This is an automated email from the ASF dual-hosted git repository. radcortez pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomee.git
commit dc81bb9dc9a1d47b2595025b825d0be78645d1c5 Author: Roberto Cortez <[email protected]> AuthorDate: Mon Dec 17 21:08:02 2018 +0000 TOMEE-2365 - Initial API code. --- .../enterprise/AuthenticationException.java | 39 +++++++ .../security/enterprise/AuthenticationStatus.java | 24 +++++ .../javax/security/enterprise/CallerPrincipal.java | 35 ++++++ .../mechanism/http/AuthenticationParameters.java | 68 ++++++++++++ .../BasicAuthenticationMechanismDefinition.java | 29 +++++ ...ustomFormAuthenticationMechanismDefinition.java | 31 ++++++ .../FormAuthenticationMechanismDefinition.java | 31 ++++++ .../http/HttpAuthenticationMechanism.java | 42 ++++++++ .../mechanism/http/HttpMessageContext.java | 77 +++++++++++++ .../mechanism/http/LoginToContinue.java | 44 ++++++++ .../security/enterprise/credential/Credential.java | 29 +++++ .../identitystore/CredentialValidationResult.java | 119 +++++++++++++++++++++ 12 files changed, 568 insertions(+) diff --git a/tomee/tomee-security/src/main/java/javax/security/enterprise/AuthenticationException.java b/tomee/tomee-security/src/main/java/javax/security/enterprise/AuthenticationException.java new file mode 100644 index 0000000..e30ba20 --- /dev/null +++ b/tomee/tomee-security/src/main/java/javax/security/enterprise/AuthenticationException.java @@ -0,0 +1,39 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package javax.security.enterprise; + +import java.security.GeneralSecurityException; + +public class AuthenticationException extends GeneralSecurityException { + private static final long serialVersionUID = 1L; + + public AuthenticationException() { + super(); + } + + public AuthenticationException(String message) { + super(message); + } + + public AuthenticationException(String message, Throwable cause) { + super(message, cause); + } + + public AuthenticationException(Throwable cause) { + super(cause); + } +} diff --git a/tomee/tomee-security/src/main/java/javax/security/enterprise/AuthenticationStatus.java b/tomee/tomee-security/src/main/java/javax/security/enterprise/AuthenticationStatus.java new file mode 100644 index 0000000..208eb59 --- /dev/null +++ b/tomee/tomee-security/src/main/java/javax/security/enterprise/AuthenticationStatus.java @@ -0,0 +1,24 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package javax.security.enterprise; + +public enum AuthenticationStatus { + NOT_DONE, + SEND_CONTINUE, + SUCCESS, + SEND_FAILURE +} diff --git a/tomee/tomee-security/src/main/java/javax/security/enterprise/CallerPrincipal.java b/tomee/tomee-security/src/main/java/javax/security/enterprise/CallerPrincipal.java new file mode 100644 index 0000000..e02b801 --- /dev/null +++ b/tomee/tomee-security/src/main/java/javax/security/enterprise/CallerPrincipal.java @@ -0,0 +1,35 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package javax.security.enterprise; + +import java.io.Serializable; +import java.security.Principal; + +public class CallerPrincipal implements Principal, Serializable { + private static final long serialVersionUID = -6951555039431667786L; + + private final String name; + + public CallerPrincipal(String name) { + this.name = name; + } + + @Override + public String getName() { + return name; + } +} diff --git a/tomee/tomee-security/src/main/java/javax/security/enterprise/authentication/mechanism/http/AuthenticationParameters.java b/tomee/tomee-security/src/main/java/javax/security/enterprise/authentication/mechanism/http/AuthenticationParameters.java new file mode 100644 index 0000000..ac03426 --- /dev/null +++ b/tomee/tomee-security/src/main/java/javax/security/enterprise/authentication/mechanism/http/AuthenticationParameters.java @@ -0,0 +1,68 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package javax.security.enterprise.authentication.mechanism.http; + +import javax.security.enterprise.credential.Credential; + +public class AuthenticationParameters { + private Credential credential; + private boolean newAuthentication; + private boolean rememberMe; + + public static AuthenticationParameters withParams() { + return new AuthenticationParameters(); + } + + public AuthenticationParameters credential(Credential