First impl of TOMEE-1487
Project: http://git-wip-us.apache.org/repos/asf/tomee/repo Commit: http://git-wip-us.apache.org/repos/asf/tomee/commit/4b4447af Tree: http://git-wip-us.apache.org/repos/asf/tomee/tree/4b4447af Diff: http://git-wip-us.apache.org/repos/asf/tomee/diff/4b4447af Branch: refs/heads/develop Commit: 4b4447afe173cb06d0bea241fca031e0e8b5f3ba Parents: a700640 Author: Jean-Louis Monteiro <[email protected]> Authored: Thu Jan 8 00:53:23 2015 +0100 Committer: Jean-Louis Monteiro <[email protected]> Committed: Thu Jan 8 14:57:00 2015 +0100 ---------------------------------------------------------------------- .../arquillian-tomee-webprofile-tests/pom.xml | 6 + .../tests/realm/CdiEventRealmIntegTest.java | 124 ++++++++++++ .../tests/realm/CdiEventRealmTest.java | 191 ++++++++++++++++++ .../tomee/catalina/realm/CdiEventRealm.java | 193 +++++++++++++++++++ .../realm/event/BaseAuthenticationEvent.java | 32 +++ .../realm/event/DigestAuthenticationEvent.java | 76 ++++++++ .../event/FindSecurityConstraintsEvent.java | 52 +++++ .../realm/event/GssAuthenticationEvent.java | 38 ++++ .../realm/event/HasResourcePermissionEvent.java | 63 ++++++ .../catalina/realm/event/HasRoleEvent.java | 55 ++++++ .../realm/event/HasUserDataPermissionEvent.java | 55 ++++++ .../realm/event/SslAuthenticationEvent.java | 32 +++ .../event/UserPasswordAuthenticationEvent.java | 37 ++++ 13 files changed, 954 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/tomee/blob/4b4447af/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/pom.xml ---------------------------------------------------------------------- diff --git a/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/pom.xml b/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/pom.xml index dcba88a..fa422fa 100644 --- a/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/pom.xml +++ b/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/pom.xml @@ -35,6 +35,12 @@ <groupId>org.apache.commons</groupId> <version>${commons-lang3.version}</version> </dependency> + <dependency> + <groupId>org.mockito</groupId> + <artifactId>mockito-all</artifactId> + <version>1.9.5</version> + <scope>test</scope> + </dependency> </dependencies> <build> http://git-wip-us.apache.org/repos/asf/tomee/blob/4b4447af/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/realm/CdiEventRealmIntegTest.java ---------------------------------------------------------------------- diff --git a/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/realm/CdiEventRealmIntegTest.java b/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/realm/CdiEventRealmIntegTest.java new file mode 100644 index 0000000..d8c1b06 --- /dev/null +++ b/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/realm/CdiEventRealmIntegTest.java @@ -0,0 +1,124 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.openejb.arquillian.tests.realm; + +import jdk.nashorn.internal.ir.annotations.Ignore; +import org.apache.catalina.authenticator.BasicAuthenticator; +import org.apache.catalina.realm.GenericPrincipal; +import org.apache.cxf.jaxrs.client.WebClient; +import org.apache.tomee.catalina.realm.CdiEventRealm; +import org.apache.tomee.catalina.realm.event.UserPasswordAuthenticationEvent; +import org.jboss.arquillian.container.test.api.Deployment; +import org.jboss.arquillian.junit.Arquillian; +import org.jboss.arquillian.test.api.ArquillianResource; +import org.jboss.shrinkwrap.api.Archive; +import org.jboss.shrinkwrap.api.ShrinkWrap; +import org.jboss.shrinkwrap.api.asset.EmptyAsset; +import org.jboss.shrinkwrap.api.asset.StringAsset; +import org.jboss.shrinkwrap.api.spec.WebArchive; +import org.junit.Test; +import org.junit.runner.RunWith; + +import javax.annotation.security.RolesAllowed; +import javax.ejb.Singleton; +import javax.enterprise.context.RequestScoped; +import javax.enterprise.event.Observes; +import javax.inject.Inject; +import javax.ws.rs.GET; +import javax.ws.rs.Path; +import javax.ws.rs.core.Response; +import java.net.URL; +import java.util.Arrays; + +import static org.junit.Assert.assertEquals; + +@RunWith(Arquillian.class) +@Ignore +public class CdiEventRealmIntegTest +{ + @Deployment(testable = false) + public static Archive<?