This is an automated email from the ASF dual-hosted git repository. radcortez pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomee.git
commit 6f8a939a7428f1c8164b26cadf469411148f14ac Author: Roberto Cortez <[email protected]> AuthorDate: Thu Dec 27 12:32:49 2018 +0000 TOMEE-2365 - Allow a generic authentication mechanism for the entire app or specific ones per servlet. --- .../cdi/DefaultAuthenticationMechanism.java | 37 ++++++++++++++++++++-- ...curityServletAuthenticationMechanismMapper.java | 16 ++++++++++ 2 files changed, 51 insertions(+), 2 deletions(-) diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/DefaultAuthenticationMechanism.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/DefaultAuthenticationMechanism.java index f7da0a6..54bb000 100644 --- a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/DefaultAuthenticationMechanism.java +++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/DefaultAuthenticationMechanism.java @@ -26,23 +26,56 @@ import javax.servlet.http.HttpServletResponse; @ApplicationScoped public class DefaultAuthenticationMechanism implements HttpAuthenticationMechanism { + private HttpAuthenticationMechanism delegate; + + public DefaultAuthenticationMechanism() { + this.delegate = new EmptyAuthenticationMechanism(); + } + @Override public AuthenticationStatus validateRequest(final HttpServletRequest request, final HttpServletResponse response, final HttpMessageContext httpMessageContext) throws AuthenticationException { - return httpMessageContext.doNothing(); + return delegate.validateRequest(request, response, httpMessageContext); } @Override public AuthenticationStatus secureResponse(final HttpServletRequest request, final HttpServletResponse response, final HttpMessageContext httpMessageContext) throws AuthenticationException { - return null; + return delegate.secureResponse(request, response, httpMessageContext); } @Override public void cleanSubject(final HttpServletRequest request, final HttpServletResponse response, final HttpMessageContext httpMessageContext) { + delegate.cleanSubject(request, response, httpMessageContext); + } + + public void setDelegate(final HttpAuthenticationMechanism delegate) { + this.delegate = delegate; + } + + private static class EmptyAuthenticationMechanism implements HttpAuthenticationMechanism { + @Override + public AuthenticationStatus validateRequest(final HttpServletRequest request, + final HttpServletResponse response, + final HttpMessageContext httpMessageContext) + throws AuthenticationException { + return httpMessageContext.doNothing(); + } + + @Override + public AuthenticationStatus secureResponse(final HttpServletRequest request, final HttpServletResponse response, + final HttpMessageContext httpMessageContext) + throws AuthenticationException { + return httpMessageContext.doNothing(); + } + + @Override + public void cleanSubject(final HttpServletRequest request, final HttpServletResponse response, + final HttpMessageContext httpMessageContext) { + } } } diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityServletAuthenticationMechanismMapper.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityServletAuthenticationMechanismMapper.java index fff782e..d054783 100644 --- a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityServletAuthenticationMechanismMapper.java +++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityServletAuthenticationMechanismMapper.java @@ -19,6 +19,7 @@ package org.apache.tomee.security.cdi; import javax.enterprise.context.ApplicationScoped; import javax.enterprise.context.Initialized; import javax.enterprise.event.Observes; +import javax.enterprise.inject.Instance; import javax.enterprise.inject.spi.CDI; import javax.inject.Inject; import javax.security.enterprise.authentication.mechanism.http.BasicAuthenticationMechanismDefinition; @@ -27,13 +28,17 @@ import javax.security.enterprise.authentication.mechanism.http.HttpAuthenticatio import javax.servlet.ServletContext; import javax.servlet.ServletRegistration; import java.util.Map; +import java.util.Set; import java.util.concurrent.ConcurrentHashMap; +import java.util.stream.Collectors; @ApplicationScoped public class TomEESecurityServletAuthenticationMechanismMapper { private final Map<String, HttpAuthenticationMechanism> servletAuthenticationMapper = new ConcurrentHashMap<>(); @Inject + private Instance<HttpAuthenticationMechanism> authenticationMechanisms; + @Inject private DefaultAuthenticationMechanism defaultAuthenticationMechanism; public void init(@Observes @Initialized(ApplicationScoped.class) final ServletContext context) { @@ -55,6 +60,17 @@ public class TomEESecurityServletAuthenticationMechanismMapper { // Ignore } }); + + final Set<HttpAuthenticationMechanism> availableBeans = + authenticationMechanisms.stream().collect(Collectors.toSet()); + availableBeans.removeAll(servletAuthenticationMapper.values()); + availableBeans.remove(defaultAuthenticationMechanism); + + if (availableBeans.size() == 1) { + defaultAuthenticationMechanism.setDelegate(availableBeans.iterator().next()); + } else if (availableBeans.size() > 1) { + throw new IllegalStateException(); + } } public HttpAuthenticationMechanism getCurrentAuthenticationMechanism(final String servletName) {
