You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by jl...@apache.org on 2018/12/10 14:47:31 UTC

[28/38] tomee git commit: Make Principal returned by the CDI security service contextual. Re-instate all tests. Couple of failing JWT tests to go

Make Principal returned by the CDI security service contextual. Re-instate all tests. Couple of failing JWT tests to go


Project: http://git-wip-us.apache.org/repos/asf/tomee/repo
Commit: http://git-wip-us.apache.org/repos/asf/tomee/commit/a72e1f3b
Tree: http://git-wip-us.apache.org/repos/asf/tomee/tree/a72e1f3b
Diff: http://git-wip-us.apache.org/repos/asf/tomee/diff/a72e1f3b

Branch: refs/heads/master
Commit: a72e1f3b723fea010c13ba53d40af04ce22c7f4d
Parents: f305620
Author: Jonathan Gallimore <jo...@jrg.me.uk>
Authored: Mon Nov 19 11:32:39 2018 +0000
Committer: Roberto Cortez <ra...@yahoo.com>
Committed: Fri Dec 7 18:13:05 2018 +0000

----------------------------------------------------------------------
 .../openejb/cdi/ManagedSecurityService.java     | 49 ++++++++++++++++++++
 1 file changed, 49 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/tomee/blob/a72e1f3b/container/openejb-core/src/main/java/org/apache/openejb/cdi/ManagedSecurityService.java
----------------------------------------------------------------------
diff --git a/container/openejb-core/src/main/java/org/apache/openejb/cdi/ManagedSecurityService.java b/container/openejb-core/src/main/java/org/apache/openejb/cdi/ManagedSecurityService.java
index 1b18c4e..a7346fe 100644
--- a/container/openejb-core/src/main/java/org/apache/openejb/cdi/ManagedSecurityService.java
+++ b/container/openejb-core/src/main/java/org/apache/openejb/cdi/ManagedSecurityService.java
@@ -19,24 +19,72 @@ package org.apache.openejb.cdi;
 
 import org.apache.openejb.loader.SystemInstance;
 import org.apache.openejb.spi.SecurityService;
+import org.apache.webbeans.config.WebBeansContext;
 
 import java.lang.reflect.AccessibleObject;
 import java.lang.reflect.Constructor;
 import java.lang.reflect.Field;
+import java.lang.reflect.InvocationHandler;
 import java.lang.reflect.Method;
+import java.lang.reflect.Proxy;
 import java.security.Principal;
 import java.security.PrivilegedActionException;
+import java.util.ArrayList;
+import java.util.List;
 import java.util.Properties;
 
 public class ManagedSecurityService implements org.apache.webbeans.spi.SecurityService {
     private final org.apache.webbeans.corespi.security.ManagedSecurityService delegate = new org.apache.webbeans.corespi.security.ManagedSecurityService();
 
+    private final boolean useWrapper;
+    private Principal proxy = null;
+
+
+    public ManagedSecurityService(final WebBeansContext context) {
+        useWrapper = (!Boolean.parseBoolean(context.getOpenWebBeansConfiguration()
+                .getProperty("org.apache.webbeans.component.PrincipalBean.proxy", "true").trim()));
+
+        if (useWrapper) {
+            final ClassLoader loader = ManagedSecurityService.class.getClassLoader();
+
+            final String[] apiInterfaces = context.getOpenWebBeansConfiguration()
+                    .getProperty("org.apache.webbeans.component.PrincipalBean.proxyApis", "org.eclipse.microprofile.jwt.JsonWebToken").split(",");
+
+            List<Class> interfaceList = new ArrayList<>();
+
+            for (final String apiInterface : apiInterfaces) {
+                try {
+                    final Class<?> clazz = loader.loadClass(apiInterface.trim());
+                    interfaceList.add(clazz);
+                } catch (NoClassDefFoundError | ClassNotFoundException e) {
+                    // TODO: log severe error here with guidance
+                }
+            }
+
+            proxy = Principal.class.cast(Proxy.newProxyInstance(loader, interfaceList.toArray(new Class[0]), new InvocationHandler() {
+                @Override
+                public Object invoke(final Object proxy, final Method method, final Object[] args) throws Throwable {
+                    return method.invoke(doGetPrincipal(), args);
+                }
+            }));
+        }
+    }
+
     @Override
     public Principal getCurrentPrincipal() {
+        if (useWrapper) {
+            return proxy;
+        }
+
+        return doGetPrincipal();
+    }
+
+    private Principal doGetPrincipal() {
         final SecurityService<?> service = SystemInstance.get().getComponent(SecurityService.class);
         if (service != null) {
             return service.getCallerPrincipal();
         }
+
         return null;
     }
 
@@ -104,4 +152,5 @@ public class ManagedSecurityService implements org.apache.webbeans.spi.SecurityS
     public Properties doPrivilegedGetSystemProperties() {
         return delegate.doPrivilegedGetSystemProperties();
     }
+
 }