvent;
import org.apache.tomee.catalina.realm.event.SslAuthenticationEvent;
import org.apache.tomee.catalina.realm.event.UserPasswordAuthenticationEvent;
import org.apache.webbeans.config.WebBeansContext;
import org.ietf.jgss.GSSContext;
import javax.enterprise.inject.spi.BeanManager;
-import java.beans.PropertyChangeListener;
-import java.beans.PropertyChangeSupport;
-import java.io.IOException;
import java.security.Principal;
import java.security.cert.X509Certificate;
@@ -47,12 +38,7 @@ import java.security.cert.X509Certificate;
*
* There is one different event per credential types to make it easier to implement.
*/
-public class CdiEventRealm implements Realm {
-
- protected Container container = null;
- protected final PropertyChangeSupport support = new PropertyChangeSupport(this);
- private CredentialHandler credentialHandler;
-
+public class CdiEventRealm extends RealmBase {
@Override
public Principal authenticate(final String username, final String credentials) {
@@ -107,80 +93,52 @@ public class CdiEventRealm implements Realm {
@Override
public SecurityConstraint[] findSecurityConstraints(final Request request, final Context context) {
- if (beanManager() == null) {
- return null;
- }
-
- final FindSecurityConstraintsEvent event = new FindSecurityConstraintsEvent(request, context);
- beanManager().fireEvent(event);
- return event.getSecurityConstraints();
- }
+ final SecurityConstraint[] sc = super.findSecurityConstraints(request, context);
- @Override
- public boolean hasResourcePermission(final Request request, final Response response,
- final SecurityConstraint[] constraint,
- final Context context) throws IOException {
if (beanManager() == null) {
- return false;
+ return sc;
}
- final HasResourcePermissionEvent event = new HasResourcePermissionEvent(request, response, constraint, context);
+ final FindSecurityConstraintsEvent event = new FindSecurityConstraintsEvent(request.getRequest(), context.getPath());
beanManager().fireEvent(event);
- return event.isHasResourcePermission();
- }
- @Override
- public boolean hasRole(final Wrapper wrapper, final Principal principal, final String role) {
- if (beanManager() == null) {
- return false;
- }
+ if (!event.getRoles().isEmpty()) {
+ final SecurityConstraint s = new SecurityConstraint();
+ final SecurityCollection collection = new SecurityCollection();
- final HasRoleEvent event = new HasRoleEvent(wrapper, principal, role);
- beanManager().fireEvent(event);
- return event.isHasRole();
- }
+ collection.addPattern("/*"); // only for the current request
+ collection.addMethod(request.getMethod());
+ s.addCollection(collection);
- @Override
- public boolean hasUserDataPermission(final Request request, final Response response, final SecurityConstraint[] constraint) throws IOException {
- if (beanManager() == null) {
- return false;
- }
+ if (event.getUserConstraint() != null) {
+ s.setUserConstraint(event.getUserConstraint());
+ }
- final HasUserDataPermissionEvent event = new HasUserDataPermissionEvent(request, response, constraint);
- beanManager().fireEvent(event);
- return event.isHasUserDataPermission();
- }
+ for(final String r: event.getRoles()) {
+ s.addAuthRole(r);
+ }
- @Override
- public Container getContainer() {
- return (container);
- }
-
- @Override
- public void setContainer(final Container container) {
- Container oldContainer = this.container;
- this.container = container;
- support.firePropertyChange("container", oldContainer, this.container);
- }
+ return new SecurityConstraint[] { s };
+ }
- @Override
- public CredentialHandler getCredentialHandler() {
- return credentialHandler;
+ return sc;
}
@Override
- public void setCredentialHandler(final CredentialHandler credentialHandler) {
- this.credentialHandler = credentialHandler;
+ protected String getName() {
+ return "CdiEventRealm";
}
@Override
- public void addPropertyChangeListener(final PropertyChangeListener listener) {
- support.addPropertyChangeListener(listener);
+ protected String getPassword(final String username) {
+ // must never happen cause we overridden all authenticate() mthd
+ throw new UnsupportedOperationException();
}
@Override
- public void removePropertyChangeListener(final PropertyChangeListener listener) {
- support.removePropertyChangeListener(listener);
+ protected Principal getPrincipal(final String username) {
+ // must never happen cause we overridden all authenticate() mthd
+ throw new UnsupportedOperationException();
}
private BeanManager beanManager() {
http://git-wip-us.apache.org/repos/asf/tomee/blob/82d7cd49/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/FindSecurityConstraintsEvent.java
----------------------------------------------------------------------
diff --git a/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/FindSecurityConstraintsEvent.java b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/FindSecurityConstraintsEvent.java
index 6d5b3fb..9ef4f8a 100644
--- a/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/FindSecurityConstraintsEvent.java
+++ b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/FindSecurityConstraintsEvent.java
@@ -16,37 +16,49 @@
*/
package org.apache.tomee.catalina.realm.event;
-import org.apache.catalina.Context;
-import org.apache.catalina.connector.Request;
-import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
-
+import javax.servlet.ServletRequest;
+import java.util.ArrayList;
+import java.util.Arrays;
import java.util.List;
public class FindSecurityConstraintsEvent {
- private final Request request;
- private final Context context;
- private List<SecurityConstraint> securityConstraints;
+ private final ServletRequest request;
+ private final String context;
+
+ private final List<String> roles = new ArrayList<>();
+ private String userConstraint;
- public FindSecurityConstraintsEvent(final Request request, final Context context) {