> war() { + return ShrinkWrap.create(WebArchive.class, "realm-test.war") + .addClasses(MultiAuthenticator.class, MyService.class) + .addAsWebResource(EmptyAsset.INSTANCE, "beans.xml") + .addAsManifestResource(new StringAsset("<Context preemptive=\"true\" antiJARLocking=\"true\">\n" + + "<Valve className=\"" + BasicAuthenticator.class.getName() + "\" />\n" + + "<Realm className=\"" + CdiEventRealm.class.getName() + "\" />\n" + + "</Context>"), "context.xml"); + } + + @ArquillianResource + private URL webapp; + + @Test + public void success() { + final String val = WebClient.create(webapp.toExternalForm(), "admin", "secret", null) + .path("/test").get(String.class); + + assertEquals("ok", val); + } + + @Test + public void notAuthorized() { + final Response val = WebClient.create(webapp.toExternalForm(), "user", "secret", null) + .path("/test").get(); + + assertEquals(403, val.getStatus()); + } + + @Test + public void notAuthenticated() { + final Response val = WebClient.create(webapp.toExternalForm(), "admin", "bla bla", null) + .path("/test").get(); + + assertEquals(401, val.getStatus()); + } + + + @Path("/test") + @Singleton + public static class MyService { + @Inject + private MultiAuthenticator authenticator; + + @GET + @RolesAllowed("admin") + public String hello() { + return authenticator.stacked ? "ok" : "ko"; + } + } + + @RequestScoped + public static class MultiAuthenticator { + private boolean stacked = false; + + public void authenticate(@Observes final UserPasswordAuthenticationEvent event) { + System.err.println(">> enter > " + event.getUsername()); + assertEquals("secret", event.getCredential()); + event.setPrincipal(new GenericPrincipal(event.getUsername(), "", Arrays.asList(event.getUsername()))); + } + + public void stacked(@Observes final UserPasswordAuthenticationEvent event) { + stacked = true; + } + + public boolean isStacked() { + return stacked; + } + } + +} http://git-wip-us.apache.org/repos/asf/tomee/blob/4b4447af/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/realm/CdiEventRealmTest.java ---------------------------------------------------------------------- diff --git a/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/realm/CdiEventRealmTest.java b/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/realm/CdiEventRealmTest.java new file mode 100644 index 0000000..c9e1b9e --- /dev/null +++ b/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/realm/CdiEventRealmTest.java @@ -0,0 +1,191 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.openejb.arquillian.tests.realm; + +import org.apache.catalina.Context; +import org.apache.catalina.Wrapper; +import org.apache.catalina.connector.Request; +import org.apache.catalina.connector.Response; +import org.apache.catalina.realm.GenericPrincipal; +import org.apache.openejb.jee.WebApp; +import org.apache.openejb.junit.ApplicationComposer; +import org.apache.openejb.testing.Classes; +import org.apache.openejb.testing.Module; +import org.apache.tomcat.util.descriptor.web.SecurityConstraint; +import org.apache.tomee.catalina.realm.CdiEventRealm; +import org.apache.tomee.catalina.realm.event.DigestAuthenticationEvent; +import org.apache.tomee.catalina.realm.event.FindSecurityConstraintsEvent; +import org.apache.tomee.catalina.realm.event.GssAuthenticationEvent; +import org.apache.tomee.catalina.realm.event.HasResourcePermissionEvent; +import org.apache.tomee.catalina.realm.event.HasRoleEvent; +import org.apache.tomee.catalina.realm.event.HasUserDataPermissionEvent; +import org.apache.tomee.catalina.realm.event.SslAuthenticationEvent; +import org.apache.tomee.catalina.realm.event.UserPasswordAuthenticationEvent; +import org.ietf.jgss.GSSContext; +import org.junit.Test; +import org.junit.runner.RunWith; + +import javax.enterprise.event.Observes; +import java.io.IOException; +import java.security.Principal; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; +import java.util.concurrent.atomic.AtomicInteger; + +import static org.junit.Assert.assertArrayEquals; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertTrue; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; + +@RunWith(ApplicationComposer.class) +public class CdiEventRealmTest { + + @Module + @Classes(cdi = true, innerClassesAsBean = true) + public WebApp app() { + return new WebApp(); + } + + @Test + public void userPassword() { + final GenericPrincipal gp = getGenericPrincipal(new CdiEventRealm().authenticate("john", "secret")); + assertEquals("john", gp.getName()); + assertEquals("", gp.getPassword()); + assertEquals(1, gp.getRoles().length); + assertEquals("admin", gp.getRoles()[0]); + } + + @Test + public void digest() { + final GenericPrincipal gp = getGenericPrincipal(new CdiEventRealm().authenticate("ryan", "md5", "nonce", "nc", "cnonce", "qop", "realm", "md5a2")); + final String[] actual = gp.getRoles(); + final String[] expected = new