You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by jl...@apache.org on 2018/12/10 14:47:31 UTC
[28/38] tomee git commit: Make Principal returned by the CDI security
service contextual. Re-instate all tests. Couple of failing JWT tests to go
Make Principal returned by the CDI security service contextual. Re-instate all tests. Couple of failing JWT tests to go
Project: http://git-wip-us.apache.org/repos/asf/tomee/repo
Commit: http://git-wip-us.apache.org/repos/asf/tomee/commit/a72e1f3b
Tree: http://git-wip-us.apache.org/repos/asf/tomee/tree/a72e1f3b
Diff: http://git-wip-us.apache.org/repos/asf/tomee/diff/a72e1f3b
Branch: refs/heads/master
Commit: a72e1f3b723fea010c13ba53d40af04ce22c7f4d
Parents: f305620
Author: Jonathan Gallimore <jo...@jrg.me.uk>
Authored: Mon Nov 19 11:32:39 2018 +0000
Committer: Roberto Cortez <ra...@yahoo.com>
Committed: Fri Dec 7 18:13:05 2018 +0000
----------------------------------------------------------------------
.../openejb/cdi/ManagedSecurityService.java | 49 ++++++++++++++++++++
1 file changed, 49 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/tomee/blob/a72e1f3b/container/openejb-core/src/main/java/org/apache/openejb/cdi/ManagedSecurityService.java
----------------------------------------------------------------------
diff --git a/container/openejb-core/src/main/java/org/apache/openejb/cdi/ManagedSecurityService.java b/container/openejb-core/src/main/java/org/apache/openejb/cdi/ManagedSecurityService.java
index 1b18c4e..a7346fe 100644
--- a/container/openejb-core/src/main/java/org/apache/openejb/cdi/ManagedSecurityService.java
+++ b/container/openejb-core/src/main/java/org/apache/openejb/cdi/ManagedSecurityService.java
@@ -19,24 +19,72 @@ package org.apache.openejb.cdi;
import org.apache.openejb.loader.SystemInstance;
import org.apache.openejb.spi.SecurityService;
+import org.apache.webbeans.config.WebBeansContext;
import java.lang.reflect.AccessibleObject;
import java.lang.reflect.Constructor;
import java.lang.reflect.Field;
+import java.lang.reflect.InvocationHandler;
import java.lang.reflect.Method;
+import java.lang.reflect.Proxy;
import java.security.Principal;
import java.security.PrivilegedActionException;
+import java.util.ArrayList;
+import java.util.List;
import java.util.Properties;
public class ManagedSecurityService implements org.apache.webbeans.spi.SecurityService {
private final org.apache.webbeans.corespi.security.ManagedSecurityService delegate = new org.apache.webbeans.corespi.security.ManagedSecurityService();
+ private final boolean useWrapper;
+ private Principal proxy = null;
+
+
+ public ManagedSecurityService(final WebBeansContext context) {
+ useWrapper = (!Boolean.parseBoolean(context.getOpenWebBeansConfiguration()
+ .getProperty("org.apache.webbeans.component.PrincipalBean.proxy", "true").trim()));
+
+ if (useWrapper) {
+ final ClassLoader loader = ManagedSecurityService.class.getClassLoader();
+
+ final String[] apiInterfaces = context.getOpenWebBeansConfiguration()
+ .getProperty("org.apache.webbeans.component.PrincipalBean.proxyApis", "org.eclipse.microprofile.jwt.JsonWebToken").split(",");
+
+ List<Class> interfaceList = new ArrayList<>();
+
+ for (final String apiInterface : apiInterfaces) {
+ try {
+ final Class<?> clazz = loader.loadClass(apiInterface.trim());
+ interfaceList.add(clazz);
+ } catch (NoClassDefFoundError | ClassNotFoundException e) {
+ // TODO: log severe error here with guidance
+ }
+ }
+
+ proxy = Principal.class.cast(Proxy.newProxyInstance(loader, interfaceList.toArray(new Class[0]), new InvocationHandler() {
+ @Override
+ public Object invoke(final Object proxy, final Method method, final Object[] args) throws Throwable {
+ return method.invoke(doGetPrincipal(), args);
+ }
+ }));
+ }
+ }
+
@Override
public Principal getCurrentPrincipal() {
+ if (useWrapper) {
+ return proxy;
+ }
+
+ return doGetPrincipal();
+ }
+
+ private Principal doGetPrincipal() {
final SecurityService<?> service = SystemInstance.get().getComponent(SecurityService.class);
if (service != null) {
return service.getCallerPrincipal();
}
+
return null;
}
@@ -104,4 +152,5 @@ public class ManagedSecurityService implements org.apache.webbeans.spi.SecurityS
public Properties doPrivilegedGetSystemProperties() {
return delegate.doPrivilegedGetSystemProperties();
}
+
}