+ public FindSecurityConstraintsEvent(final ServletRequest request, final String context) {
this.request = request;
this.context = context;
}
- public Request getRequest() {
+ public ServletRequest getRequest() {
return request;
}
- public Context getContext() {
+ public String getContext() {
return context;
}
- public boolean addSecurityConstraint(final SecurityConstraint constraint) {
- return securityConstraints.add(constraint);
+ public List<String> getRoles() {
+ return roles;
}
- public SecurityConstraint[] getSecurityConstraints() {
- return securityConstraints.toArray(new SecurityConstraint[securityConstraints.size()]);
+ public FindSecurityConstraintsEvent addRoles(final String... roles) {
+ this.roles.addAll(Arrays.asList(roles));
+ return this;
}
+ public void setUserConstraint(String userConstraint) {
+ if (this.userConstraint != null && !this.userConstraint.equals(userConstraint)) {
+ throw new IllegalStateException("User constraint already set to > " + this.userConstraint);
+ }
+ this.userConstraint = userConstraint;
+ }
+
+ public String getUserConstraint() {
+ return userConstraint;
+ }
}
http://git-wip-us.apache.org/repos/asf/tomee/blob/82d7cd49/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/HasResourcePermissionEvent.java
----------------------------------------------------------------------
diff --git a/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/HasResourcePermissionEvent.java b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/HasResourcePermissionEvent.java
deleted file mode 100644
index 2698874..0000000
--- a/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/HasResourcePermissionEvent.java
+++ /dev/null
@@ -1,63 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.tomee.catalina.realm.event;
-
-import org.apache.catalina.Context;
-import org.apache.catalina.connector.Request;
-import org.apache.catalina.connector.Response;
-import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
-
-public class HasResourcePermissionEvent {
-
- private final Request request;
- private final Response response;
- private final SecurityConstraint[] constraints;
- private final Context context;
-
- private boolean hasResourcePermission;
-
- public HasResourcePermissionEvent(final Request request, final Response response, final SecurityConstraint[] constraints, final Context context) {
- this.request = request;
- this.response = response;
- this.constraints = constraints;
- this.context = context;
- }
-
- public Request getRequest() {
- return request;
- }
-
- public Response getResponse() {
- return response;
- }
-
- public SecurityConstraint[] getConstraints() {
- return constraints;
- }
-
- public Context getContext() {
- return context;
- }
-
- public boolean isHasResourcePermission() {
- return hasResourcePermission;
- }
-
- public void setHasResourcePermission(boolean hasResourcePermission) {
- this.hasResourcePermission = hasResourcePermission;
- }
-}
http://git-wip-us.apache.org/repos/asf/tomee/blob/82d7cd49/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/HasRoleEvent.java
----------------------------------------------------------------------
diff --git a/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/HasRoleEvent.java b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/HasRoleEvent.java
deleted file mode 100644
index 4ca152d..0000000
--- a/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/HasRoleEvent.java
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.tomee.catalina.realm.event;
-
-import org.apache.catalina.Wrapper;
-
-import java.security.Principal;
-
-public class HasRoleEvent {
- private final Wrapper wrapper;
- private final Principal principal;
- private final String role;
-
- private boolean hasRole;
-
- public HasRoleEvent(final Wrapper wrapper, final Principal principal, final String role) {
- this.wrapper = wrapper;
- this.principal = principal;
- this.role = role;
- }
-
- public Wrapper getWrapper() {
- return wrapper;
- }
-
- public Principal getPrincipal() {
- return principal;
- }
-
- public String getRole() {
- return role;
- }
-
- public boolean isHasRole() {
- return hasRole;
- }
-
- public void setHasRole(boolean hasRole) {
- this.hasRole = hasRole;
- }
-}
http://git-wip-us.apache.org/repos/asf/tomee/blob/82d7cd49/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/HasUserDataPermissionEvent.java
----------------------------------------------------------------------
diff --git a/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/HasUserDataPermissionEvent.java b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/HasUserDataPermissionEvent.java
deleted file mode 100644
index f4f2a51..0000000
--- a/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/HasUserDataPermissionEvent.java
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.tomee.catalina.realm.event;
-
-import org.apache.catalina.connector.Request;
-import org.apache.catalina.connector.Response;
-import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
-
-public class HasUserDataPermissionEvent {
- private final Request request;
- private final Response response;
- private final SecurityConstraint[] constraint;
-
- private boolean hasUserDataPermission;
-
- public HasUserDataPermissionEvent(final Request request, final Response response, final SecurityConstraint[] constraint) {
- this.request = request;
- this.response = response;
- this.constraint = constraint;
- }
-
- public Request getRequest() {
- return request;
- }
-
- public Response getResponse() {
- return response;
- }
-
- public SecurityConstraint[] getConstraint() {
- return constraint;
- }
-
- public boolean isHasUserDataPermission() {
- return hasUserDataPermission;
- }
-
- public void setHasUserDataPermission(boolean hasUserDataPermission) {
- this.hasUserDataPermission = hasUserDataPermission;
- }
-}
[2/2] tomee git commit: First impl of TOMEE-1487
Posted by jl...@apache.org.
