This is an automated email from the ASF dual-hosted git repository. radcortez pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomee.git
commit fe9fab62bf197d6c66df1af15928397f26e5e2b6 Author: Roberto Cortez <[email protected]> AuthorDate: Thu Dec 27 16:56:34 2018 +0000 TOMEE-2365 - Skeleton implementation for the LoginToContinueInterceptor. --- .../security/cdi/FormAuthenticationMechanism.java | 2 + .../security/cdi/LoginToContinueInterceptor.java | 99 ++++++++++++++++++++++ .../tomee/security/cdi/TomEESecurityExtension.java | 2 + 3 files changed, 103 insertions(+) diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/FormAuthenticationMechanism.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/FormAuthenticationMechanism.java index b7a29e8..316575e 100644 --- a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/FormAuthenticationMechanism.java +++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/FormAuthenticationMechanism.java @@ -21,10 +21,12 @@ import javax.security.enterprise.AuthenticationException; import javax.security.enterprise.AuthenticationStatus; import javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism; import javax.security.enterprise.authentication.mechanism.http.HttpMessageContext; +import javax.security.enterprise.authentication.mechanism.http.LoginToContinue; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @ApplicationScoped +@LoginToContinue public class FormAuthenticationMechanism implements HttpAuthenticationMechanism { @Override public AuthenticationStatus validateRequest(final HttpServletRequest request, final HttpServletResponse response, diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/LoginToContinueInterceptor.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/LoginToContinueInterceptor.java new file mode 100644 index 0000000..98c8417 --- /dev/null +++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/LoginToContinueInterceptor.java @@ -0,0 +1,99 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.tomee.security.cdi; + +import javax.annotation.Priority; +import javax.interceptor.AroundInvoke; +import javax.interceptor.Interceptor; +import javax.interceptor.InvocationContext; +import javax.security.enterprise.AuthenticationException; +import javax.security.enterprise.AuthenticationStatus; +import javax.security.enterprise.authentication.mechanism.http.HttpMessageContext; +import javax.security.enterprise.authentication.mechanism.http.LoginToContinue; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.util.Arrays; + +import static javax.interceptor.Interceptor.Priority.PLATFORM_BEFORE; + +@LoginToContinue +@Interceptor +@Priority(PLATFORM_BEFORE + 220) +public class LoginToContinueInterceptor { + @AroundInvoke + public Object intercept(final InvocationContext invocationContext) throws Exception { + if (invocationContext.getMethod().getName().equals("validateRequest") && + Arrays.equals(invocationContext.getMethod().getParameterTypes(), new Class<?>[]{ + HttpServletRequest.class, + HttpServletResponse.class, + HttpMessageContext.class + })) { + return validateRequest((HttpMessageContext) invocationContext.getParameters()[2]); + } + + return invocationContext.proceed(); + } + + private AuthenticationStatus validateRequest(final HttpMessageContext httpMessageContext) + throws AuthenticationException { + + clearStaleState(httpMessageContext); + + if (httpMessageContext.getAuthParameters().isNewAuthentication()) { + return processCallerInitiatedAuthentication(httpMessageContext); + } else { + return processContainerInitiatedAuthentication(httpMessageContext); + } + } + + private void clearStaleState(final HttpMessageContext httpMessageContext) { + + } + + private AuthenticationStatus processCallerInitiatedAuthentication(final HttpMessageContext httpMessageContext) { + return null; + } + + private AuthenticationStatus processContainerInitiatedAuthentication(final HttpMessageContext httpMessageContext) { + + if (isOnInitialProtectedURL(httpMessageContext)) { + return null; + } + + if (isOnOnLoginPostback(httpMessageContext)) { + return null; + } + + if (isOnOriginalURLAfterAuthenticate(httpMessageContext)) { + return null; + } + + return null; + } + + private boolean isOnInitialProtectedURL(final HttpMessageContext httpMessageContext) { + return false; + } + + private boolean isOnOnLoginPostback(final HttpMessageContext httpMessageContext) { + return false; + } + + private boolean isOnOriginalURLAfterAuthenticate(final HttpMessageContext httpMessageContext) { + return false; + } +} diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityExtension.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityExtension.java index 91036c9..f0214d1 100644 --- a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityExtension.java +++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityExtension.java @@ -49,6 +49,8 @@ public class TomEESecurityExtension implements Extension { beanManager.createAnnotatedType(TomEESecurityServletAuthenticationMechanismMapper.class)); beforeBeanDiscovery.addAnnotatedType(beanManager.createAnnotatedType(TomEEDefaultIdentityStore.class)); beforeBeanDiscovery.addAnnotatedType(beanManager.createAnnotatedType(TomEEIdentityStoreHandler.class)); + + beforeBeanDiscovery.addAnnotatedType(beanManager.createAnnotatedType(LoginToContinueInterceptor.class)); } void processAuthenticationMechanismDefinitions(@Observes
