svn commit: r1845912 - in /openwebbeans/trunk: webbeans-spi/src/main/java/org/apache/webbeans/spi/SecurityService.java webbeans-tomcat7/src/main/java/org/apache/webbeans/web/tomcat7/TomcatSecurityService.java

Tue, 06 Nov 2018 05:12:56 -0800 

Author: rmannibucau
Date: Tue Nov  6 13:12:38 2018
New Revision: 1845912

URL: http://svn.apache.org/viewvc?rev=1845912&view=rev
Log:
OWB-1269 ensure TomcatSecurityService principal is contextual

Modified:
    
openwebbeans/trunk/webbeans-spi/src/main/java/org/apache/webbeans/spi/SecurityService.java
    
openwebbeans/trunk/webbeans-tomcat7/src/main/java/org/apache/webbeans/web/tomcat7/TomcatSecurityService.java

Modified: 
openwebbeans/trunk/webbeans-spi/src/main/java/org/apache/webbeans/spi/SecurityService.java
URL: 
http://svn.apache.org/viewvc/openwebbeans/trunk/webbeans-spi/src/main/java/org/apache/webbeans/spi/SecurityService.java?rev=1845912&r1=1845911&r2=1845912&view=diff
==============================================================================
--- 
openwebbeans/trunk/webbeans-spi/src/main/java/org/apache/webbeans/spi/SecurityService.java
 (original)
+++ 
openwebbeans/trunk/webbeans-spi/src/main/java/org/apache/webbeans/spi/SecurityService.java
 Tue Nov  6 13:12:38 2018
@@ -42,7 +42,9 @@ import java.util.Properties;
 public interface SecurityService
 {
     /**
-     * Gets the current caller identity.
+     * Gets the current caller identity. Note that it must be a contextual 
(proxy) instance
+     * to respect the scope of the enclosing bean.
+     *
      * @return current caller identity or <code>null</code> if none provided.
      */
     Principal getCurrentPrincipal();

Modified: 
openwebbeans/trunk/webbeans-tomcat7/src/main/java/org/apache/webbeans/web/tomcat7/TomcatSecurityService.java
URL: 
http://svn.apache.org/viewvc/openwebbeans/trunk/webbeans-tomcat7/src/main/java/org/apache/webbeans/web/tomcat7/TomcatSecurityService.java?rev=1845912&r1=1845911&r2=1845912&view=diff
==============================================================================
--- 
openwebbeans/trunk/webbeans-tomcat7/src/main/java/org/apache/webbeans/web/tomcat7/TomcatSecurityService.java
 (original)
+++ 
openwebbeans/trunk/webbeans-tomcat7/src/main/java/org/apache/webbeans/web/tomcat7/TomcatSecurityService.java
 Tue Nov  6 13:12:38 2018
@@ -18,6 +18,8 @@
  */
 package org.apache.webbeans.web.tomcat7;
 
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Proxy;
 import java.security.Principal;
 
 import org.apache.webbeans.corespi.security.SimpleSecurityService;
@@ -25,10 +27,37 @@ import org.apache.webbeans.corespi.secur
 public class TomcatSecurityService extends SimpleSecurityService
 {
 
+    private final Principal proxy = 
Principal.class.cast(Proxy.newProxyInstance(
+            TomcatSecurityService.class.getClassLoader(),
+            new Class<?>[]{Principal.class, Unwrap.class}, (proxy, method, 
args) ->
+            {
+                try
+                {
+                    final Principal principal = 
TomcatSecurityFilter.getPrincipal();
+                    if (principal == null)
+                    {
+                        return null;
+                    }
+                    if (Unwrap.class == method.getDeclaringClass())
+                    {
+                        return principal;
+                    }
+                    return method.invoke(principal, args);
+                }
+                catch (final InvocationTargetException ite)
+                {
+                    throw ite.getTargetException();
+                }
+            }));
+
     @Override
     public Principal getCurrentPrincipal()
     {
-        return TomcatSecurityFilter.getPrincipal();
+        return proxy;
     }
 
+    public interface Unwrap
+    {
+        Principal get();
+    }
 }

Reply via email to