First impl of TOMEE-1487
Project: http://git-wip-us.apache.org/repos/asf/tomee/repo
Commit: http://git-wip-us.apache.org/repos/asf/tomee/commit/4b4447af
Tree: http://git-wip-us.apache.org/repos/asf/tomee/tree/4b4447af
Diff: http://git-wip-us.apache.org/repos/asf/tomee/diff/4b4447af
Branch: refs/heads/develop
Commit: 4b4447afe173cb06d0bea241fca031e0e8b5f3ba
Parents: a700640
Author: Jean-Louis Monteiro <je...@gmail.com>
Authored: Thu Jan 8 00:53:23 2015 +0100
Committer: Jean-Louis Monteiro <je...@gmail.com>
Committed: Thu Jan 8 14:57:00 2015 +0100
----------------------------------------------------------------------
.../arquillian-tomee-webprofile-tests/pom.xml | 6 +
.../tests/realm/CdiEventRealmIntegTest.java | 124 ++++++++++++
.../tests/realm/CdiEventRealmTest.java | 191 ++++++++++++++++++
.../tomee/catalina/realm/CdiEventRealm.java | 193 +++++++++++++++++++
.../realm/event/BaseAuthenticationEvent.java | 32 +++
.../realm/event/DigestAuthenticationEvent.java | 76 ++++++++
.../event/FindSecurityConstraintsEvent.java | 52 +++++
.../realm/event/GssAuthenticationEvent.java | 38 ++++
.../realm/event/HasResourcePermissionEvent.java | 63 ++++++
.../catalina/realm/event/HasRoleEvent.java | 55 ++++++
.../realm/event/HasUserDataPermissionEvent.java | 55 ++++++
.../realm/event/SslAuthenticationEvent.java | 32 +++
.../event/UserPasswordAuthenticationEvent.java | 37 ++++
13 files changed, 954 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/tomee/blob/4b4447af/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/pom.xml
----------------------------------------------------------------------
diff --git a/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/pom.xml b/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/pom.xml
index dcba88a..fa422fa 100644
--- a/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/pom.xml
+++ b/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/pom.xml
@@ -35,6 +35,12 @@
<groupId>org.apache.commons</groupId>
<version>${commons-lang3.version}</version>
</dependency>
+ <dependency>
+ <groupId>org.mockito</groupId>
+ <artifactId>mockito-all</artifactId>
+ <version>1.9.5</version>
+ <scope>test</scope>
+ </dependency>
</dependencies>
<build>
http://git-wip-us.apache.org/repos/asf/tomee/blob/4b4447af/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/realm/CdiEventRealmIntegTest.java
----------------------------------------------------------------------
diff --git a/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/realm/CdiEventRealmIntegTest.java b/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/realm/CdiEventRealmIntegTest.java
new file mode 100644
index 0000000..d8c1b06
--- /dev/null
+++ b/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/realm/CdiEventRealmIntegTest.java
@@ -0,0 +1,124 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.openejb.arquillian.tests.realm;
+
+import jdk.nashorn.internal.ir.annotations.Ignore;
+import org.apache.catalina.authenticator.BasicAuthenticator;
+import org.apache.catalina.realm.GenericPrincipal;
+import org.apache.cxf.jaxrs.client.WebClient;
+import org.apache.tomee.catalina.realm.CdiEventRealm;
+import org.apache.tomee.catalina.realm.event.UserPasswordAuthenticationEvent;
+import org.jboss.arquillian.container.test.api.Deployment;
+import org.jboss.arquillian.junit.Arquillian;
+import org.jboss.arquillian.test.api.ArquillianResource;
+import org.jboss.shrinkwrap.api.Archive;
+import org.jboss.shrinkwrap.api.ShrinkWrap;
+import org.jboss.shrinkwrap.api.asset.EmptyAsset;
+import org.jboss.shrinkwrap.api.asset.StringAsset;
+import org.jboss.shrinkwrap.api.spec.WebArchive;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import javax.annotation.security.RolesAllowed;
+import javax.ejb.Singleton;
+import javax.enterprise.context.RequestScoped;
+import javax.enterprise.event.Observes;
+import javax.inject.Inject;
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.core.Response;
+import java.net.URL;
+import java.util.Arrays;
+
+import static org.junit.Assert.assertEquals;
+
+@RunWith(Arquillian.class)
+@Ignore
+public class CdiEventRealmIntegTest
+{
+ @Deployment(testable = false)
+ public static Archive<?> war() {
+ return ShrinkWrap.create(WebArchive.class, "realm-test.war")
+ .addClasses(MultiAuthenticator.class, MyService.class)
+ .addAsWebResource(EmptyAsset.INSTANCE, "beans.xml")
+ .addAsManifestResource(new StringAsset("<Context preemptive=\"true\" antiJARLocking=\"true\">\n" +
+ "<Valve className=\"" + BasicAuthenticator.class.getName() + "\" />\n" +
+ "<Realm className=\"" + CdiEventRealm.class.getName() + "\" />\n" +
+ "</Context>"), "context.xml");
+ }
+
+ @ArquillianResource
+ private URL webapp;
+
+ @Test
+ public void success() {
+ final String val = WebClient.create(webapp.toExternalForm(), "admin", "secret", null)
+ .path("/test").get(String.class);
+
+ assertEquals("ok", val);
+ }
+
+ @Test
+ public void notAuthorized() {
+ final Response val = WebClient.create(webapp.toExternalForm(), "user", "secret", null)
+ .path("/test").get();
