You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by ra...@apache.org on 2019/01/09 17:25:58 UTC
[tomee] 10/48: TOMEE-2365 - CDI Extension to register
AuthenticationMechanism if definitions are found.
This is an automated email from the ASF dual-hosted git repository.
radcortez pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomee.git
commit 5df4e8f70be6fae6d66654068adf708466c1de96
Author: Roberto Cortez <ra...@yahoo.com>
AuthorDate: Tue Dec 18 23:31:24 2018 +0000
TOMEE-2365 - CDI Extension to register AuthenticationMechanism if definitions are found.
---
.../security/cdi/BasicAuthenticationMechanism.java | 80 ++++++++++++++++++++++
.../tomee/security/cdi/TomEESecurityExtension.java | 53 ++++++++++++++
.../services/javax.enterprise.inject.spi.Extension | 33 +++++++++
.../src/test/resources/META-INF/beans.xml | 0
4 files changed, 166 insertions(+)
diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/BasicAuthenticationMechanism.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/BasicAuthenticationMechanism.java
new file mode 100644
index 0000000..8f433fa
--- /dev/null
+++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/BasicAuthenticationMechanism.java
@@ -0,0 +1,80 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.security.cdi;
+
+import org.apache.tomee.security.identitystore.TomEEIdentityStoreHandler;
+
+import javax.enterprise.context.ApplicationScoped;
+import javax.inject.Inject;
+import javax.security.enterprise.AuthenticationException;
+import javax.security.enterprise.AuthenticationStatus;
+import javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism;
+import javax.security.enterprise.authentication.mechanism.http.HttpMessageContext;
+import javax.security.enterprise.credential.BasicAuthenticationCredential;
+import javax.security.enterprise.identitystore.CredentialValidationResult;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.core.HttpHeaders;
+
+import static javax.security.enterprise.identitystore.CredentialValidationResult.Status.VALID;
+
+@ApplicationScoped
+public class BasicAuthenticationMechanism implements HttpAuthenticationMechanism {
+ @Inject
+ private TomEEIdentityStoreHandler identityStoreHandler;
+
+ @Override
+ public AuthenticationStatus validateRequest(final HttpServletRequest request,
+ final HttpServletResponse response,
+ final HttpMessageContext httpMessageContext)
+ throws AuthenticationException {
+
+ if (!httpMessageContext.isProtected()) {
+ return httpMessageContext.doNothing();
+ }
+
+ try {
+ final CredentialValidationResult result =
+ identityStoreHandler.validate(new BasicAuthenticationCredential(HttpHeaders.AUTHORIZATION));
+
+ if (result.getStatus().equals(VALID)) {
+ return httpMessageContext.notifyContainerAboutLogin(result);
+ }
+
+ } catch (final IllegalArgumentException | IllegalStateException e) {
+ // Something was sent in the header was not valid. Fallthrough to the authenticate challenge again.
+ }
+
+ response.setHeader("WWW-Authenticate", "Basic");
+ return httpMessageContext.responseUnauthorized();
+ }
+
+ @Override
+ public AuthenticationStatus secureResponse(final HttpServletRequest request,
+ final HttpServletResponse response,
+ final HttpMessageContext httpMessageContext)
+ throws AuthenticationException {
+ return null;
+ }
+
+ @Override
+ public void cleanSubject(final HttpServletRequest request,
+ final HttpServletResponse response,
+ final HttpMessageContext httpMessageContext) {
+
+ }
+}
diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityExtension.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityExtension.java
new file mode 100644
index 0000000..2f7bf04
--- /dev/null
+++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityExtension.java
@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.security.cdi;
+
+import javax.enterprise.context.ApplicationScoped;
+import javax.enterprise.event.Observes;
+import javax.enterprise.inject.Any;
+import javax.enterprise.inject.Default;
+import javax.enterprise.inject.spi.AfterBeanDiscovery;
+import javax.enterprise.inject.spi.AnnotatedType;
+import javax.enterprise.inject.spi.Extension;
+import javax.enterprise.inject.spi.ProcessAnnotatedType;
+import javax.security.enterprise.authentication.mechanism.http.BasicAuthenticationMechanismDefinition;
+import javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism;
+import java.util.HashSet;
+import java.util.Set;
+
+public class TomEESecurityExtension implements Extension {
+ private final Set<AnnotatedType> basicAuthentication = new HashSet<>();
+
+ void processAuthenticationMechanismDefinitions(@Observes final ProcessAnnotatedType<?> processAnnotatedType) {
+ final AnnotatedType<?> annotatedType = processAnnotatedType.getAnnotatedType();
+ if (annotatedType.isAnnotationPresent(BasicAuthenticationMechanismDefinition.class)) {
+ basicAuthentication.add(annotatedType);
+ }
+ }
+
+ void registerAuthenticationMechanism(@Observes final AfterBeanDiscovery afterBeanDiscovery) {
+ if (!basicAuthentication.isEmpty()) {
+ afterBeanDiscovery.addBean()
+ .id(BasicAuthenticationMechanism.class.getName())
+ .beanClass(BasicAuthenticationMechanism.class)
+ .types(Object.class, HttpAuthenticationMechanism.class, BasicAuthenticationMechanism.class)
+ .qualifiers(Default.Literal.INSTANCE, Any.Literal.INSTANCE)
+ .scope(ApplicationScoped.class)
+ .createWith(creationalContext -> new BasicAuthenticationMechanism());
+ }
+ }
+}
diff --git a/tomee/tomee-security/src/main/resources/META-INF/services/javax.enterprise.inject.spi.Extension b/tomee/tomee-security/src/main/resources/META-INF/services/javax.enterprise.inject.spi.Extension
new file mode 100644
index 0000000..6fc07e8
--- /dev/null
+++ b/tomee/tomee-security/src/main/resources/META-INF/services/javax.enterprise.inject.spi.Extension
@@ -0,0 +1,33 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+org.apache.tomee.security.cdi.TomEESecurityExtension
diff --git a/tomee/tomee-security/src/test/resources/META-INF/beans.xml b/tomee/tomee-security/src/test/resources/META-INF/beans.xml
new file mode 100644
index 0000000..e69de29