This is an automated email from the ASF dual-hosted git repository. jlmonteiro pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomee.git
The following commit(s) were added to refs/heads/master by this push: new 276a9e6 Better fix for default Tomcat User identity store 276a9e6 is described below commit 276a9e6aab8f1103ab39beaa8bfe5e2bf4b7cd68 Author: Jean-Louis Monteiro <jeano...@gmail.com> AuthorDate: Wed Jul 15 16:00:12 2020 +0200 Better fix for default Tomcat User identity store --- .../tomee/security/cdi/TomEESecurityExtension.java | 29 +++++++++++++++++++- .../cdi/TomcatUserIdentityStoreDefinition.java | 31 ++++++++++++++++++++++ .../identitystore/TomEEDefaultIdentityStore.java | 11 +++++++- .../security/context/SecurityContextTest.java | 4 +++ .../security/servlet/BasicAuthServletTest.java | 2 ++ .../security/servlet/FormAuthServletTest.java | 3 +++ .../tomee/security/servlet/SimpleServletTest.java | 2 ++ 7 files changed, 80 insertions(+), 2 deletions(-) diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityExtension.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityExtension.java index 82683c8..7a315be 100644 --- a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityExtension.java +++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityExtension.java @@ -57,6 +57,7 @@ public class TomEESecurityExtension implements Extension { private final Set<AnnotatedType> formAuthentication = new HashSet<>(); private final Set<AnnotatedType> customAuthentication = new HashSet<>(); + private final Set<AnnotatedType> tomcatUserIdentityStore = new HashSet<>(); private final Set<AnnotatedType> databaseIdentityStore = new HashSet<>(); private final Set<AnnotatedType> ldapIdentityStore = new HashSet<>(); @@ -82,12 +83,17 @@ public class TomEESecurityExtension implements Extension { void processIdentityStores( @Observes @WithAnnotations({ + TomcatUserIdentityStoreDefinition.class, DatabaseIdentityStoreDefinition.class, LdapIdentityStoreDefinition.class }) final ProcessAnnotatedType<?> processAnnotatedType) { final AnnotatedType<?> annotatedType = processAnnotatedType.getAnnotatedType(); + if (annotatedType.isAnnotationPresent(TomcatUserIdentityStoreDefinition.class)) { + tomcatUserIdentityStore.add(annotatedType); + } + if (annotatedType.isAnnotationPresent(DatabaseIdentityStoreDefinition.class)) { databaseIdentityStore.add(annotatedType); } @@ -125,7 +131,17 @@ public class TomEESecurityExtension implements Extension { @Observes final AfterBeanDiscovery afterBeanDiscovery, final BeanManager beanManager) { - if (databaseIdentityStore.isEmpty() && ldapIdentityStore.isEmpty()) { // add out identity store + if (!tomcatUserIdentityStore.isEmpty()) { + afterBeanDiscovery + .addBean() + .id(TomEEDefaultIdentityStore.class.getName() + "#" + TomcatUserIdentityStoreDefinition.class.getName()) + .beanClass(Supplier.class) + .addType(Object.class) + .addType(new TypeLiteral<Supplier<TomcatUserIdentityStoreDefinition>>() {}) + .qualifiers(Default.Literal.INSTANCE, Any.Literal.INSTANCE) + .scope(ApplicationScoped.class) + .createWith(creationalContext -> createTomcatUserIdentityStoreDefinitionSupplier(beanManager)); + afterBeanDiscovery .addBean() .id(TomEEDefaultIdentityStore.class.getName()) @@ -313,6 +329,17 @@ public class TomEESecurityExtension implements Extension { }; } + private Supplier<TomcatUserIdentityStoreDefinition> createTomcatUserIdentityStoreDefinitionSupplier(final BeanManager beanManager) { + return () -> { + final TomcatUserIdentityStoreDefinition annotation = tomcatUserIdentityStore.iterator() + .next() + .getAnnotation( + TomcatUserIdentityStoreDefinition.class); + + return TomEEELInvocationHandler.of(TomcatUserIdentityStoreDefinition.class, annotation, beanManager); + }; + } + private Supplier<DatabaseIdentityStoreDefinition> createDatabaseIdentityStoreDefinitionSupplier(final BeanManager beanManager) { return () -> { final DatabaseIdentityStoreDefinition annotation = databaseIdentityStore.iterator() diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomcatUserIdentityStoreDefinition.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomcatUserIdentityStoreDefinition.java new file mode 100644 index 0000000..3d2644e --- /dev/null +++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomcatUserIdentityStoreDefinition.java @@ -0,0 +1,31 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.tomee.security.cdi; + +import java.lang.annotation.Retention; +import java.lang.annotation.Target; + +import static java.lang.annotation.ElementType.TYPE; +import static java.lang.annotation.RetentionPolicy.RUNTIME; + +@Retention(RUNTIME) +@Target(TYPE) +public @interface TomcatUserIdentityStoreDefinition { + + String resource() default "UserDatabase"; + +} \ No newline at end of file diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/identitystore/TomEEDefaultIdentityStore.