+
+ assertEquals(403, val.getStatus());
+ }
+
+ @Test
+ public void notAuthenticated() {
+ final Response val = WebClient.create(webapp.toExternalForm(), "admin", "bla bla", null)
+ .path("/test").get();
+
+ assertEquals(401, val.getStatus());
+ }
+
+
+ @Path("/test")
+ @Singleton
+ public static class MyService {
+ @Inject
+ private MultiAuthenticator authenticator;
+
+ @GET
+ @RolesAllowed("admin")
+ public String hello() {
+ return authenticator.stacked ? "ok" : "ko";
+ }
+ }
+
+ @RequestScoped
+ public static class MultiAuthenticator {
+ private boolean stacked = false;
+
+ public void authenticate(@Observes final UserPasswordAuthenticationEvent event) {
+ System.err.println(">> enter > " + event.getUsername());
+ assertEquals("secret", event.getCredential());
+ event.setPrincipal(new GenericPrincipal(event.getUsername(), "", Arrays.asList(event.getUsername())));
+ }
+
+ public void stacked(@Observes final UserPasswordAuthenticationEvent event) {
+ stacked = true;
+ }
+
+ public boolean isStacked() {
+ return stacked;
+ }
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/tomee/blob/4b4447af/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/realm/CdiEventRealmTest.java
----------------------------------------------------------------------
diff --git a/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/realm/CdiEventRealmTest.java b/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/realm/CdiEventRealmTest.java
new file mode 100644
index 0000000..c9e1b9e
--- /dev/null
+++ b/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/realm/CdiEventRealmTest.java
@@ -0,0 +1,191 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.openejb.arquillian.tests.realm;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.Wrapper;
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
+import org.apache.catalina.realm.GenericPrincipal;
+import org.apache.openejb.jee.WebApp;
+import org.apache.openejb.junit.ApplicationComposer;
+import org.apache.openejb.testing.Classes;
+import org.apache.openejb.testing.Module;
+import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
+import org.apache.tomee.catalina.realm.CdiEventRealm;
+import org.apache.tomee.catalina.realm.event.DigestAuthenticationEvent;
+import org.apache.tomee.catalina.realm.event.FindSecurityConstraintsEvent;
+import org.apache.tomee.catalina.realm.event.GssAuthenticationEvent;
+import org.apache.tomee.catalina.realm.event.HasResourcePermissionEvent;
+import org.apache.tomee.catalina.realm.event.HasRoleEvent;
+import org.apache.tomee.catalina.realm.event.HasUserDataPermissionEvent;
+import org.apache.tomee.catalina.realm.event.SslAuthenticationEvent;
+import org.apache.tomee.catalina.realm.event.UserPasswordAuthenticationEvent;
+import org.ietf.jgss.GSSContext;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import javax.enterprise.event.Observes;
+import java.io.IOException;
+import java.security.Principal;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import java.util.concurrent.atomic.AtomicInteger;
+
+import static org.junit.Assert.assertArrayEquals;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+@RunWith(ApplicationComposer.class)
+public class CdiEventRealmTest {
+
+ @Module
+ @Classes(cdi = true, innerClassesAsBean = true)
+ public WebApp app() {
+ return new WebApp();
+ }
+
+ @Test
+ public void userPassword() {
+ final GenericPrincipal gp = getGenericPrincipal(new CdiEventRealm().authenticate("john", "secret"));
+ assertEquals("john", gp.getName());
+ assertEquals("", gp.getPassword());
+ assertEquals(1, gp.getRoles().length);
+ assertEquals("admin", gp.getRoles()[0]);
+ }
+
+ @Test
+ public void digest() {
+ final GenericPrincipal gp = getGenericPrincipal(new CdiEventRealm().authenticate("ryan", "md5", "nonce", "nc", "cnonce", "qop", "realm", "md5a2"));
+ final String[] actual = gp.getRoles();
+ final String[] expected = new String[] {"ryan", "md5", "nonce", "nc", "cnonce", "qop", "realm", "md5a2"};
+
+ Arrays.sort(actual);
+ Arrays.sort(expected);
+
+ assertArrayEquals(actual, expected);
+ }
+
+ @Test
+ public void gss() {
+ final GenericPrincipal gp = getGenericPrincipal(new CdiEventRealm().authenticate(mock(GSSContext.class), false));
+ assertEquals("gss", gp.getName());
+ assertEquals("", gp.getPassword());
+ assertEquals(1, gp.getRoles().length);
+ assertEquals("dummy", gp.getRoles()[0]);
+ }
+
+ @Test
+ public void ssl() {
+ X509Certificate cert = mock(X509Certificate.class);
+ GenericPrincipal expected = new GenericPrincipal("john", "doe", Arrays.asList("test"));
+ when(cert.getSubjectDN()).thenReturn(expected);
+ final GenericPrincipal gp = getGenericPrincipal(new CdiEventRealm().authenticate(new X509Certificate[] { cert }));
+ assertEquals(expected, gp);
+ assertEquals("john", gp.getName());
+ assertEquals("doe", gp.getPassword());
+ assertEquals(1, gp.getRoles().length);
+ assertEquals("test", gp.getRoles()[0]);
+ }
+
+ @Test
+ public void find() {
+ final SecurityConstraint[] securityConstraints = new CdiEventRealm().findSecurityConstraints(mock(Request.class), mock(Context.class));
