You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by ra...@apache.org on 2019/01/09 17:26:11 UTC
[tomee] 23/48: TOMEE-2365 - Added a Default Authentication Mechanism to passthrough request to Servlet that don't require authentication.

This is an automated email from the ASF dual-hosted git repository.

radcortez pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomee.git

commit e83f7ff99f18f16cceb6fb01deb12d5af27248de
Author: Roberto Cortez <ra...@yahoo.com>
AuthorDate: Wed Dec 26 18:59:11 2018 +0000

    TOMEE-2365 - Added a Default Authentication Mechanism to passthrough request to Servlet that don't require authentication.
---
 .../cdi/DefaultAuthenticationMechanism.java        | 48 ++++++++++++++++++++++
 .../tomee/security/cdi/TomEESecurityExtension.java |  5 +++
 ...curityServletAuthenticationMechanismMapper.java |  6 ++-
 .../TomEESecurityServletContainerInitializer.java  | 16 +++++---
 4 files changed, 68 insertions(+), 7 deletions(-)

diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/DefaultAuthenticationMechanism.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/DefaultAuthenticationMechanism.java
new file mode 100644
index 0000000..f7da0a6
--- /dev/null
+++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/DefaultAuthenticationMechanism.java
@@ -0,0 +1,48 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.security.cdi;
+
+import javax.enterprise.context.ApplicationScoped;
+import javax.security.enterprise.AuthenticationException;
+import javax.security.enterprise.AuthenticationStatus;
+import javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism;
+import javax.security.enterprise.authentication.mechanism.http.HttpMessageContext;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+@ApplicationScoped
+public class DefaultAuthenticationMechanism implements HttpAuthenticationMechanism {
+    @Override
+    public AuthenticationStatus validateRequest(final HttpServletRequest request, final HttpServletResponse response,
+                                                final HttpMessageContext httpMessageContext)
+            throws AuthenticationException {
+        return httpMessageContext.doNothing();
+    }
+
+    @Override
+    public AuthenticationStatus secureResponse(final HttpServletRequest request, final HttpServletResponse response,
+                                               final HttpMessageContext httpMessageContext)
+            throws AuthenticationException {
+        return null;
+    }
+
+    @Override
+    public void cleanSubject(final HttpServletRequest request, final HttpServletResponse response,
+                             final HttpMessageContext httpMessageContext) {
+
+    }
+}
diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityExtension.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityExtension.java
index 3470bd2..712587e 100644
--- a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityExtension.java
+++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityExtension.java
@@ -49,6 +49,7 @@ public class TomEESecurityExtension implements Extension {
     void observeBeforeBeanDiscovery(@Observes final BeforeBeanDiscovery beforeBeanDiscovery,
                                     final BeanManager beanManager) {
         if (basicAuthentication.isEmpty()) {
+            beforeBeanDiscovery.addAnnotatedType(beanManager.createAnnotatedType(DefaultAuthenticationMechanism.class));
             beforeBeanDiscovery.addAnnotatedType(
                     beanManager.createAnnotatedType(TomEESecurityServletAuthenticationMechanismMapper.class));
             beforeBeanDiscovery.addAnnotatedType(beanManager.createAnnotatedType(TomEEDefaultIdentityStore.class));
@@ -76,4 +77,8 @@ public class TomEESecurityExtension implements Extension {
                });
         }
     }
+
+    public boolean hasAuthenticationMechanisms() {
+        return !basicAuthentication.isEmpty();
+    }
 }
diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityServletAuthenticationMechanismMapper.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityServletAuthenticationMechanismMapper.java
index bbad8ef..836fff4 100644
--- a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityServletAuthenticationMechanismMapper.java
+++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityServletAuthenticationMechanismMapper.java
@@ -20,6 +20,7 @@ import javax.enterprise.context.ApplicationScoped;
 import javax.enterprise.context.Initialized;
 import javax.enterprise.event.Observes;
 import javax.enterprise.inject.spi.CDI;
+import javax.inject.Inject;
 import javax.security.enterprise.authentication.mechanism.http.BasicAuthenticationMechanismDefinition;
 import javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism;
 import javax.servlet.ServletContext;
@@ -31,6 +32,9 @@ import java.util.concurrent.ConcurrentHashMap;
 public class TomEESecurityServletAuthenticationMechanismMapper {
     private final Map<String, HttpAuthenticationMechanism> servletAuthenticationMapper = new ConcurrentHashMap<>();
 
+    @Inject
+    private DefaultAuthenticationMechanism defaultAuthenticationMechanism;
+
     public void init(@Observes @Initialized(ApplicationScoped.class) final ServletContext context) {
         final Map<String, ? extends ServletRegistration> servletRegistrations = context.getServletRegistrations();
         servletRegistrations.forEach((servletName, servletRegistration) -> {
@@ -47,6 +51,6 @@ public class TomEESecurityServletAuthenticationMechanismMapper {
     }
 
     public HttpAuthenticationMechanism getCurrentAuthenticationMechanism(final String servletName) {
-        return servletAuthenticationMapper.get(servletName);
+        return servletAuthenticationMapper.getOrDefault(servletName, defaultAuthenticationMechanism);
     }
 }
diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/servlet/TomEESecurityServletContainerInitializer.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/servlet/TomEESecurityServletContainerInitializer.java
index 7eba191..6dc9b25 100644
--- a/tomee/tomee-security/src/main/java/org/apache/tomee/security/servlet/TomEESecurityServletContainerInitializer.java
+++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/servlet/TomEESecurityServletContainerInitializer.java
@@ -16,23 +16,27 @@
  */
 package org.apache.tomee.security.servlet;
 
+import org.apache.tomee.security.cdi.TomEESecurityExtension;
 import org.apache.tomee.security.provider.TomEESecurityAuthConfigProvider;
 
 import javax.enterprise.inject.spi.CDI;
+import javax.inject.Inject;
 import javax.security.auth.message.config.AuthConfigFactory;
-import javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism;
 import javax.servlet.ServletContainerInitializer;
 import javax.servlet.ServletContext;
 import javax.servlet.ServletException;
+import java.util.Optional;
 import java.util.Set;
 
 public class TomEESecurityServletContainerInitializer implements ServletContainerInitializer {
     @Override
     public void onStartup(final Set<Class<?>> c, final ServletContext ctx) throws ServletException {
-        if (CDI.current().select(HttpAuthenticationMechanism.class).isResolvable()) {
-            AuthConfigFactory.getFactory()
-                             .registerConfigProvider(new TomEESecurityAuthConfigProvider(), null, null,
-                                                     "TomEE Security JSR-375");
-        }
+        Optional.ofNullable(CDI.current().getBeanManager().getExtension(TomEESecurityExtension.class))
+                .map(TomEESecurityExtension::hasAuthenticationMechanisms)
+                .filter(has -> has.equals(true))
+                .ifPresent(has -> AuthConfigFactory.getFactory()
+                                                   .registerConfigProvider(new TomEESecurityAuthConfigProvider(),
+                                                                           null, null,
+                                                                           "TomEE Security JSR-375"));
     }
 }