Implement mp-jwt (first shoot)
Project: http://git-wip-us.apache.org/repos/asf/tomee/repo Commit: http://git-wip-us.apache.org/repos/asf/tomee/commit/82670f9b Tree: http://git-wip-us.apache.org/repos/asf/tomee/tree/82670f9b Diff: http://git-wip-us.apache.org/repos/asf/tomee/diff/82670f9b Branch: refs/heads/master Commit: 82670f9b43a63ed28ac23ea9ec57846bcb8884e9 Parents: 58a3fa7 Author: Jean-Louis Monteiro <jeano...@gmail.com> Authored: Tue Apr 17 22:31:11 2018 +0200 Committer: Jean-Louis Monteiro <jeano...@gmail.com> Committed: Tue Apr 17 22:31:11 2018 +0200 ---------------------------------------------------------------------- .../core/security/AbstractSecurityService.java | 12 ++++-- pom.xml | 1 + .../rs/event/ExtensionProviderRegistration.java | 4 +- .../tomee/microprofile/jwt/TCKTokenParser.java | 40 ++++++++++++++++++++ ...lipse.microprofile.jwt.tck.util.ITokenParser | 1 + tck/microprofile-tck/pom.xml | 1 + .../tomee/catalina/TomcatSecurityService.java | 21 ++++++++++ tomee/tomee-microprofile-webapp/pom.xml | 16 ++++++++ 8 files changed, 91 insertions(+), 5 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/tomee/blob/82670f9b/container/openejb-core/src/main/java/org/apache/openejb/core/security/AbstractSecurityService.java ---------------------------------------------------------------------- diff --git a/container/openejb-core/src/main/java/org/apache/openejb/core/security/AbstractSecurityService.java b/container/openejb-core/src/main/java/org/apache/openejb/core/security/AbstractSecurityService.java index 57e2c9c..233db15 100644 --- a/container/openejb-core/src/main/java/org/apache/openejb/core/security/AbstractSecurityService.java +++ b/container/openejb-core/src/main/java/org/apache/openejb/core/security/AbstractSecurityService.java @@ -151,15 +151,17 @@ public abstract class AbstractSecurityService implements DestroyableResource, Se final String moduleID = newContext.getBeanContext().getModuleID(); JavaSecurityManagers.setContextID(moduleID); + final SecurityContext defaultSecurityContext = getDefaultSecurityContext(); + final ProvidedSecurityContext providedSecurityContext = newContext.get(ProvidedSecurityContext.class); SecurityContext securityContext = oldContext != null ? oldContext.get(SecurityContext.class) : - (providedSecurityContext != null ? providedSecurityContext.context : null); - if (providedSecurityContext == null && (securityContext == null || securityContext == defaultContext)) { + (providedSecurityContext != null ? providedSecurityContext.context : null); + if (providedSecurityContext == null && (securityContext == null || securityContext == defaultSecurityContext)) { final Identity identity = clientIdentity.get(); if (identity != null) { securityContext = new SecurityContext(identity.subject); } else { - securityContext = defaultContext; + securityContext = defaultSecurityContext; } } @@ -398,6 +400,10 @@ public abstract class AbstractSecurityService implements DestroyableResource, Se } } + protected SecurityContext getDefaultSecurityContext() { + return defaultContext; + } + public static final class ProvidedSecurityContext { public final SecurityContext context; http://git-wip-us.apache.org/repos/asf/tomee/blob/82670f9b/pom.xml ---------------------------------------------------------------------- diff --git a/pom.xml b/pom.xml index 53ded49..82b50dd 100644 --- a/pom.xml +++ b/pom.xml @@ -506,6 +506,7 @@ <module>gradle</module> <module>container</module> <module>server</module> + <module>mp-jwt</module> <module>examples</module> <module>assembly</module> <module>tck</module> http://git-wip-us.apache.org/repos/asf/tomee/blob/82670f9b/server/openejb-cxf-rs/src/main/java/org/apache/openejb/server/cxf/rs/event/ExtensionProviderRegistration.java ---------------------------------------------------------------------- diff --git a/server/openejb-cxf-rs/src/main/java/org/apache/openejb/server/cxf/rs/event/ExtensionProviderRegistration.java b/server/openejb-cxf-rs/src/main/java/org/apache/openejb/server/cxf/rs/event/ExtensionProviderRegistration.java index cfae25c..932a6bf 100644 --- a/server/openejb-cxf-rs/src/main/java/org/apache/openejb/server/cxf/rs/event/ExtensionProviderRegistration.java +++ b/server/openejb-cxf-rs/src/main/java/org/apache/openejb/server/cxf/rs/event/ExtensionProviderRegistration.java @@ -28,9 +28,9 @@ public class ExtensionProviderRegistration { private final List<Object> providers; private final AppContext appContext; - public ExtensionProviderRegistration(final AppContext ctx, final List<Object> existings) { + public ExtensionProviderRegistration(final AppContext ctx, final List<Object> providers) { this.appContext = ctx; - this.providers = existings; + this.providers = providers; } public AppContext getAppContext() { http://git-wip-us.apache.org/repos/asf/tomee/blob/82670f9b/tck/microprofile-tck/jwt/src/main/java/org/apache/tomee/microprofile/jwt/TCKTokenParser.java ---------------------------------------------------------------------- diff --git a/tck/microprofile-tck/jwt/src/main/java/org/apache/tomee/microprofile/jwt/TCKTokenParser.java b/tck/microprofile-tck/jwt/src/main/java/org/apache/tomee/microprofile/jwt/TCKTokenParser.java new file mode 100644 index 0000000..ae563ec --- /dev/null +++ b/tck/microprofile-tck/jwt/src/main/java/org/apache/tomee/microprofile/jwt/TCKTokenParser.java @@ -0,0 +1,40 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.tomee.microprofile.jwt; + +import org.apache.tomee.microprofile.jwt.config.JWTAuthContextInfo; +import org.apache.tomee.microprofile.jwt.principal.DefaultJWTCallerPrincipalFactory; +import org.apache.tomee.microprofile.jwt.principal.JWTCallerPrincipalFactory; +import org.eclipse.microprofile.jwt.JsonWebToken; +import org.eclipse.microprofile.jwt.tck.util.ITokenParser; + +import java.security.PublicKey; +import java.security.interfaces.RSAPublicKey; + +/** + * MP-JWT TCK harness class to parse a token string + */ +public class TCKTokenParser implements ITokenParser { + + @Override + public JsonWebToken parse(final String bearerToken, final String issuer, final PublicKey publicKey) throws Exception { + final JWTAuthContextInfo authContextInfo = new JWTAuthContextInfo((RSAPublicKey) publicKey, issuer); + final JWTCallerPrincipalFactory factory = DefaultJWTCallerPrincipalFactory.instance(); + return factory.parse(bearerToken, authContextInfo); + } + +} http://git-wip-us.apache.org/repos/asf/tomee/blob/82670f9b/tck/microprofile-tck/jwt/src/test/resources/META-INF/services/org.eclipse.microprofile.jwt.tck.util.ITokenParser ---------------------------------------------------------------------- diff --git a/tck/microprofile-tck/jwt/src/test/resources/META-INF/services/org.eclipse.microprofile.jwt.tck.util.ITokenParser b/tck/microprofile-tck/jwt/src/test/resources/META-INF/services/org.eclipse.microprofile.jwt.tck.util.ITokenParser new file mode 100644 index 0000000..4dcc059 --- /dev/null +++ b/tck/microprofile-tck/jwt/src/test/resources/META-INF/services/org.eclipse.microprofile.jwt.tck.util.ITokenParser @@ -0,0 +1 @@ +org.apache.tomee.microprofile.jwt.TCKTokenParser \ No newline at end of file http://git-wip-us.apache.org/repos/asf/tomee/blob/82670f9b/tck/microprofile-tck/pom.xml ---------------------------------------------------------------------- diff --git a/tck/microprofile-tck/pom.xml b/tck/microprofile-tck/pom.xml index c48b7c5..9726358 100644 --- a/tck/microprofile-tck/pom.xml +++ b/tck/microprofile-tck/pom.xml @@ -32,6 +32,7 @@ <modules> <module>config</module> + <module>jwt</module> </modules> </project> http://git-wip-us.apache.org/repos/asf/tomee/blob/82670f9b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/TomcatSecurityService.java ---------------------------------------------------------------------- diff --git a/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/TomcatSecurityService.java b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/TomcatSecurityService.java index 81bffd4..e0e77be 100644 --- a/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/TomcatSecurityService.java +++ b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/TomcatSecurityService.java @@ -39,6 +39,7 @@ import java.util.LinkedHashSet; import java.util.LinkedList; import java.util.Set; import java.util.UUID; +import java.util.concurrent.Callable; public class TomcatSecurityService extends AbstractSecurityService { private static final boolean ONLY_DEFAULT_REALM = "true".equals(SystemInstance.get().getProperty("tomee.realm.only-default", "false")); @@ -330,4 +331,24 @@ public class TomcatSecurityService extends AbstractSecurityService { } } + @Override + protected SecurityContext getDefaultSecurityContext() { + final Request request = OpenEJBSecurityListener.requests.get(); + if (request != null) { + final Object subjectCallable = request.getAttribute("javax.security.auth.subject.callable"); + if (subjectCallable != null && Callable.class.isInstance(subjectCallable)) { + // maybe we should check, but it's so specific ... + try { + final Subject subject = (Subject) Callable.class.cast(subjectCallable).call(); + return new SecurityContext(subject); + + } catch (final Exception e) { + // ignore and let it go to the default implementation + } + } + } + + return super.getDefaultSecurityContext(); + } + } http://git-wip-us.apache.org/repos/asf/tomee/blob/82670f9b/tomee/tomee-microprofile-webapp/pom.xml ---------------------------------------------------------------------- diff --git a/tomee/tomee-microprofile-webapp/pom.xml b/tomee/tomee-microprofile-webapp/pom.xml index 927bafe..c5f56ce 100644 --- a/tomee/tomee-microprofile-webapp/pom.xml +++ b/tomee/tomee-microprofile-webapp/pom.xml @@ -39,6 +39,9 @@ <microprofile.config.api.version>1.3-SNAPSHOT</microprofile.config.api.version> <microprofile.config.impl.version>1.2-SNAPSHOT</microprofile.config.impl.version> + + <microprofile.jwt.api.version>1.1-SNAPSHOT</microprofile.jwt.api.version> + <microprofile.jwt.impl.version>${project.version}</microprofile.jwt.impl.version> </properties> <dependencies> @@ -60,6 +63,19 @@ <artifactId>geronimo-config-impl</artifactId> <version>${microprofile.config.impl.version}</version> </dependency> + + <dependency> + <groupId>org.eclipse.microprofile.jwt</groupId> + <artifactId>microprofile-jwt-auth-api</artifactId> + <version>${microprofile.jwt.api.version}</version> + </dependency> + + <dependency> + <groupId>${project.groupId}</groupId> + <artifactId>mp-jwt</artifactId> + <version>${microprofile.jwt.impl.version}</version> + </dependency> + </dependencies> <build>