+ assertEquals(1, securityConstraints.length);
+ assertEquals("awesome", securityConstraints[0].getDisplayName());
+ }
+
+ @Test
+ public void has() throws IOException {
+ new CdiEventRealm().hasResourcePermission(mock(Request.class), mock(Response.class), new SecurityConstraint[0], mock(Context.class));
+ new CdiEventRealm().hasRole(mock(Wrapper.class), mock(Principal.class), "admin");
+ new CdiEventRealm().hasUserDataPermission(mock(Request.class), mock(Response.class), new SecurityConstraint[0]);
+
+ assertEquals(1, MultiAuthenticator.hasResourcePermission.get());
+ assertEquals(1, MultiAuthenticator.hasRole.get());
+ assertEquals(1, MultiAuthenticator.hasUserDataPermission.get());
+ }
+
+ private GenericPrincipal getGenericPrincipal(Principal principal) {
+ assertNotNull(principal);
+ assertTrue(GenericPrincipal.class.isInstance(principal));
+ return GenericPrincipal.class.cast(principal);
+ }
+
+ public static class MultiAuthenticator {
+
+ public static final AtomicInteger hasRole = new AtomicInteger(0);
+ public static final AtomicInteger hasResourcePermission = new AtomicInteger(0);
+ public static final AtomicInteger hasUserDataPermission = new AtomicInteger(0);
+
+ public void authenticate(@Observes final UserPasswordAuthenticationEvent event) {
+ assertEquals("john", event.getUsername());
+ assertEquals("secret", event.getCredential());
+ event.setPrincipal(new GenericPrincipal(event.getUsername(), "", Arrays.asList("admin")));
+ }
+
+ public void authenticate(@Observes final DigestAuthenticationEvent event) {
+ final List<String> roles = new ArrayList<>();
+ roles.add(event.getCnonce());
+ roles.add(event.getDigest());
+ roles.add(event.getMd5a2());
+ roles.add(event.getNc());
+ roles.add(event.getNonce());
+ roles.add(event.getQop());
+ roles.add(event.getRealm());
+ roles.add(event.getUsername());
+ event.setPrincipal(new GenericPrincipal(event.getUsername(), "", roles));
+ }
+
+ public void authenticate(@Observes final GssAuthenticationEvent event) {
+ assertNotNull(event.getGssContext());
+ event.setPrincipal(new GenericPrincipal("gss", "", Arrays.asList("dummy")));
+ }
+
+ public void authenticate(@Observes final SslAuthenticationEvent event) {
+ event.setPrincipal(event.getCerts()[0].getSubjectDN());
+ }
+
+ public void findSecurityConstraints(@Observes FindSecurityConstraintsEvent event) {
+ SecurityConstraint mock = mock(SecurityConstraint.class);
+ when(mock.getDisplayName()).thenReturn("awesome");
+ event.addSecurityConstraint(mock);
+ }
+
+ public void hasResourcePermission(@Observes HasResourcePermissionEvent event) throws IOException {
+ hasResourcePermission.incrementAndGet();
+ event.setHasResourcePermission(true);
+ }
+
+ public void hasRole(@Observes final HasRoleEvent event) {
+ hasRole.incrementAndGet();
+ event.setHasRole(true);
+ }
+
+ public void hasUserDataPermission(@Observes final HasUserDataPermissionEvent event) throws IOException {
+ hasUserDataPermission.incrementAndGet();
+ event.setHasUserDataPermission(true);
+ }
+
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/tomee/blob/4b4447af/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/CdiEventRealm.java
----------------------------------------------------------------------
diff --git a/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/CdiEventRealm.java b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/CdiEventRealm.java
new file mode 100644
index 0000000..33d1c6b
--- /dev/null
+++ b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/CdiEventRealm.java
@@ -0,0 +1,193 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.catalina.realm;
+
+import org.apache.catalina.Container;
+import org.apache.catalina.Context;
+import org.apache.catalina.CredentialHandler;
+import org.apache.catalina.Realm;
+import org.apache.catalina.Wrapper;
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
+import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
+import org.apache.tomee.catalina.realm.event.DigestAuthenticationEvent;
+import org.apache.tomee.catalina.realm.event.FindSecurityConstraintsEvent;
+import org.apache.tomee.catalina.realm.event.GssAuthenticationEvent;
+import org.apache.tomee.catalina.realm.event.HasResourcePermissionEvent;
+import org.apache.tomee.catalina.realm.event.HasRoleEvent;
+import org.apache.tomee.catalina.realm.event.HasUserDataPermissionEvent;
+import org.apache.tomee.catalina.realm.event.SslAuthenticationEvent;
+import org.apache.tomee.catalina.realm.event.UserPasswordAuthenticationEvent;
+import org.apache.webbeans.config.WebBeansContext;
+import org.ietf.jgss.GSSContext;
+
+import javax.enterprise.inject.spi.BeanManager;
+import java.beans.PropertyChangeListener;
+import java.beans.PropertyChangeSupport;
+import java.io.IOException;
+import java.security.Principal;
+import java.security.cert.X509Certificate;
+
+/**
+ * This simple CDI based realm gives the ability to send events a webapp can react to in order to authenticate the user.
