You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by ra...@apache.org on 2019/01/09 17:26:11 UTC
[tomee] 23/48: TOMEE-2365 - Added a Default Authentication
Mechanism to passthrough request to Servlet that don't require
authentication.
This is an automated email from the ASF dual-hosted git repository.
radcortez pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomee.git
commit e83f7ff99f18f16cceb6fb01deb12d5af27248de
Author: Roberto Cortez <ra...@yahoo.com>
AuthorDate: Wed Dec 26 18:59:11 2018 +0000
TOMEE-2365 - Added a Default Authentication Mechanism to passthrough request to Servlet that don't require authentication.
---
.../cdi/DefaultAuthenticationMechanism.java | 48 ++++++++++++++++++++++
.../tomee/security/cdi/TomEESecurityExtension.java | 5 +++
...curityServletAuthenticationMechanismMapper.java | 6 ++-
.../TomEESecurityServletContainerInitializer.java | 16 +++++---
4 files changed, 68 insertions(+), 7 deletions(-)
diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/DefaultAuthenticationMechanism.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/DefaultAuthenticationMechanism.java
new file mode 100644
index 0000000..f7da0a6
--- /dev/null
+++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/DefaultAuthenticationMechanism.java
@@ -0,0 +1,48 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.security.cdi;
+
+import javax.enterprise.context.ApplicationScoped;
+import javax.security.enterprise.AuthenticationException;
+import javax.security.enterprise.AuthenticationStatus;
+import javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism;
+import javax.security.enterprise.authentication.mechanism.http.HttpMessageContext;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+@ApplicationScoped
+public class DefaultAuthenticationMechanism implements HttpAuthenticationMechanism {
+ @Override
+ public AuthenticationStatus validateRequest(final HttpServletRequest request, final HttpServletResponse response,
+ final HttpMessageContext httpMessageContext)
+ throws AuthenticationException {
+ return httpMessageContext.doNothing();
+ }
+
+ @Override
+ public AuthenticationStatus secureResponse(final HttpServletRequest request, final HttpServletResponse response,
+ final HttpMessageContext httpMessageContext)
+ throws AuthenticationException {
+ return null;
+ }
+
+ @Override
+ public void cleanSubject(final HttpServletRequest request, final HttpServletResponse response,
+ final HttpMessageContext httpMessageContext) {
+
+ }
+}
diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityExtension.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityExtension.java
index 3470bd2..712587e 100644
--- a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityExtension.java
+++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityExtension.java
@@ -49,6 +49,7 @@ public class TomEESecurityExtension implements Extension {
void observeBeforeBeanDiscovery(@Observes final BeforeBeanDiscovery beforeBeanDiscovery,
final BeanManager beanManager) {
if (basicAuthentication.isEmpty()) {
+ beforeBeanDiscovery.addAnnotatedType(beanManager.createAnnotatedType(DefaultAuthenticationMechanism.class));
beforeBeanDiscovery.addAnnotatedType(
beanManager.createAnnotatedType(TomEESecurityServletAuthenticationMechanismMapper.class));
beforeBeanDiscovery.addAnnotatedType(beanManager.createAnnotatedType(TomEEDefaultIdentityStore.class));
@@ -76,4 +77,8 @@ public class TomEESecurityExtension implements Extension {
});
}
}
+
+ public boolean hasAuthenticationMechanisms() {
+ return !basicAuthentication.isEmpty();
+ }
}
diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityServletAuthenticationMechanismMapper.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityServletAuthenticationMechanismMapper.java
index bbad8ef..836fff4 100644
--- a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityServletAuthenticationMechanismMapper.java
+++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityServletAuthenticationMechanismMapper.java
@@ -20,6 +20,7 @@ import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.context.Initialized;
import javax.enterprise.event.Observes;
import javax.enterprise.inject.spi.CDI;
+import javax.inject.Inject;
import javax.security.enterprise.authentication.mechanism.http.BasicAuthenticationMechanismDefinition;
import javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism;
import javax.servlet.ServletContext;
@@ -31,6 +32,9 @@ import java.util.concurrent.ConcurrentHashMap;
public class TomEESecurityServletAuthenticationMechanismMapper {
private final Map<String, HttpAuthenticationMechanism> servletAuthenticationMapper = new ConcurrentHashMap<>();
+ @Inject
+ private DefaultAuthenticationMechanism defaultAuthenticationMechanism;
+
public void init(@Observes @Initialized(ApplicationScoped.class) final ServletContext context) {
final Map<String, ? extends ServletRegistration> servletRegistrations = context.getServletRegistrations();
servletRegistrations.forEach((servletName, servletRegistration) -> {
@@ -47,6 +51,6 @@ public class TomEESecurityServletAuthenticationMechanismMapper {
}
public HttpAuthenticationMechanism getCurrentAuthenticationMechanism(final String servletName) {
- return servletAuthenticationMapper.get(servletName);
+ return servletAuthenticationMapper.getOrDefault(servletName, defaultAuthenticationMechanism);
}
}
diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/servlet/TomEESecurityServletContainerInitializer.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/servlet/TomEESecurityServletContainerInitializer.java
index 7eba191..6dc9b25 100644
--- a/tomee/tomee-security/src/main/java/org/apache/tomee/security/servlet/TomEESecurityServletContainerInitializer.java
+++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/servlet/TomEESecurityServletContainerInitializer.java
@@ -16,23 +16,27 @@
*/
package org.apache.tomee.security.servlet;
+import org.apache.tomee.security.cdi.TomEESecurityExtension;
import org.apache.tomee.security.provider.TomEESecurityAuthConfigProvider;
import javax.enterprise.inject.spi.CDI;
+import javax.inject.Inject;
import javax.security.auth.message.config.AuthConfigFactory;
-import javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism;
import javax.servlet.ServletContainerInitializer;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
+import java.util.Optional;
import java.util.Set;
public class TomEESecurityServletContainerInitializer implements ServletContainerInitializer {
@Override
public void onStartup(final Set<Class<?>> c, final ServletContext ctx) throws ServletException {
- if (CDI.current().select(HttpAuthenticationMechanism.class).isResolvable()) {
- AuthConfigFactory.getFactory()
- .registerConfigProvider(new TomEESecurityAuthConfigProvider(), null, null,
- "TomEE Security JSR-375");
- }
+ Optional.ofNullable(CDI.current().getBeanManager().getExtension(TomEESecurityExtension.class))
+ .map(TomEESecurityExtension::hasAuthenticationMechanisms)
+ .filter(has -> has.equals(true))
+ .ifPresent(has -> AuthConfigFactory.getFactory()
+ .registerConfigProvider(new TomEESecurityAuthConfigProvider(),
+ null, null,
+ "TomEE Security JSR-375"));
}
}