credential) { + setCredential(credential); + return this; + } + + public AuthenticationParameters newAuthentication(boolean newAuthentication) { + setNewAuthentication(newAuthentication); + return this; + } + + public AuthenticationParameters rememberMe(boolean rememberMe) { + setRememberMe(rememberMe); + return this; + } + + public Credential getCredential() { + return credential; + } + + public void setCredential(Credential credential) { + this.credential = credential; + } + + public boolean isNewAuthentication() { + return newAuthentication; + } + + public void setNewAuthentication(boolean newAuthentication) { + this.newAuthentication = newAuthentication; + } + + public boolean isRememberMe() { + return rememberMe; + } + + public void setRememberMe(boolean rememberMe) { + this.rememberMe = rememberMe; + } +} diff --git a/tomee/tomee-security/src/main/java/javax/security/enterprise/authentication/mechanism/http/BasicAuthenticationMechanismDefinition.java b/tomee/tomee-security/src/main/java/javax/security/enterprise/authentication/mechanism/http/BasicAuthenticationMechanismDefinition.java new file mode 100644 index 0000000..badf841 --- /dev/null +++ b/tomee/tomee-security/src/main/java/javax/security/enterprise/authentication/mechanism/http/BasicAuthenticationMechanismDefinition.java @@ -0,0 +1,29 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package javax.security.enterprise.authentication.mechanism.http; + +import java.lang.annotation.Retention; +import java.lang.annotation.Target; + +import static java.lang.annotation.ElementType.TYPE; +import static java.lang.annotation.RetentionPolicy.RUNTIME; + +@Retention(RUNTIME) +@Target(TYPE) +public @interface BasicAuthenticationMechanismDefinition { + String realmName() default ""; +} diff --git a/tomee/tomee-security/src/main/java/javax/security/enterprise/authentication/mechanism/http/CustomFormAuthenticationMechanismDefinition.java b/tomee/tomee-security/src/main/java/javax/security/enterprise/authentication/mechanism/http/CustomFormAuthenticationMechanismDefinition.java new file mode 100644 index 0000000..a3e981d --- /dev/null +++ b/tomee/tomee-security/src/main/java/javax/security/enterprise/authentication/mechanism/http/CustomFormAuthenticationMechanismDefinition.java @@ -0,0 +1,31 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package javax.security.enterprise.authentication.mechanism.http; + +import javax.enterprise.util.Nonbinding; +import java.lang.annotation.Retention; +import java.lang.annotation.Target; + +import static java.lang.annotation.ElementType.TYPE; +import static java.lang.annotation.RetentionPolicy.RUNTIME; + +@Retention(RUNTIME) +@Target(TYPE) +public @interface CustomFormAuthenticationMechanismDefinition { + @Nonbinding + LoginToContinue loginToContinue(); +} diff --git a/tomee/tomee-security/src/main/java/javax/security/enterprise/authentication/mechanism/http/FormAuthenticationMechanismDefinition.java b/tomee/tomee-security/src/main/java/javax/security/enterprise/authentication/mechanism/http/FormAuthenticationMechanismDefinition.java new file mode 100644 index 0000000..22b5cfe --- /dev/null +++ b/tomee/tomee-security/src/main/java/javax/security/enterprise/authentication/mechanism/http/FormAuthenticationMechanismDefinition.java @@ -0,0 +1,31 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package javax.security.enterprise.authentication.mechanism.http; + +import javax.enterprise.util.Nonbinding; +import java.lang.annotation.Retention; +import java.lang.annotation.Target; + +import static java.lang.annotation.ElementType.TYPE; +import static java.lang.annotation.RetentionPolicy.RUNTIME; + +@Retention(RUNTIME) +@Target(TYPE) +public @interface FormAuthenticationMechanismDefinition { + @Nonbinding + LoginToContinue loginToContinue(); +} diff --git a/tomee/tomee-security/src/main/java/javax/security/enterprise/authentication/mechanism/http/HttpAuthenticationMechanism.java b/tomee/tomee-security/src/main/java/javax/security/enterprise/authentication/mechanism/http/HttpAuthenticationMechanism.java new file mode 100644 index 0000000..03f7282 --- /dev/null +++ b/tomee/tomee-security/src/main/java/javax/security/enterprise/authentication/mechanism/http/HttpAuthenticationMechanism.java @@ -0,0 +1,42 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package