+ *
+ * There is one different event per credential types to make it easier to implement.
+ */
+public class CdiEventRealm implements Realm {
+
+ protected Container container = null;
+ protected final PropertyChangeSupport support = new PropertyChangeSupport(this);
+ private CredentialHandler credentialHandler;
+
+
+ @Override
+ public Principal authenticate(final String username, final String credentials) {
+ if (beanManager() == null) {
+ return null;
+ }
+
+ final UserPasswordAuthenticationEvent event = new UserPasswordAuthenticationEvent(username, credentials);
+ beanManager().fireEvent(event);
+ return event.getPrincipal();
+ }
+
+ @Override
+ public Principal authenticate(final String username, final String digest, final String nonce, final String nc,
+ final String cnonce, final String qop, final String realm, final String md5a2) {
+ if (beanManager() == null) {
+ return null;
+ }
+
+ final DigestAuthenticationEvent event = new DigestAuthenticationEvent(username, digest, nonce, nc,
+ cnonce, qop, realm, md5a2);
+ beanManager().fireEvent(event);
+ return event.getPrincipal();
+ }
+
+ @Override
+ public Principal authenticate(final GSSContext gssContext, final boolean storeCreds) {
+ if (beanManager() == null) {
+ return null;
+ }
+
+ final GssAuthenticationEvent event = new GssAuthenticationEvent(gssContext, storeCreds);
+ beanManager().fireEvent(event);
+ return event.getPrincipal();
+ }
+
+ @Override
+ public Principal authenticate(final X509Certificate[] certs) {
+ if (beanManager() == null) {
+ return null;
+ }
+
+ final SslAuthenticationEvent event = new SslAuthenticationEvent(certs);
+ beanManager().fireEvent(event);
+ return event.getPrincipal();
+ }
+
+ @Override
+ public void backgroundProcess() {
+ // no-op for now
+ }
+
+ @Override
+ public SecurityConstraint[] findSecurityConstraints(final Request request, final Context context) {
+ if (beanManager() == null) {
+ return null;
+ }
+
+ final FindSecurityConstraintsEvent event = new FindSecurityConstraintsEvent(request, context);
+ beanManager().fireEvent(event);
+ return event.getSecurityConstraints();
+ }
+
+ @Override
+ public boolean hasResourcePermission(final Request request, final Response response,
+ final SecurityConstraint[] constraint,
+ final Context context) throws IOException {
+ if (beanManager() == null) {
+ return false;
+ }
+
+ final HasResourcePermissionEvent event = new HasResourcePermissionEvent(request, response, constraint, context);
+ beanManager().fireEvent(event);
+ return event.isHasResourcePermission();
+ }
+
+ @Override
+ public boolean hasRole(final Wrapper wrapper, final Principal principal, final String role) {
+ if (beanManager() == null) {
+ return false;
+ }
+
+ final HasRoleEvent event = new HasRoleEvent(wrapper, principal, role);
+ beanManager().fireEvent(event);
+ return event.isHasRole();
+ }
+
+ @Override
+ public boolean hasUserDataPermission(final Request request, final Response response, final SecurityConstraint[] constraint) throws IOException {
+ if (beanManager() == null) {
+ return false;
+ }
+
+ final HasUserDataPermissionEvent event = new HasUserDataPermissionEvent(request, response, constraint);
+ beanManager().fireEvent(event);
+ return event.isHasUserDataPermission();
+ }
+
+ @Override
+ public Container getContainer() {
+ return (container);
+ }
+
+ @Override
+ public void setContainer(final Container container) {
+ Container oldContainer = this.container;
+ this.container = container;
+ support.firePropertyChange("container", oldContainer, this.container);
+ }
+
+ @Override
+ public CredentialHandler getCredentialHandler() {
+ return credentialHandler;
+ }
+
+ @Override
+ public void setCredentialHandler(final CredentialHandler credentialHandler) {
+ this.credentialHandler = credentialHandler;
+ }
+
+ @Override
+ public void addPropertyChangeListener(final PropertyChangeListener listener) {
+ support.addPropertyChangeListener(listener);
+ }
+
+ @Override
+ public void removePropertyChangeListener(final PropertyChangeListener listener) {
+ support.removePropertyChangeListener(listener);
+ }
+
+ private BeanManager beanManager() {
+ final WebBeansContext webBeansContext = WebBeansContext.currentInstance();
+ if (webBeansContext == null) {
+ return null; // too early to have a cdi bean
+ }
+ return webBeansContext.getBeanManagerImpl();
+ }
+}
http://git-wip-us.apache.org/repos/asf/tomee/blob/4b4447af/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/BaseAuthenticationEvent.java
----------------------------------------------------------------------
diff --git a/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/BaseAuthenticationEvent.java b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/BaseAuthenticationEvent.java
new file mode 100644
index 0000000..d191b63
--- /dev/null
+++ b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/BaseAuthenticationEvent.java
@@ -0,0 +1,32 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.catalina.realm.event;
+
+import java.security.Principal;
+
+public abstract class BaseAuthenticationEvent {
+
+ private Principal principal;
+
+ public Principal getPrincipal() {
+ return principal;
+ }
+
+ public void setPrincipal(Principal principal) {
+ this.principal = principal;
+ }
+}
http://git-wip-us.apache.org/repos/asf/tomee/blob/4b4447af/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/DigestAuthenticationEvent.java
----------------------------------------------------------------------
