This is an automated email from the ASF dual-hosted git repository. radcortez pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomee.git
commit e635b265a610e6196c329a36972f5c4bbc6d9f48 Author: Roberto Cortez <[email protected]> AuthorDate: Fri Dec 28 14:58:24 2018 +0000 TOMEE-2365 - Final step of form authentication. Retrieve original request and authentication data and pass it to the original requested resource. --- .../security/cdi/LoginToContinueInterceptor.java | 20 +++++++++++-- .../security/http/LoginToContinueMechanism.java | 9 ++++++ .../security/http/SavedHttpServletRequest.java | 34 ++++++++++++++++++++++ .../security/servlet/FormAuthServletTest.java | 5 ++-- 4 files changed, 63 insertions(+), 5 deletions(-) diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/LoginToContinueInterceptor.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/LoginToContinueInterceptor.java index 1e0b0f3..612f779 100644 --- a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/LoginToContinueInterceptor.java +++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/LoginToContinueInterceptor.java @@ -17,6 +17,8 @@ package org.apache.tomee.security.cdi; import org.apache.tomee.security.http.LoginToContinueMechanism; +import org.apache.tomee.security.http.SavedAuthentication; +import org.apache.tomee.security.http.SavedHttpServletRequest; import org.apache.tomee.security.http.SavedRequest; import javax.annotation.Priority; @@ -33,6 +35,8 @@ import java.util.Arrays; import static javax.interceptor.Interceptor.Priority.PLATFORM_BEFORE; import static javax.security.enterprise.AuthenticationStatus.SEND_FAILURE; import static javax.security.enterprise.AuthenticationStatus.SUCCESS; +import static org.apache.tomee.security.http.LoginToContinueMechanism.clearRequestAndAuthentication; +import static org.apache.tomee.security.http.LoginToContinueMechanism.getAuthentication; import static org.apache.tomee.security.http.LoginToContinueMechanism.getRequest; import static org.apache.tomee.security.http.LoginToContinueMechanism.hasAuthentication; import static org.apache.tomee.security.http.LoginToContinueMechanism.hasRequest; @@ -127,10 +131,20 @@ public class LoginToContinueInterceptor { } if (isOnOriginalURLAfterAuthenticate(httpMessageContext)) { - return null; + final SavedRequest savedRequest = getRequest(httpMessageContext.getRequest()); + final SavedAuthentication savedAuthentication = getAuthentication(httpMessageContext.getRequest()); + + clearRequestAndAuthentication(httpMessageContext.getRequest()); + + final SavedHttpServletRequest savedHttpServletRequest = + new SavedHttpServletRequest(httpMessageContext.getRequest(), savedRequest); + + return httpMessageContext.withRequest(savedHttpServletRequest) + .notifyContainerAboutLogin(savedAuthentication.getPrincipal(), + savedAuthentication.getGroups()); } - return null; + return (AuthenticationStatus) invocationContext.proceed(); } private boolean isOnInitialProtectedURL(final HttpMessageContext httpMessageContext) { @@ -142,7 +156,7 @@ public class LoginToContinueInterceptor { } private boolean isOnOriginalURLAfterAuthenticate(final HttpMessageContext httpMessageContext) { - return false; + return hasRequest(httpMessageContext.getRequest()) && hasAuthentication(httpMessageContext.getRequest()); } private LoginToContinue getLoginToContinue(final InvocationContext invocationContext) { diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/http/LoginToContinueMechanism.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/http/LoginToContinueMechanism.java index e67b4b4..7871595 100644 --- a/tomee/tomee-security/src/main/java/org/apache/tomee/security/http/LoginToContinueMechanism.java +++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/http/LoginToContinueMechanism.java @@ -132,4 +132,13 @@ public interface LoginToContinueMechanism { static boolean hasAuthentication(final HttpServletRequest request) { return request.getSession().getAttribute(AUTHENTICATION) != null; } + + static SavedAuthentication getAuthentication(final HttpServletRequest request) { + return (SavedAuthentication) request.getSession().getAttribute(AUTHENTICATION); + } + + static void clearRequestAndAuthentication(final HttpServletRequest request) { + request.getSession().removeAttribute(ORIGINAL_REQUEST); + request.getSession().removeAttribute(AUTHENTICATION); + } } diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/http/SavedHttpServletRequest.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/http/SavedHttpServletRequest.java new file mode 100644 index 0000000..5a91d5b --- /dev/null +++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/http/SavedHttpServletRequest.java @@ -0,0 +1,34 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.tomee.security.http; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletRequestWrapper; + +public class SavedHttpServletRequest extends HttpServletRequestWrapper { + private final SavedRequest savedRequest; + + public SavedHttpServletRequest(final HttpServletRequest request, final SavedRequest savedRequest) { + super(request); + this.savedRequest = savedRequest; + } + + @Override + public String getMethod() { + return savedRequest.getMethod(); + } +} diff --git a/tomee/tomee-security/src/test/java/org/apache/tomee/security/servlet/FormAuthServletTest.java b/tomee/tomee-security/src/test/java/org/apache/tomee/security/servlet/FormAuthServletTest.java index f006388..8a63dd6 100644 --- a/tomee/tomee-security/src/test/java/org/apache/tomee/security/servlet/FormAuthServletTest.java +++ b/tomee/tomee-security/src/test/java/org/apache/tomee/security/servlet/FormAuthServletTest.java @@ -48,8 +48,9 @@ public class FormAuthServletTest extends AbstractTomEESecurityTest { login.getInputByName("j_username").setValueAttribute("tomcat"); login.getInputByName("j_password").setValueAttribute("tomcat"); - final HtmlPage submit = login.getInputByName("submit").click(); - System.out.println("submit.toString() = " + submit.toString()); + final Page result = login.getInputByName("submit").click(); + assertEquals(200, result.getWebResponse().getStatusCode()); + assertEquals("ok!", result.getWebResponse().getContentAsString()); } @ApplicationScoped
