You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by ra...@apache.org on 2019/01/09 17:26:07 UTC
[tomee] 19/48: TOMEE-2365 - Initial implementation of
HttpMessageContext. Not complete yet, just basic stuff.
This is an automated email from the ASF dual-hosted git repository.
radcortez pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomee.git
commit 7366bbd3d7dc174ac86703cf4246ec5ebc5b3c70
Author: Roberto Cortez <ra...@yahoo.com>
AuthorDate: Wed Dec 26 16:17:28 2018 +0000
TOMEE-2365 - Initial implementation of HttpMessageContext. Not complete yet, just basic stuff.
---
.../security/http/TomEEHttpMessageContext.java | 190 +++++++++++++++++++++
1 file changed, 190 insertions(+)
diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/http/TomEEHttpMessageContext.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/http/TomEEHttpMessageContext.java
new file mode 100644
index 0000000..dfb7627
--- /dev/null
+++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/http/TomEEHttpMessageContext.java
@@ -0,0 +1,190 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.security.http;
+
+import org.apache.catalina.authenticator.jaspic.MessageInfoImpl;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.message.MessageInfo;
+import javax.security.enterprise.AuthenticationStatus;
+import javax.security.enterprise.CallerPrincipal;
+import javax.security.enterprise.authentication.mechanism.http.AuthenticationParameters;
+import javax.security.enterprise.authentication.mechanism.http.HttpMessageContext;
+import javax.security.enterprise.identitystore.CredentialValidationResult;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.security.Principal;
+import java.util.Set;
+
+import static javax.security.enterprise.AuthenticationStatus.SEND_FAILURE;
+import static javax.security.enterprise.AuthenticationStatus.SUCCESS;
+import static javax.security.enterprise.identitystore.CredentialValidationResult.Status.VALID;
+import static javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED;
+
+public class TomEEHttpMessageContext implements HttpMessageContext {
+ private final MessageInfo messageInfo;
+ private final Subject clientSubject;
+ private final Subject serviceSubject;
+
+ private TomEEHttpMessageContext(final MessageInfo messageInfo,
+ final Subject clientSubject,
+ final Subject serviceSubject) {
+ this.messageInfo = messageInfo;
+ this.clientSubject = clientSubject;
+ this.serviceSubject = serviceSubject;
+ }
+
+ public static TomEEHttpMessageContext httpMessageContext(final MessageInfo messageInfo,
+ final Subject clientSubject,
+ final Subject serviceSubject) {
+ return new TomEEHttpMessageContext(messageInfo, clientSubject, serviceSubject);
+ }
+
+ @Override
+ public boolean isProtected() {
+ return Boolean.valueOf((String) messageInfo.getMap().getOrDefault(MessageInfoImpl.IS_MANDATORY, "false"));
+ }
+
+ @Override
+ public boolean isAuthenticationRequest() {
+ return false;
+ }
+
+ @Override
+ public boolean isRegisterSession() {
+ return false;
+ }
+
+ @Override
+ public void setRegisterSession(final String callerName, final Set<String> groups) {
+
+ }
+
+ @Override
+ public void cleanClientSubject() {
+
+ }
+
+ @Override
+ public AuthenticationParameters getAuthParameters() {
+ return null;
+ }
+
+ @Override
+ public CallbackHandler getHandler() {
+ return null;
+ }
+
+ @Override
+ public MessageInfo getMessageInfo() {
+ return null;
+ }
+
+ @Override
+ public Subject getClientSubject() {
+ return null;
+ }
+
+ @Override
+ public HttpServletRequest getRequest() {
+ return (HttpServletRequest) messageInfo.getRequestMessage();
+ }
+
+ @Override
+ public void setRequest(final HttpServletRequest request) {
+ messageInfo.setRequestMessage(request);
+ }
+
+ @Override
+ public HttpMessageContext withRequest(final HttpServletRequest request) {
+ setRequest(request);
+ return this;
+ }
+
+ @Override
+ public HttpServletResponse getResponse() {
+ return (HttpServletResponse) messageInfo.getResponseMessage();
+ }
+
+ @Override
+ public void setResponse(final HttpServletResponse response) {
+ messageInfo.setResponseMessage(response);
+ }
+
+ @Override
+ public AuthenticationStatus redirect(final String location) {
+ return null;
+ }
+
+ @Override
+ public AuthenticationStatus forward(final String path) {
+ return null;
+ }
+
+ @Override
+ public AuthenticationStatus responseUnauthorized() {
+ try {
+ getResponse().sendError(SC_UNAUTHORIZED);
+ } catch (final IOException e) {
+ throw new IllegalStateException(e);
+ }
+ return SEND_FAILURE;
+ }
+
+ @Override
+ public AuthenticationStatus responseNotFound() {
+ return null;
+ }
+
+ @Override
+ public AuthenticationStatus notifyContainerAboutLogin(final String callername, final Set<String> groups) {
+ return notifyContainerAboutLogin(new CallerPrincipal(callername), groups);
+ }
+
+ @Override
+ public AuthenticationStatus notifyContainerAboutLogin(final Principal principal, final Set<String> groups) {
+ // Needs more stuff in here.
+
+ return SUCCESS;
+ }
+
+ @Override
+ public AuthenticationStatus notifyContainerAboutLogin(final CredentialValidationResult result) {
+ if (result.getStatus().equals(VALID)) {
+ return notifyContainerAboutLogin(result.getCallerPrincipal(), result.getCallerGroups());
+ }
+
+ return SEND_FAILURE;
+ }
+
+ @Override
+ public AuthenticationStatus doNothing() {
+ return null;
+ }
+
+ @Override
+ public Principal getCallerPrincipal() {
+ return null;
+ }
+
+ @Override
+ public Set<String> getGroups() {
+ return null;
+ }
+}