diff --git a/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/DigestAuthenticationEvent.java b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/DigestAuthenticationEvent.java
new file mode 100644
index 0000000..76508c2
--- /dev/null
+++ b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/DigestAuthenticationEvent.java
@@ -0,0 +1,76 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.catalina.realm.event;
+
+import org.apache.tomee.catalina.realm.event.BaseAuthenticationEvent;
+
+public class DigestAuthenticationEvent extends BaseAuthenticationEvent {
+
+ private final String username;
+ private final String digest;
+ private final String nonce;
+ private final String nc;
+ private final String cnonce;
+ private final String qop;
+ private final String realm;
+ private final String md5a2;
+
+ public DigestAuthenticationEvent(final String username, final String digest, final String nonce, final String nc,
+ final String cnonce, final String qop, final String realm, final String md5a2) {
+
+ this.username = username;
+ this.digest = digest;
+ this.nonce = nonce;
+ this.nc = nc;
+ this.cnonce = cnonce;
+ this.qop = qop;
+ this.realm = realm;
+ this.md5a2 = md5a2;
+ }
+
+ public String getUsername() {
+ return username;
+ }
+
+ public String getDigest() {
+ return digest;
+ }
+
+ public String getNonce() {
+ return nonce;
+ }
+
+ public String getNc() {
+ return nc;
+ }
+
+ public String getCnonce() {
+ return cnonce;
+ }
+
+ public String getQop() {
+ return qop;
+ }
+
+ public String getRealm() {
+ return realm;
+ }
+
+ public String getMd5a2() {
+ return md5a2;
+ }
+}
http://git-wip-us.apache.org/repos/asf/tomee/blob/4b4447af/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/FindSecurityConstraintsEvent.java
----------------------------------------------------------------------
diff --git a/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/FindSecurityConstraintsEvent.java b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/FindSecurityConstraintsEvent.java
new file mode 100644
index 0000000..6d5b3fb
--- /dev/null
+++ b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/FindSecurityConstraintsEvent.java
@@ -0,0 +1,52 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.catalina.realm.event;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.connector.Request;
+import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
+
+import java.util.List;
+
+public class FindSecurityConstraintsEvent {
+
+ private final Request request;
+ private final Context context;
+ private List<SecurityConstraint> securityConstraints;
+
+ public FindSecurityConstraintsEvent(final Request request, final Context context) {
+ this.request = request;
+ this.context = context;
+ }
+
+ public Request getRequest() {
+ return request;
+ }
+
+ public Context getContext() {
+ return context;
+ }
+
+ public boolean addSecurityConstraint(final SecurityConstraint constraint) {
+ return securityConstraints.add(constraint);
+ }
+
+ public SecurityConstraint[] getSecurityConstraints() {
+ return securityConstraints.toArray(new SecurityConstraint[securityConstraints.size()]);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/tomee/blob/4b4447af/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/GssAuthenticationEvent.java
----------------------------------------------------------------------
diff --git a/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/GssAuthenticationEvent.java b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/GssAuthenticationEvent.java
new file mode 100644
index 0000000..61d6085
--- /dev/null
+++ b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/GssAuthenticationEvent.java
@@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.catalina.realm.event;
+
+import org.ietf.jgss.GSSContext;
+
+public class GssAuthenticationEvent extends BaseAuthenticationEvent {
+
+ private final GSSContext gssContext;
+ private final boolean storeCreds;
+
+ public GssAuthenticationEvent(final GSSContext gssContext, final boolean storeCreds) {
+ this.gssContext = gssContext;
+ this.storeCreds = storeCreds;
+ }
+
+ public GSSContext getGssContext() {
+ return gssContext;
+ }
+
+ public boolean isStoreCreds() {
+ return storeCreds;
+ }
+}
http://git-wip-us.apache.org/repos/asf/tomee/blob/4b4447af/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/HasResourcePermissionEvent.java
----------------------------------------------------------------------
diff --git a/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/HasResourcePermissionEvent.java b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/HasResourcePermissionEvent.java
new file mode 100644
index 0000000..2698874
--- /dev/null
+++ b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/HasResourcePermissionEvent.java
@@ -0,0 +1,63 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.catalina.realm.event;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
+import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
+
+public class HasResourcePermissionEvent {
+
+ private final Request request;
+ private final Response response;
+ private final SecurityConstraint[] constraints;
+ private final Context context;
+
+ private boolean hasResourcePermission;
+
+ public HasResourcePermissionEvent(final Request request, final Response response, final SecurityConstraint[] constraints, final Context context) {
+ this.request = request;
+ this.response = response;
