This is an automated email from the ASF dual-hosted git repository. radcortez pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomee.git
commit e83f7ff99f18f16cceb6fb01deb12d5af27248de Author: Roberto Cortez <[email protected]> AuthorDate: Wed Dec 26 18:59:11 2018 +0000 TOMEE-2365 - Added a Default Authentication Mechanism to passthrough request to Servlet that don't require authentication. --- .../cdi/DefaultAuthenticationMechanism.java | 48 ++++++++++++++++++++++ .../tomee/security/cdi/TomEESecurityExtension.java | 5 +++ ...curityServletAuthenticationMechanismMapper.java | 6 ++- .../TomEESecurityServletContainerInitializer.java | 16 +++++--- 4 files changed, 68 insertions(+), 7 deletions(-) diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/DefaultAuthenticationMechanism.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/DefaultAuthenticationMechanism.java new file mode 100644 index 0000000..f7da0a6 --- /dev/null +++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/DefaultAuthenticationMechanism.java @@ -0,0 +1,48 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.tomee.security.cdi; + +import javax.enterprise.context.ApplicationScoped; +import javax.security.enterprise.AuthenticationException; +import javax.security.enterprise.AuthenticationStatus; +import javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism; +import javax.security.enterprise.authentication.mechanism.http.HttpMessageContext; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +@ApplicationScoped +public class DefaultAuthenticationMechanism implements HttpAuthenticationMechanism { + @Override + public AuthenticationStatus validateRequest(final HttpServletRequest request, final HttpServletResponse response, + final HttpMessageContext httpMessageContext) + throws AuthenticationException { + return httpMessageContext.doNothing(); + } + + @Override + public AuthenticationStatus secureResponse(final HttpServletRequest request, final HttpServletResponse response, + final HttpMessageContext httpMessageContext) + throws AuthenticationException { + return null; + } + + @Override + public void cleanSubject(final HttpServletRequest request, final HttpServletResponse response, + final HttpMessageContext httpMessageContext) { + + } +} diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityExtension.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityExtension.java index 3470bd2..712587e 100644 --- a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityExtension.java +++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityExtension.java @@ -49,6 +49,7 @@ public class TomEESecurityExtension implements Extension { void observeBeforeBeanDiscovery(@Observes final BeforeBeanDiscovery beforeBeanDiscovery, final BeanManager beanManager) { if (basicAuthentication.isEmpty()) { + beforeBeanDiscovery.addAnnotatedType(beanManager.createAnnotatedType(DefaultAuthenticationMechanism.class)); beforeBeanDiscovery.addAnnotatedType( beanManager.createAnnotatedType(TomEESecurityServletAuthenticationMechanismMapper.class)); beforeBeanDiscovery.addAnnotatedType(beanManager.createAnnotatedType(TomEEDefaultIdentityStore.class)); @@ -76,4 +77,8 @@ public class TomEESecurityExtension implements Extension { }); } } + + public boolean hasAuthenticationMechanisms() { + return !basicAuthentication.isEmpty(); + } } diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityServletAuthenticationMechanismMapper.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityServletAuthenticationMechanismMapper.java index bbad8ef..836fff4 100644 --- a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityServletAuthenticationMechanismMapper.java +++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityServletAuthenticationMechanismMapper.java @@ -20,6 +20,7 @@ import javax.enterprise.context.ApplicationScoped; import javax.enterprise.context.Initialized; import javax.enterprise.event.Observes; import javax.enterprise.inject.spi.CDI; +import javax.inject.Inject; import javax.security.enterprise.authentication.mechanism.http.BasicAuthenticationMechanismDefinition; import javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism; import javax.servlet.ServletContext; @@ -31,6 +32,9 @@ import java.util.concurrent.ConcurrentHashMap; public class TomEESecurityServletAuthenticationMechanismMapper { private final Map<String, HttpAuthenticationMechanism> servletAuthenticationMapper = new ConcurrentHashMap<>(); + @Inject + private DefaultAuthenticationMechanism defaultAuthenticationMechanism; + public void init(@Observes @Initialized(ApplicationScoped.class) final ServletContext context) { final Map<String, ? extends ServletRegistration> servletRegistrations = context.getServletRegistrations(); servletRegistrations.forEach((servletName, servletRegistration) -> { @@ -47,6 +51,6 @@ public class TomEESecurityServletAuthenticationMechanismMapper { } public HttpAuthenticationMechanism getCurrentAuthenticationMechanism(final String servletName) { - return servletAuthenticationMapper.get(servletName); + return servletAuthenticationMapper.getOrDefault(servletName, defaultAuthenticationMechanism); } } diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/servlet/TomEESecurityServletContainerInitializer.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/servlet/TomEESecurityServletContainerInitializer.java index 7eba191..6dc9b25 100644 --- a/tomee/tomee-security/src/main/java/org/apache/tomee/security/servlet/TomEESecurityServletContainerInitializer.java +++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/servlet/TomEESecurityServletContainerInitializer.java @@ -16,23 +16,27 @@ */ package org.apache.tomee.security.servlet; +import org.apache.tomee.security.cdi.TomEESecurityExtension; import org.apache.tomee.security.provider.TomEESecurityAuthConfigProvider; import javax.enterprise.inject.spi.CDI; +import javax.inject.Inject; import javax.security.auth.message.config.AuthConfigFactory; -import javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism; import javax.servlet.ServletContainerInitializer; import javax.servlet.ServletContext; import javax.servlet.ServletException; +import java.util.Optional; import java.util.Set; public class TomEESecurityServletContainerInitializer implements ServletContainerInitializer { @Override public void onStartup(final Set<Class<?>> c, final ServletContext ctx) throws ServletException { - if (CDI.current().select(HttpAuthenticationMechanism.class).isResolvable()) { - AuthConfigFactory.getFactory() - .registerConfigProvider(new TomEESecurityAuthConfigProvider(), null, null, - "TomEE Security JSR-375"); - } + Optional.ofNullable(CDI.current().getBeanManager().getExtension(TomEESecurityExtension.class)) + .map(TomEESecurityExtension::hasAuthenticationMechanisms) + .filter(has -> has.equals(true)) + .ifPresent(has -> AuthConfigFactory.getFactory() + .registerConfigProvider(new TomEESecurityAuthConfigProvider(), + null, null, + "TomEE Security JSR-375")); } }
