This is an automated email from the ASF dual-hosted git repository. radcortez pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomee.git
commit f1315f6c3eea5363272942415145ef34aab6c399 Author: Roberto Cortez <[email protected]> AuthorDate: Mon Dec 24 17:16:06 2018 +0000 TOMEE-2365 - Added default IdentityStore. --- tomee/tomee-security/pom.xml | 14 +++++ .../enterprise/identitystore/IdentityStore.java | 38 +++++++++++-- .../identitystore/TomEEDefaultIdentityStore.java | 64 ++++++++++++++++++++++ 3 files changed, 111 insertions(+), 5 deletions(-) diff --git a/tomee/tomee-security/pom.xml b/tomee/tomee-security/pom.xml index 09e19f3..a472bf6 100644 --- a/tomee/tomee-security/pom.xml +++ b/tomee/tomee-security/pom.xml @@ -37,8 +37,22 @@ <dependency> <groupId>org.apache.tomee</groupId> <artifactId>javaee-api</artifactId> + <scope>provided</scope> </dependency> <dependency> + <groupId>org.apache.tomcat</groupId> + <artifactId>tomcat-catalina</artifactId> + <scope>provided</scope> + </dependency> + <dependency> + <groupId>org.apache.tomee</groupId> + <artifactId>tomee-loader</artifactId> + <version>${project.version}</version> + <scope>provided</scope> + </dependency> + + <!-- Test --> + <dependency> <groupId>${project.groupId}</groupId> <artifactId>tomee-embedded</artifactId> <version>${project.version}</version> diff --git a/tomee/tomee-security/src/main/java/javax/security/enterprise/identitystore/IdentityStore.java b/tomee/tomee-security/src/main/java/javax/security/enterprise/identitystore/IdentityStore.java index badb400..36d2538 100644 --- a/tomee/tomee-security/src/main/java/javax/security/enterprise/identitystore/IdentityStore.java +++ b/tomee/tomee-security/src/main/java/javax/security/enterprise/identitystore/IdentityStore.java @@ -17,17 +17,45 @@ package javax.security.enterprise.identitystore; import javax.security.enterprise.credential.Credential; +import java.lang.invoke.MethodHandles; +import java.util.EnumSet; import java.util.Set; +import static java.lang.invoke.MethodType.methodType; +import static java.util.Collections.emptySet; +import static javax.security.enterprise.identitystore.CredentialValidationResult.NOT_VALIDATED_RESULT; +import static javax.security.enterprise.identitystore.IdentityStore.ValidationType.PROVIDE_GROUPS; +import static javax.security.enterprise.identitystore.IdentityStore.ValidationType.VALIDATE; + public interface IdentityStore { + Set<ValidationType> DEFAULT_VALIDATION_TYPES = EnumSet.of(VALIDATE, PROVIDE_GROUPS); - enum ValidationType { VALIDATE, PROVIDE_GROUPS } + default CredentialValidationResult validate(Credential credential) { + try { + return CredentialValidationResult.class.cast( + MethodHandles.lookup() + .bind(this, "validate", methodType(CredentialValidationResult.class, credential.getClass())) + .invoke(credential)); + } catch (NoSuchMethodException e) { + return NOT_VALIDATED_RESULT; + } catch (Throwable e) { + throw new IllegalStateException(e); + } + } - CredentialValidationResult validate(Credential credential); + default Set<String> getCallerGroups(CredentialValidationResult validationResult) { + return emptySet(); + } - Set<String> getCallerGroups(CredentialValidationResult validationResult); + default int priority() { + return 100; + } - int priority(); + default Set<ValidationType> validationTypes() { + return DEFAULT_VALIDATION_TYPES; + } - Set<ValidationType> validationTypes(); + enum ValidationType { + VALIDATE, PROVIDE_GROUPS + } } diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/identitystore/TomEEDefaultIdentityStore.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/identitystore/TomEEDefaultIdentityStore.java new file mode 100644 index 0000000..a687ae1 --- /dev/null +++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/identitystore/TomEEDefaultIdentityStore.java @@ -0,0 +1,64 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.tomee.security.identitystore; + +import org.apache.catalina.User; +import org.apache.catalina.UserDatabase; +import org.apache.catalina.core.StandardServer; +import org.apache.catalina.deploy.NamingResourcesImpl; +import org.apache.tomcat.util.descriptor.web.ContextResource; +import org.apache.tomee.loader.TomcatHelper; + +import javax.annotation.PostConstruct; +import javax.enterprise.context.ApplicationScoped; +import javax.security.enterprise.credential.UsernamePasswordCredential; +import javax.security.enterprise.identitystore.CredentialValidationResult; +import javax.security.enterprise.identitystore.IdentityStore; +import java.util.HashSet; +import java.util.Optional; +import java.util.Set; + +@ApplicationScoped +public class TomEEDefaultIdentityStore implements IdentityStore { + private UserDatabase userDatabase; + + @PostConstruct + private void init() throws Exception { + final StandardServer server = TomcatHelper.getServer(); + final NamingResourcesImpl resources = server.getGlobalNamingResources(); + final ContextResource userDataBaseResource = resources.findResource("UserDatabase"); + userDatabase = (UserDatabase) server.getGlobalNamingContext().lookup(userDataBaseResource.getName()); + } + + public CredentialValidationResult validate(final UsernamePasswordCredential credential) { + return Optional.ofNullable(userDatabase.findUser(credential.getCaller())) + .filter(user -> user.getPassword().equals(credential.getPasswordAsString())) + .map(user -> new CredentialValidationResult(user.getUsername(), getUserRoles(user))) + .orElse(CredentialValidationResult.INVALID_RESULT); + } + + @Override + public Set<String> getCallerGroups(final CredentialValidationResult validationResult) { + return validationResult.getCallerGroups(); + } + + private Set<String> getUserRoles(final User user) { + final Set<String> roles = new HashSet<>(); + user.getRoles().forEachRemaining(role -> roles.add(role.getRolename())); + return roles; + } +}