+ this.constraints = constraints;
+ this.context = context;
+ }
+
+ public Request getRequest() {
+ return request;
+ }
+
+ public Response getResponse() {
+ return response;
+ }
+
+ public SecurityConstraint[] getConstraints() {
+ return constraints;
+ }
+
+ public Context getContext() {
+ return context;
+ }
+
+ public boolean isHasResourcePermission() {
+ return hasResourcePermission;
+ }
+
+ public void setHasResourcePermission(boolean hasResourcePermission) {
+ this.hasResourcePermission = hasResourcePermission;
+ }
+}
http://git-wip-us.apache.org/repos/asf/tomee/blob/4b4447af/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/HasRoleEvent.java
----------------------------------------------------------------------
diff --git a/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/HasRoleEvent.java b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/HasRoleEvent.java
new file mode 100644
index 0000000..4ca152d
--- /dev/null
+++ b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/HasRoleEvent.java
@@ -0,0 +1,55 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.catalina.realm.event;
+
+import org.apache.catalina.Wrapper;
+
+import java.security.Principal;
+
+public class HasRoleEvent {
+ private final Wrapper wrapper;
+ private final Principal principal;
+ private final String role;
+
+ private boolean hasRole;
+
+ public HasRoleEvent(final Wrapper wrapper, final Principal principal, final String role) {
+ this.wrapper = wrapper;
+ this.principal = principal;
+ this.role = role;
+ }
+
+ public Wrapper getWrapper() {
+ return wrapper;
+ }
+
+ public Principal getPrincipal() {
+ return principal;
+ }
+
+ public String getRole() {
+ return role;
+ }
+
+ public boolean isHasRole() {
+ return hasRole;
+ }
+
+ public void setHasRole(boolean hasRole) {
+ this.hasRole = hasRole;
+ }
+}
http://git-wip-us.apache.org/repos/asf/tomee/blob/4b4447af/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/HasUserDataPermissionEvent.java
----------------------------------------------------------------------
diff --git a/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/HasUserDataPermissionEvent.java b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/HasUserDataPermissionEvent.java
new file mode 100644
index 0000000..f4f2a51
--- /dev/null
+++ b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/HasUserDataPermissionEvent.java
@@ -0,0 +1,55 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.catalina.realm.event;
+
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
+import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
+
+public class HasUserDataPermissionEvent {
+ private final Request request;
+ private final Response response;
+ private final SecurityConstraint[] constraint;
+
+ private boolean hasUserDataPermission;
+
+ public HasUserDataPermissionEvent(final Request request, final Response response, final SecurityConstraint[] constraint) {
+ this.request = request;
+ this.response = response;
+ this.constraint = constraint;
+ }
+
+ public Request getRequest() {
+ return request;
+ }
+
+ public Response getResponse() {
+ return response;
+ }
+
+ public SecurityConstraint[] getConstraint() {
+ return constraint;
+ }
+
+ public boolean isHasUserDataPermission() {
+ return hasUserDataPermission;
+ }
+
+ public void setHasUserDataPermission(boolean hasUserDataPermission) {
+ this.hasUserDataPermission = hasUserDataPermission;
+ }
+}
http://git-wip-us.apache.org/repos/asf/tomee/blob/4b4447af/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/SslAuthenticationEvent.java
----------------------------------------------------------------------
diff --git a/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/SslAuthenticationEvent.java b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/SslAuthenticationEvent.java
new file mode 100644
index 0000000..f3a9553
--- /dev/null
+++ b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/SslAuthenticationEvent.java
@@ -0,0 +1,32 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.catalina.realm.event;
+
+import java.security.cert.X509Certificate;
+
+public class SslAuthenticationEvent extends BaseAuthenticationEvent {
+
+ private final X509Certificate[] certs;
+
+ public SslAuthenticationEvent(final X509Certificate[] certs) {
+ this.certs = certs;
+ }
+
+ public X509Certificate[] getCerts() {
+ return certs;
+ }
+}
http://git-wip-us.apache.org/repos/asf/tomee/blob/4b4447af/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/UserPasswordAuthenticationEvent.java
----------------------------------------------------------------------
diff --git a/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/UserPasswordAuthenticationEvent.java b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/UserPasswordAuthenticationEvent.java
new file mode 100644
index 0000000..e33a0b2
--- /dev/null
+++ b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/UserPasswordAuthenticationEvent.java
@@ -0,0 +1,37 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.catalina.realm.event;
+
+public class UserPasswordAuthenticationEvent extends BaseAuthenticationEvent {
+
+ private final String username;
+ private final String credential;
+
+
+ public UserPasswordAuthenticationEvent(final String username, final String credential) {
+ this.username = username;
+ this.credential = credential;
+ }
+
+ public String getUsername() {
+ return username;
+ }
+
+ public String getCredential() {
+ return credential;
+ }
+}