String[] {"ryan", "md5", "nonce", "nc", "cnonce", "qop", "realm", "md5a2"}; + + Arrays.sort(actual); + Arrays.sort(expected); + + assertArrayEquals(actual, expected); + } + + @Test + public void gss() { + final GenericPrincipal gp = getGenericPrincipal(new CdiEventRealm().authenticate(mock(GSSContext.class), false)); + assertEquals("gss", gp.getName()); + assertEquals("", gp.getPassword()); + assertEquals(1, gp.getRoles().length); + assertEquals("dummy", gp.getRoles()[0]); + } + + @Test + public void ssl() { + X509Certificate cert = mock(X509Certificate.class); + GenericPrincipal expected = new GenericPrincipal("john", "doe", Arrays.asList("test")); + when(cert.getSubjectDN()).thenReturn(expected); + final GenericPrincipal gp = getGenericPrincipal(new CdiEventRealm().authenticate(new X509Certificate[] { cert })); + assertEquals(expected, gp); + assertEquals("john", gp.getName()); + assertEquals("doe", gp.getPassword()); + assertEquals(1, gp.getRoles().length); + assertEquals("test", gp.getRoles()[0]); + } + + @Test + public void find() { + final SecurityConstraint[] securityConstraints = new CdiEventRealm().findSecurityConstraints(mock(Request.class), mock(Context.class)); + assertEquals(1, securityConstraints.length); + assertEquals("awesome", securityConstraints[0].getDisplayName()); + } + + @Test + public void has() throws IOException { + new CdiEventRealm().hasResourcePermission(mock(Request.class), mock(Response.class), new SecurityConstraint[0], mock(Context.class)); + new CdiEventRealm().hasRole(mock(Wrapper.class), mock(Principal.class), "admin"); + new CdiEventRealm().hasUserDataPermission(mock(Request.class), mock(Response.class), new SecurityConstraint[0]); + + assertEquals(1, MultiAuthenticator.hasResourcePermission.get()); + assertEquals(1, MultiAuthenticator.hasRole.get()); + assertEquals(1, MultiAuthenticator.hasUserDataPermission.get()); + } + + private GenericPrincipal getGenericPrincipal(Principal principal) { + assertNotNull(principal); + assertTrue(GenericPrincipal.class.isInstance(principal)); + return GenericPrincipal.class.cast(principal); + } + + public static class MultiAuthenticator { + + public static final AtomicInteger hasRole = new AtomicInteger(0); + public static final AtomicInteger hasResourcePermission = new AtomicInteger(0); + public static final AtomicInteger hasUserDataPermission = new AtomicInteger(0); + + public void authenticate(@Observes final UserPasswordAuthenticationEvent event) { + assertEquals("john", event.getUsername()); + assertEquals("secret", event.getCredential()); + event.setPrincipal(new GenericPrincipal(event.getUsername(), "", Arrays.asList("admin"))); + } + + public void authenticate(@Observes final DigestAuthenticationEvent event) { + final List<String> roles = new ArrayList<>(); + roles.add(event.getCnonce()); + roles.add(event.getDigest()); + roles.add(event.getMd5a2()); + roles.add(event.getNc()); + roles.add(event.getNonce()); + roles.add(event.getQop()); + roles.add(event.getRealm()); + roles.add(event.getUsername()); + event.setPrincipal(new GenericPrincipal(event.getUsername(), "", roles)); + } + + public void authenticate(@Observes final GssAuthenticationEvent event) { + assertNotNull(event.getGssContext()); + event.setPrincipal(new GenericPrincipal("gss", "", Arrays.asList("dummy"))); + } + + public void authenticate(@Observes final SslAuthenticationEvent event) { + event.setPrincipal(event.getCerts()[0].getSubjectDN()); + } + + public void findSecurityConstraints(@Observes FindSecurityConstraintsEvent event) { + SecurityConstraint mock = mock(SecurityConstraint.class); + when(mock.getDisplayName()).thenReturn("awesome"); + event.addSecurityConstraint(mock); + } + + public void hasResourcePermission(@Observes HasResourcePermissionEvent event) throws IOException { + hasResourcePermission.incrementAndGet(); + event.setHasResourcePermission(true); + } + + public void hasRole(@Observes final HasRoleEvent event) { + hasRole.incrementAndGet(); + event.setHasRole(true); + } + + public void hasUserDataPermission(@Observes final HasUserDataPermissionEvent event) throws IOException { + hasUserDataPermission.incrementAndGet(); + event.setHasUserDataPermission(true); + } + + } + +} http://git-wip-us.apache.org/repos/asf/tomee/blob/4b4447af/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/CdiEventRealm.java ---------------------------------------------------------------------- diff --git a/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/CdiEventRealm.java b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/CdiEventRealm.java