You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by rm...@apache.org on 2016/08/30 07:30:45 UTC
tomee git commit: trying to enforce for security context cleanup
Repository: tomee
Updated Branches:
refs/heads/master 07a1b8aa3 -> a52405e56
trying to enforce for security context cleanup
Project: http://git-wip-us.apache.org/repos/asf/tomee/repo
Commit: http://git-wip-us.apache.org/repos/asf/tomee/commit/a52405e5
Tree: http://git-wip-us.apache.org/repos/asf/tomee/tree/a52405e5
Diff: http://git-wip-us.apache.org/repos/asf/tomee/diff/a52405e5
Branch: refs/heads/master
Commit: a52405e56dab47ee082dfc55eecaff3d3ca96557
Parents: 07a1b8a
Author: Romain manni-Bucau <rm...@gmail.com>
Authored: Tue Aug 30 09:30:41 2016 +0200
Committer: Romain manni-Bucau <rm...@gmail.com>
Committed: Tue Aug 30 09:30:41 2016 +0200
----------------------------------------------------------------------
.../org/apache/openejb/threads/task/CUTask.java | 55 +++++++++++++++++---
.../server/cxf/OpenEJBLoginValidator.java | 3 +-
.../httpd/BasicAuthHttpListenerWrapper.java | 22 +++++---
3 files changed, 63 insertions(+), 17 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/tomee/blob/a52405e5/container/openejb-core/src/main/java/org/apache/openejb/threads/task/CUTask.java
----------------------------------------------------------------------
diff --git a/container/openejb-core/src/main/java/org/apache/openejb/threads/task/CUTask.java b/container/openejb-core/src/main/java/org/apache/openejb/threads/task/CUTask.java
index 756c58d..e3bef03 100644
--- a/container/openejb-core/src/main/java/org/apache/openejb/threads/task/CUTask.java
+++ b/container/openejb-core/src/main/java/org/apache/openejb/threads/task/CUTask.java
@@ -22,6 +22,9 @@ import org.apache.openejb.core.ivm.ClientSecurity;
import org.apache.openejb.core.security.AbstractSecurityService;
import org.apache.openejb.loader.SystemInstance;
import org.apache.openejb.spi.SecurityService;
+import org.apache.openejb.util.Join;
+import org.apache.openejb.util.LogCategory;
+import org.apache.openejb.util.Logger;
import javax.security.auth.login.LoginException;
import java.util.ArrayList;
@@ -204,22 +207,48 @@ public abstract class CUTask<T> extends ManagedTaskListenerTask implements Compa
}
public void exit() {
+ Collection<RuntimeException> errors = null;
+
// exit tasks are designed to be in execution added post tasks so execution them before next ones
// ie inversed ordered compared to init phase
if (exitTasks != null) {
- for (Runnable r : exitTasks) {
- r.run();
+ for (final Runnable r : exitTasks) {
+ try {
+ r.run();
+ } catch (final RuntimeException re) {
+ if (errors == null) {
+ errors = new ArrayList<>();
+ }
+ errors.add(re);
+ Logger.getInstance(LogCategory.OPENEJB, CUTask.class).warning(re.getMessage(), re);
+ }
}
}
if (threadContext != null) { // ensure we use the same condition as point A, see OPENEJB-2109
- ThreadContext.exit(currentContext.threadContext);
+ try {
+ ThreadContext.exit(currentContext.threadContext);
+ } catch (final RuntimeException re) {
+ if (errors == null) {
+ errors = new ArrayList<>();
+ }
+ errors.add(re);
+ Logger.getInstance(LogCategory.OPENEJB, CUTask.class).warning(re.getMessage(), re);
+ }
}
- if (!associate) {
- SECURITY_SERVICE.setState(currentContext.securityServiceState);
- } else {
- SECURITY_SERVICE.disassociate();
+ try {
+ if (!associate) {
+ SECURITY_SERVICE.setState(currentContext.securityServiceState);
+ } else {
+ SECURITY_SERVICE.disassociate();
+ }
+ } catch (final RuntimeException re) {
+ if (errors == null) {
+ errors = new ArrayList<>();
+ }
+ errors.add(re);
+ Logger.getInstance(LogCategory.OPENEJB, CUTask.class).warning(re.getMessage(), re);
}
/* propagation of CDI context seems wrong
@@ -236,6 +265,18 @@ public abstract class CUTask<T> extends ManagedTaskListenerTask implements Compa
CURRENT.set(currentContext.stack);
}
currentContext = null;
+
+ if (errors != null) {
+ if (errors.size() == 1) {
+ throw errors.iterator().next();
+ }
+ throw new OpenEJBRuntimeException(Join.join("\n", new Join.NameCallback<RuntimeException>() {
+ @Override
+ public String getName(final RuntimeException object) {
+ return object.getMessage();
+ }
+ }, errors));
+ }
}
public void pushExitTask(final Runnable runnable) {
http://git-wip-us.apache.org/repos/asf/tomee/blob/a52405e5/server/openejb-cxf/src/main/java/org/apache/openejb/server/cxf/OpenEJBLoginValidator.java
----------------------------------------------------------------------
diff --git a/server/openejb-cxf/src/main/java/org/apache/openejb/server/cxf/OpenEJBLoginValidator.java b/server/openejb-cxf/src/main/java/org/apache/openejb/server/cxf/OpenEJBLoginValidator.java
index fd7a518..1c6fc77 100644
--- a/server/openejb-cxf/src/main/java/org/apache/openejb/server/cxf/OpenEJBLoginValidator.java
+++ b/server/openejb-cxf/src/main/java/org/apache/openejb/server/cxf/OpenEJBLoginValidator.java
@@ -55,8 +55,7 @@ public class OpenEJBLoginValidator extends UsernameTokenValidator {
if (AbstractSecurityService.class.isInstance(securityService) && AbstractSecurityService.class.cast(securityService).currentState() == null) {
securityService.associate(token);
}
-
- } catch (LoginException e) {
+ } catch (final LoginException e) {
throw new SecurityException("cannot log user " + user, e);
}
}
http://git-wip-us.apache.org/repos/asf/tomee/blob/a52405e5/server/openejb-http/src/main/java/org/apache/openejb/server/httpd/BasicAuthHttpListenerWrapper.java
----------------------------------------------------------------------
diff --git a/server/openejb-http/src/main/java/org/apache/openejb/server/httpd/BasicAuthHttpListenerWrapper.java b/server/openejb-http/src/main/java/org/apache/openejb/server/httpd/BasicAuthHttpListenerWrapper.java
index 885b8e2..cfd01dd 100644
--- a/server/openejb-http/src/main/java/org/apache/openejb/server/httpd/BasicAuthHttpListenerWrapper.java
+++ b/server/openejb-http/src/main/java/org/apache/openejb/server/httpd/BasicAuthHttpListenerWrapper.java
@@ -61,14 +61,20 @@ public class BasicAuthHttpListenerWrapper implements HttpListener {
}
}
- if (token != null || HttpRequest.Method.GET.name().equals(request.getMethod())) {
- httpListener.onMessage(request, response);
- } else {
- // login failed, return 401
- }
-
- if (token != null) {
- getSecurityService().disassociate();
+ try {
+ if (token != null || HttpRequest.Method.GET.name().equals(request.getMethod())) {
+ httpListener.onMessage(request, response);
+ } else {
+ // login failed, return 401
+ }
+ } finally {
+ if (token != null) {
+ final SecurityService securityService = getSecurityService();
+ final Object disassociate = securityService.disassociate();
+ if (disassociate != null) {
+ securityService.logout(disassociate);
+ }
+ }
}
}