javax.security.enterprise.authentication.mechanism.http; + +import javax.security.enterprise.AuthenticationException; +import javax.security.enterprise.AuthenticationStatus; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import static javax.security.enterprise.AuthenticationStatus.SUCCESS; + +public interface HttpAuthenticationMechanism { + + AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, + HttpMessageContext httpMessageContext) + throws AuthenticationException; + + default AuthenticationStatus secureResponse(HttpServletRequest request, HttpServletResponse response, + HttpMessageContext httpMessageContext) + throws AuthenticationException { + return SUCCESS; + } + + default void cleanSubject(HttpServletRequest request, HttpServletResponse response, + HttpMessageContext httpMessageContext) { + httpMessageContext.cleanClientSubject(); + } +} diff --git a/tomee/tomee-security/src/main/java/javax/security/enterprise/authentication/mechanism/http/HttpMessageContext.java b/tomee/tomee-security/src/main/java/javax/security/enterprise/authentication/mechanism/http/HttpMessageContext.java new file mode 100644 index 0000000..5fc4fb3 --- /dev/null +++ b/tomee/tomee-security/src/main/java/javax/security/enterprise/authentication/mechanism/http/HttpMessageContext.java @@ -0,0 +1,77 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package javax.security.enterprise.authentication.mechanism.http; + +import javax.security.auth.Subject; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.message.MessageInfo; +import javax.security.enterprise.AuthenticationStatus; +import javax.security.enterprise.identitystore.CredentialValidationResult; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.security.Principal; +import java.util.Set; + +public interface HttpMessageContext { + boolean isProtected(); + + boolean isAuthenticationRequest(); + + boolean isRegisterSession(); + + void setRegisterSession(String callerName, Set<String> groups); + + void cleanClientSubject(); + + AuthenticationParameters getAuthParameters(); + + CallbackHandler getHandler(); + + MessageInfo getMessageInfo(); + + Subject getClientSubject(); + + HttpServletRequest getRequest(); + + void setRequest(HttpServletRequest request); + + HttpMessageContext withRequest(HttpServletRequest request); + + HttpServletResponse getResponse(); + + void setResponse(HttpServletResponse response); + + AuthenticationStatus redirect(String location); + + AuthenticationStatus forward(String path); + + AuthenticationStatus responseUnauthorized(); + + AuthenticationStatus responseNotFound(); + + AuthenticationStatus notifyContainerAboutLogin(String callername, Set<String> groups); + + AuthenticationStatus notifyContainerAboutLogin(Principal principal, Set<String> groups); + + AuthenticationStatus notifyContainerAboutLogin(CredentialValidationResult result); + + AuthenticationStatus doNothing(); + + Principal getCallerPrincipal(); + + Set<String> getGroups(); +} diff --git a/tomee/tomee-security/src/main/java/javax/security/enterprise/authentication/mechanism/http/LoginToContinue.java b/tomee/tomee-security/src/main/java/javax/security/enterprise/authentication/mechanism/http/LoginToContinue.java new file mode 100644 index 0000000..e38f0d1 --- /dev/null +++ b/tomee/tomee-security/src/main/java/javax/security/enterprise/authentication/mechanism/http/LoginToContinue.java @@ -0,0 +1,44 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package javax.security.enterprise.authentication.mechanism.http; + +import javax.enterprise.util.Nonbinding; +import javax.interceptor.InterceptorBinding; +import java.lang.annotation.Inherited; +import java.lang.annotation.Retention; +import java.lang.annotation.Target; + +import static java.lang.annotation.ElementType.TYPE; +import static java.lang.annotation.RetentionPolicy.RUNTIME; + +@Inherited +@InterceptorBinding +@Retention(RUNTIME) +@Target(TYPE) +public @interface LoginToContinue { + @Nonbinding + String loginPage() default "/login"; + + @Nonbinding + boolean useForwardToLogin() default true; + + @Nonbinding + String useForwardToLoginExpression() default ""; + + @Nonbinding + String errorPage() default "/login-error"; +} diff --git a/tomee/tomee-security/src/main/java/javax/security/enterprise/credential/Credential.java