new file mode 100644 index 0000000..33d1c6b --- /dev/null +++ b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/CdiEventRealm.java @@ -0,0 +1,193 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.tomee.catalina.realm; + +import org.apache.catalina.Container; +import org.apache.catalina.Context; +import org.apache.catalina.CredentialHandler; +import org.apache.catalina.Realm; +import org.apache.catalina.Wrapper; +import org.apache.catalina.connector.Request; +import org.apache.catalina.connector.Response; +import org.apache.tomcat.util.descriptor.web.SecurityConstraint; +import org.apache.tomee.catalina.realm.event.DigestAuthenticationEvent; +import org.apache.tomee.catalina.realm.event.FindSecurityConstraintsEvent; +import org.apache.tomee.catalina.realm.event.GssAuthenticationEvent; +import org.apache.tomee.catalina.realm.event.HasResourcePermissionEvent; +import org.apache.tomee.catalina.realm.event.HasRoleEvent; +import org.apache.tomee.catalina.realm.event.HasUserDataPermissionEvent; +import org.apache.tomee.catalina.realm.event.SslAuthenticationEvent; +import org.apache.tomee.catalina.realm.event.UserPasswordAuthenticationEvent; +import org.apache.webbeans.config.WebBeansContext; +import org.ietf.jgss.GSSContext; + +import javax.enterprise.inject.spi.BeanManager; +import java.beans.PropertyChangeListener; +import java.beans.PropertyChangeSupport; +import java.io.IOException; +import java.security.Principal; +import java.security.cert.X509Certificate; + +/** + * This simple CDI based realm gives the ability to send events a webapp can react to in order to authenticate the user. + * + * There is one different event per credential types to make it easier to implement. + */ +public class CdiEventRealm implements Realm { + + protected Container container = null; + protected final PropertyChangeSupport support = new PropertyChangeSupport(this); + private CredentialHandler credentialHandler; + + + @Override + public Principal authenticate(final String username, final String credentials) { + if (beanManager() == null) { + return null; + } + + final UserPasswordAuthenticationEvent event = new UserPasswordAuthenticationEvent(username, credentials); + beanManager().fireEvent(event); + return event.getPrincipal(); + } + + @Override + public Principal authenticate(final String username, final String digest, final String nonce, final String nc, + final String cnonce, final String qop, final String realm, final String md5a2) { + if (beanManager() == null) { + return null; + } + + final DigestAuthenticationEvent event = new DigestAuthenticationEvent(username, digest, nonce, nc, + cnonce, qop, realm, md5a2); + beanManager().fireEvent(event); + return event.getPrincipal(); + } + + @Override + public Principal authenticate(final GSSContext gssContext, final boolean storeCreds) { + if (beanManager() == null) { + return null; + } + + final GssAuthenticationEvent event = new GssAuthenticationEvent(gssContext, storeCreds); + beanManager().fireEvent(event); + return event.getPrincipal(); + } + + @Override + public Principal authenticate(final X509Certificate[] certs) { + if (beanManager() == null) { + return null; + } + + final SslAuthenticationEvent event = new SslAuthenticationEvent(certs); + beanManager().fireEvent(event); + return event.getPrincipal(); + } + + @Override + public void backgroundProcess() { + // no-op for now + } + + @Override + public SecurityConstraint[] findSecurityConstraints(final Request request, final Context context) { + if (beanManager() == null) { + return null; + } + + final FindSecurityConstraintsEvent event = new FindSecurityConstraintsEvent(request, context); + beanManager().fireEvent(event); + return event.getSecurityConstraints(); + } + + @Override + public boolean hasResourcePermission(final Request request, final Response response, + final SecurityConstraint[] constraint, + final Context context) throws IOException { + if (beanManager() == null) { + return false; + } + + final HasResourcePermissionEvent event = new HasResourcePermissionEvent(request, response, constraint, context); + beanManager().fireEvent(event); + return event.isHasResourcePermission(); + } + + @Override + public boolean hasRole(final Wrapper wrapper, final Principal principal, final String role) { + if (beanManager() == null) { + return false; + } + + final HasRoleEvent event = new HasRoleEvent(wrapper, principal, role); + beanManager().fireEvent(event); + return event.isHasRole(); + } + + @Override + public boolean hasUserDataPermission(final