You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by ra...@apache.org on 2019/01/09 17:26:07 UTC

[tomee] 19/48: TOMEE-2365 - Initial implementation of HttpMessageContext. Not complete yet, just basic stuff.

This is an automated email from the ASF dual-hosted git repository.

radcortez pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomee.git

commit 7366bbd3d7dc174ac86703cf4246ec5ebc5b3c70
Author: Roberto Cortez <ra...@yahoo.com>
AuthorDate: Wed Dec 26 16:17:28 2018 +0000

    TOMEE-2365 - Initial implementation of HttpMessageContext. Not complete yet, just basic stuff.
---
 .../security/http/TomEEHttpMessageContext.java     | 190 +++++++++++++++++++++
 1 file changed, 190 insertions(+)

diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/http/TomEEHttpMessageContext.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/http/TomEEHttpMessageContext.java
new file mode 100644
index 0000000..dfb7627
--- /dev/null
+++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/http/TomEEHttpMessageContext.java
@@ -0,0 +1,190 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.security.http;
+
+import org.apache.catalina.authenticator.jaspic.MessageInfoImpl;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.message.MessageInfo;
+import javax.security.enterprise.AuthenticationStatus;
+import javax.security.enterprise.CallerPrincipal;
+import javax.security.enterprise.authentication.mechanism.http.AuthenticationParameters;
+import javax.security.enterprise.authentication.mechanism.http.HttpMessageContext;
+import javax.security.enterprise.identitystore.CredentialValidationResult;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.security.Principal;
+import java.util.Set;
+
+import static javax.security.enterprise.AuthenticationStatus.SEND_FAILURE;
+import static javax.security.enterprise.AuthenticationStatus.SUCCESS;
+import static javax.security.enterprise.identitystore.CredentialValidationResult.Status.VALID;
+import static javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED;
+
+public class TomEEHttpMessageContext implements HttpMessageContext {
+    private final MessageInfo messageInfo;
+    private final Subject clientSubject;
+    private final Subject serviceSubject;
+
+    private TomEEHttpMessageContext(final MessageInfo messageInfo,
+                                    final Subject clientSubject,
+                                    final Subject serviceSubject) {
+        this.messageInfo = messageInfo;
+        this.clientSubject = clientSubject;
+        this.serviceSubject = serviceSubject;
+    }
+
+    public static TomEEHttpMessageContext httpMessageContext(final MessageInfo messageInfo,
+                                                             final Subject clientSubject,
+                                                             final Subject serviceSubject) {
+        return new TomEEHttpMessageContext(messageInfo, clientSubject, serviceSubject);
+    }
+
+    @Override
+    public boolean isProtected() {
+        return Boolean.valueOf((String) messageInfo.getMap().getOrDefault(MessageInfoImpl.IS_MANDATORY, "false"));
+    }
+
+    @Override
+    public boolean isAuthenticationRequest() {
+        return false;
+    }
+
+    @Override
+    public boolean isRegisterSession() {
+        return false;
+    }
+
+    @Override
+    public void setRegisterSession(final String callerName, final Set<String> groups) {
+
+    }
+
+    @Override
+    public void cleanClientSubject() {
+
+    }
+
+    @Override
+    public AuthenticationParameters getAuthParameters() {
+        return null;
+    }
+
+    @Override
+    public CallbackHandler getHandler() {
+        return null;
+    }
+
+    @Override
+    public MessageInfo getMessageInfo() {
+        return null;
+    }
+
+    @Override
+    public Subject getClientSubject() {
+        return null;
+    }
+
+    @Override
+    public HttpServletRequest getRequest() {
+        return (HttpServletRequest) messageInfo.getRequestMessage();
+    }
+
+    @Override
+    public void setRequest(final HttpServletRequest request) {
+        messageInfo.setRequestMessage(request);
+    }
+
+    @Override
+    public HttpMessageContext withRequest(final HttpServletRequest request) {
+        setRequest(request);
+        return this;
+    }
+
+    @Override
+    public HttpServletResponse getResponse() {
+        return (HttpServletResponse) messageInfo.getResponseMessage();
+    }
+
+    @Override
+    public void setResponse(final HttpServletResponse response) {
+        messageInfo.setResponseMessage(response);
+    }
+
+    @Override
+    public AuthenticationStatus redirect(final String location) {
+        return null;
+    }
+
+    @Override
+    public AuthenticationStatus forward(final String path) {
+        return null;
+    }
+
+    @Override
+    public AuthenticationStatus responseUnauthorized() {
+        try {
+            getResponse().sendError(SC_UNAUTHORIZED);
+        } catch (final IOException e) {
+            throw new IllegalStateException(e);
+        }
+        return SEND_FAILURE;
+    }
+
+    @Override
+    public AuthenticationStatus responseNotFound() {
+        return null;
+    }
+
+    @Override
+    public AuthenticationStatus notifyContainerAboutLogin(final String callername, final Set<String> groups) {
+        return notifyContainerAboutLogin(new CallerPrincipal(callername), groups);
+    }
+
+    @Override
+    public AuthenticationStatus notifyContainerAboutLogin(final Principal principal, final Set<String> groups) {
+        // Needs more stuff in here.
+
+        return SUCCESS;
+    }
+
+    @Override
+    public AuthenticationStatus notifyContainerAboutLogin(final CredentialValidationResult result) {
+        if (result.getStatus().equals(VALID)) {
+            return notifyContainerAboutLogin(result.getCallerPrincipal(), result.getCallerGroups());
+        }
+
+        return SEND_FAILURE;
+    }
+
+    @Override
+    public AuthenticationStatus doNothing() {
+        return null;
+    }
+
+    @Override
+    public Principal getCallerPrincipal() {
+        return null;
+    }
+
+    @Override
+    public Set<String> getGroups() {
+        return null;
+    }
+}