b/tomee/tomee-security/src/main/java/javax/security/enterprise/credential/Credential.java new file mode 100644 index 0000000..2a063af --- /dev/null +++ b/tomee/tomee-security/src/main/java/javax/security/enterprise/credential/Credential.java @@ -0,0 +1,29 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package javax.security.enterprise.credential; + +public interface Credential { + default boolean isCleared() { + return false; + } + + default void clear() {} + + default boolean isValid() { + return true; + } +} diff --git a/tomee/tomee-security/src/main/java/javax/security/enterprise/identitystore/CredentialValidationResult.java b/tomee/tomee-security/src/main/java/javax/security/enterprise/identitystore/CredentialValidationResult.java new file mode 100644 index 0000000..c24be15 --- /dev/null +++ b/tomee/tomee-security/src/main/java/javax/security/enterprise/identitystore/CredentialValidationResult.java @@ -0,0 +1,119 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package javax.security.enterprise.identitystore; + + +import javax.security.enterprise.CallerPrincipal; +import java.util.HashSet; +import java.util.Set; + +import static java.util.Collections.emptySet; +import static java.util.Collections.unmodifiableSet; +import static javax.security.enterprise.identitystore.CredentialValidationResult.Status.INVALID; +import static javax.security.enterprise.identitystore.CredentialValidationResult.Status.NOT_VALIDATED; +import static javax.security.enterprise.identitystore.CredentialValidationResult.Status.VALID; + +public class CredentialValidationResult { + public static final CredentialValidationResult INVALID_RESULT = new CredentialValidationResult(INVALID); + public static final CredentialValidationResult NOT_VALIDATED_RESULT = new CredentialValidationResult(NOT_VALIDATED); + + private final Status status; + private final String storeId; + private final String callerDn; + private final String callerUniqueId; + private final CallerPrincipal callerPrincipal; + private final Set<String> groups; + + public enum Status { + NOT_VALIDATED, + INVALID, + VALID + } + + private CredentialValidationResult(Status status) { + this(status, null, null, null, null, null); + } + + public CredentialValidationResult(String callerName) { + this(new CallerPrincipal(callerName), null); + } + + public CredentialValidationResult(CallerPrincipal callerPrincipal) { + this(callerPrincipal, null); + } + + public CredentialValidationResult(String callerName, Set<String> groups) { + this(new CallerPrincipal(callerName), groups); + } + + public CredentialValidationResult(CallerPrincipal callerPrincipal, Set<String> groups) { + this(null, callerPrincipal, null, null, groups); + } + + public CredentialValidationResult(String storeId, String callerName, String callerDn, String callerUniqueId, + Set<String> groups) { + this(storeId, new CallerPrincipal(callerName), callerDn, callerUniqueId, groups); + } + + public CredentialValidationResult(String storeId, CallerPrincipal callerPrincipal, String callerDn, + String callerUniqueId, Set<String> groups) { + this(VALID, storeId, callerPrincipal, callerDn, callerUniqueId, groups); + } + + private CredentialValidationResult(Status status, String storeId, CallerPrincipal callerPrincipal, String callerDn, + String callerUniqueId, Set<String> groups) { + + if (status != VALID && (storeId != null || callerPrincipal != null || + callerDn != null || callerUniqueId != null || groups != null)) { + throw new IllegalArgumentException("Bad status"); + } + if (status == VALID && (callerPrincipal == null || callerPrincipal.getName().trim().isEmpty())) { + throw new IllegalArgumentException("Null or empty CallerPrincipal"); + } + + this.status = status; + this.storeId = storeId; + this.callerPrincipal = callerPrincipal; + this.callerDn = callerDn; + this.callerUniqueId = callerUniqueId; + this.groups = groups != null ? unmodifiableSet(new HashSet<>(groups)) : emptySet(); + } + + public Status getStatus() { + return status; + } + + public String getIdentityStoreId() { + return storeId; + } + + public CallerPrincipal getCallerPrincipal() { + return callerPrincipal; + } + + public String getCallerUniqueId() { + return callerUniqueId; + } + + public String getCallerDn() { + return callerDn; + } + + public Set<String> getCallerGroups() { + return groups; + } +}