Request request, final Response response, final SecurityConstraint[] constraint) throws IOException { + if (beanManager() == null) { + return false; + } + + final HasUserDataPermissionEvent event = new HasUserDataPermissionEvent(request, response, constraint); + beanManager().fireEvent(event); + return event.isHasUserDataPermission(); + } + + @Override + public Container getContainer() { + return (container); + } + + @Override + public void setContainer(final Container container) { + Container oldContainer = this.container; + this.container = container; + support.firePropertyChange("container", oldContainer, this.container); + } + + @Override + public CredentialHandler getCredentialHandler() { + return credentialHandler; + } + + @Override + public void setCredentialHandler(final CredentialHandler credentialHandler) { + this.credentialHandler = credentialHandler; + } + + @Override + public void addPropertyChangeListener(final PropertyChangeListener listener) { + support.addPropertyChangeListener(listener); + } + + @Override + public void removePropertyChangeListener(final PropertyChangeListener listener) { + support.removePropertyChangeListener(listener); + } + + private BeanManager beanManager() { + final WebBeansContext webBeansContext = WebBeansContext.currentInstance(); + if (webBeansContext == null) { + return null; // too early to have a cdi bean + } + return webBeansContext.getBeanManagerImpl(); + } +} http://git-wip-us.apache.org/repos/asf/tomee/blob/4b4447af/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/BaseAuthenticationEvent.java ---------------------------------------------------------------------- diff --git a/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/BaseAuthenticationEvent.java b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/BaseAuthenticationEvent.java new file mode 100644 index 0000000..d191b63 --- /dev/null +++ b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/BaseAuthenticationEvent.java @@ -0,0 +1,32 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.tomee.catalina.realm.event; + +import java.security.Principal; + +public abstract class BaseAuthenticationEvent { + + private Principal principal; + + public Principal getPrincipal() { + return principal; + } + + public void setPrincipal(Principal principal) { + this.principal = principal; + } +} http://git-wip-us.apache.org/repos/asf/tomee/blob/4b4447af/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/DigestAuthenticationEvent.java ---------------------------------------------------------------------- diff --git a/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/DigestAuthenticationEvent.java b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/DigestAuthenticationEvent.java new file mode 100644 index 0000000..76508c2 --- /dev/null +++ b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/DigestAuthenticationEvent.java @@ -0,0 +1,76 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.tomee.catalina.realm.event; + +import org.apache.tomee.catalina.realm.event.BaseAuthenticationEvent; + +public class DigestAuthenticationEvent extends BaseAuthenticationEvent { + + private final String username; + private final String digest; + private final String nonce; + private final String nc; + private final String cnonce; + private final String qop; + private final String realm; + private final String md5a2; + + public DigestAuthenticationEvent(final String username, final String digest, final String nonce, final String nc, + final String cnonce, final String qop, final String realm, final String md5a2) { + + this.username = username; + this.digest = digest; + this.nonce = nonce; + this.nc = nc; + this.cnonce = cnonce; + this.qop = qop; + this.realm = realm; + this.md5a2 = md5a2; + } + + public String getUsername() { + return username; + } + + public String getDigest() { + return digest; + } + + public String getNonce() { + return nonce; + } + + public String getNc() { + return nc; + } + + public String getCnonce() { + return cnonce; + } + + public String getQop() { + return qop; + } + + public String getRealm() { + return realm; + } + + public String getMd5a2() { + return md5a2; + } +} http://git-wip-us.apache.org/repos/asf/tomee/blob/4b4447af/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/FindSecurityConstraintsEvent.java ---------------------------------------------------------------------- diff --git a/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/FindSecurityConstraintsEvent.java b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/FindSecurityConstraintsEvent.java new file mode 100644 index 0000000..6d5b3fb --- /dev/null +++ b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/FindSecurityConstraintsEvent.java @@ -0,0 +1,52 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.tomee.catalina.realm.event; + +import org.apache.catalina.Context; +import org.apache.catalina.connector.Request; +import org.apache.tomcat.util.descriptor.web.SecurityConstraint; + +import java.util.List; + +public class FindSecurityConstraintsEvent { + + private final Request request; + private final Context context; + private List<SecurityConstraint> securityConstraints; + + public FindSecurityConstraintsEvent(final Request request, final Context context) { + this.request = request; + this.context = context; + } + + public Request getRequest() { + return request; + } + + public Context getContext() { + return context; + } + + public boolean addSecurityConstraint(final SecurityConstraint constraint) { + return securityConstraints.add(constraint); + } + + public SecurityConstraint[] getSecurityConstraints() { + return securityConstraints.toArray(new SecurityConstraint[securityConstraints.size()]); + } + +} http://git-wip-us.apache.org/repos/asf/tomee/blob/4b4447af/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/GssAuthenticationEvent.java ---------------------------------------------------------------------- diff --git a/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/GssAuthenticationEvent.java b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/GssAuthenticationEvent.java new file mode 100644 index 0000000..61d6085 --- /dev/null +++ b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/GssAuthenticationEvent.java @@ -0,0 +1,38 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.tomee.catalina.realm.event; + +import org.ietf.jgss.GSSContext; + +public class GssAuthenticationEvent extends BaseAuthenticationEvent { + + private final GSSContext gssContext; + private final boolean storeCreds; + + public GssAuthenticationEvent(final GSSContext gssContext, final boolean storeCreds) { + this.gssContext = gssContext; + this.storeCreds = storeCreds; + } + + public GSSContext getGssContext() { + return gssContext; + } + + public boolean isStoreCreds() { + return storeCreds; + } +} http://git-wip-us.apache.org/repos/asf/tomee/blob/4b4447af/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/HasResourcePermissionEvent.java ---------------------------------------------------------------------- diff --git a/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/HasResourcePermissionEvent.java b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/HasResourcePermissionEvent.java new file mode 100644 index 0000000..2698874 --- /dev/null +++ b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/HasResourcePermissionEvent.java @@ -0,0 +1,63 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.tomee.catalina.realm.event; + +import org.apache.catalina.Context; +import org.apache.catalina.connector.Request; +import org.apache.catalina.connector.Response; +import org.apache.tomcat.util.descriptor.web.SecurityConstraint; + +public class HasResourcePermissionEvent { + + private final Request request; + private final Response response; + private final SecurityConstraint[] constraints; + private final Context context; + + private boolean hasResourcePermission; + + public HasResourcePermissionEvent(final Request request, final Response response, final SecurityConstraint[] constraints, final Context context) { + this.request = request; + this.response = response; + this.constraints = constraints; + this.context = context; + } + + public Request getRequest() { + return request; + } + + public Response getResponse() { + return response; + } + + public SecurityConstraint[] getConstraints() { + return constraints; + } + + public Context getContext() { + return context; + } + + public boolean isHasResourcePermission() { + return hasResourcePermission; + } + + public void setHasResourcePermission(boolean hasResourcePermission) { + this.hasResourcePermission = hasResourcePermission; + } +} http://git-wip-us.apache.org/repos/asf/tomee/blob/4b4447af/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/HasRoleEvent.java ---------------------------------------------------------------------- diff --git a/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/HasRoleEvent.java b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/HasRoleEvent.java new file mode 100644 index 0000000..4ca152d --- /dev/null +++ b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/HasRoleEvent.java @@ -0,0 +1,55 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.tomee.catalina.realm.event; + +import org.apache.catalina.Wrapper; + +import java.security.Principal; + +public class HasRoleEvent { + private final Wrapper wrapper; + private final Principal principal; + private final String role; + + private boolean hasRole; + + public HasRoleEvent(final Wrapper wrapper, final Principal principal, final String role) { + this.wrapper = wrapper; + this.principal = principal; + this.role = role; + } + + public Wrapper getWrapper() { + return wrapper; + } + + public Principal getPrincipal() { + return principal; + } + + public String getRole() { + return role; + } + + public boolean isHasRole() { + return hasRole; + } + + public void setHasRole(boolean hasRole) { + this.hasRole = hasRole; + } +} http://git-wip-us.apache.org/repos/asf/tomee/blob/4b4447af/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/HasUserDataPermissionEvent.java ---------------------------------------------------------------------- diff --git a/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/HasUserDataPermissionEvent.java b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/HasUserDataPermissionEvent.java new file mode 100644 index 0000000..f4f2a51 --- /dev/null +++ b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/HasUserDataPermissionEvent.java @@ -0,0 +1,55 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.tomee.catalina.realm.event; + +import org.apache.catalina.connector.Request; +import org.apache.catalina.connector.Response; +import org.apache.tomcat.util.descriptor.web.SecurityConstraint; + +public class HasUserDataPermissionEvent { + private final Request request; + private final Response response; + private final SecurityConstraint[] constraint; + + private boolean hasUserDataPermission; + + public HasUserDataPermissionEvent(final Request request, final Response response, final SecurityConstraint[] constraint) { + this.request = request; + this.response = response; + this.constraint = constraint; + } + + public Request getRequest() { + return request; + } + + public Response getResponse() { + return response; + } + + public SecurityConstraint[] getConstraint() { + return constraint; + } + + public boolean isHasUserDataPermission() { + return hasUserDataPermission; + } + + public void setHasUserDataPermission(boolean hasUserDataPermission) { + this.hasUserDataPermission = hasUserDataPermission; + } +} http://git-wip-us.apache.org/repos/asf/tomee/blob/4b4447af/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/SslAuthenticationEvent.java ---------------------------------------------------------------------- diff --git a/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/SslAuthenticationEvent.java b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/SslAuthenticationEvent.java new file mode 100644 index 0000000..f3a9553 --- /dev/null +++ b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/SslAuthenticationEvent.java @@ -0,0 +1,32 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.tomee.catalina.realm.event; + +import java.security.cert.X509Certificate; + +public class SslAuthenticationEvent extends BaseAuthenticationEvent { + + private final X509Certificate[] certs; + + public SslAuthenticationEvent(final X509Certificate[] certs) { + this.certs = certs; + } + + public X509Certificate[] getCerts() { + return certs; + } +} http://git-wip-us.apache.org/repos/asf/tomee/blob/4b4447af/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/UserPasswordAuthenticationEvent.java ---------------------------------------------------------------------- diff --git a/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/UserPasswordAuthenticationEvent.java b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/UserPasswordAuthenticationEvent.java new file mode 100644 index 0000000..e33a0b2 --- /dev/null +++ b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/UserPasswordAuthenticationEvent.java @@ -0,0 +1,37 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.tomee.catalina.realm.event; + +public class UserPasswordAuthenticationEvent extends BaseAuthenticationEvent { + + private final String username; + private final String credential; + + + public UserPasswordAuthenticationEvent(final String username, final String credential) { + this.username = username; + this.credential = credential; + } + + public String getUsername() { + return username; + } + + public String getCredential() { + return credential; + } +}