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/identitystore/TomEEDefaultIdentityStore.java index 3ddb53a..2fd7c9f 100644 --- a/tomee/tomee-security/src/main/java/org/apache/tomee/security/identitystore/TomEEDefaultIdentityStore.java +++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/identitystore/TomEEDefaultIdentityStore.java @@ -22,9 +22,11 @@ import org.apache.catalina.core.StandardServer; import org.apache.catalina.deploy.NamingResourcesImpl; import org.apache.tomcat.util.descriptor.web.ContextResource; import org.apache.tomee.loader.TomcatHelper; +import org.apache.tomee.security.cdi.TomcatUserIdentityStoreDefinition; import javax.annotation.PostConstruct; import javax.enterprise.context.ApplicationScoped; +import javax.inject.Inject; import javax.security.enterprise.credential.Credential; import javax.security.enterprise.credential.UsernamePasswordCredential; import javax.security.enterprise.identitystore.CredentialValidationResult; @@ -32,19 +34,26 @@ import javax.security.enterprise.identitystore.IdentityStore; import javax.security.enterprise.identitystore.IdentityStorePermission; import java.util.HashSet; import java.util.Set; +import java.util.function.Supplier; import static java.util.Collections.emptySet; @ApplicationScoped public class TomEEDefaultIdentityStore implements IdentityStore { + @Inject + private Supplier<TomcatUserIdentityStoreDefinition> definitionSupplier; + private TomcatUserIdentityStoreDefinition definition; + private UserDatabase userDatabase; @PostConstruct private void init() throws Exception { + definition = definitionSupplier.get(); + final StandardServer server = TomcatHelper.getServer(); final NamingResourcesImpl resources = server.getGlobalNamingResources(); - final ContextResource userDataBaseResource = resources.findResource("UserDatabase"); + final ContextResource userDataBaseResource = resources.findResource(definition.resource()); userDatabase = (UserDatabase) server.getGlobalNamingContext().lookup(userDataBaseResource.getName()); } diff --git a/tomee/tomee-security/src/test/java/org/apache/tomee/security/context/SecurityContextTest.java b/tomee/tomee-security/src/test/java/org/apache/tomee/security/context/SecurityContextTest.java index 4e626bd..9c26db5 100644 --- a/tomee/tomee-security/src/test/java/org/apache/tomee/security/context/SecurityContextTest.java +++ b/tomee/tomee-security/src/test/java/org/apache/tomee/security/context/SecurityContextTest.java @@ -17,6 +17,7 @@ package org.apache.tomee.security.context; import org.apache.tomee.security.AbstractTomEESecurityTest; +import org.apache.tomee.security.cdi.TomcatUserIdentityStoreDefinition; import org.junit.Test; import javax.inject.Inject; @@ -97,6 +98,7 @@ public class SecurityContextTest extends AbstractTomEESecurityTest { .get().getStatus()); } + @TomcatUserIdentityStoreDefinition @WebServlet(urlPatterns = "/securityContext") public static class TestServlet extends HttpServlet { @Inject @@ -118,6 +120,7 @@ public class SecurityContextTest extends AbstractTomEESecurityTest { } } + @TomcatUserIdentityStoreDefinition @WebServlet(urlPatterns = "/securityContextPrincipal") public static class PrincipalServlet extends HttpServlet { @Inject @@ -141,6 +144,7 @@ public class SecurityContextTest extends AbstractTomEESecurityTest { } } + @TomcatUserIdentityStoreDefinition @WebServlet(urlPatterns = "/securityContextRole") public static class RoleServlet extends HttpServlet { @Inject diff --git a/tomee/tomee-security/src/test/java/org/apache/tomee/security/servlet/BasicAuthServletTest.java b/tomee/tomee-security/src/test/java/org/apache/tomee/security/servlet/BasicAuthServletTest.java index 93c06c3..3ab8894 100644 --- a/tomee/tomee-security/src/test/java/org/apache/tomee/security/servlet/BasicAuthServletTest.java +++ b/tomee/tomee-security/src/test/java/org/apache/tomee/security/servlet/BasicAuthServletTest.java @@ -17,6 +17,7 @@ package org.apache.tomee.security.servlet; import org.apache.tomee.security.AbstractTomEESecurityTest; +import org.apache.tomee.security.cdi.TomcatUserIdentityStoreDefinition; import org.apache.tomee.security.client.BasicAuthFilter; import org.junit.Test; @@ -79,6 +80,7 @@ public class BasicAuthServletTest extends AbstractTomEESecurityTest { .get().getStatus()); } + @TomcatUserIdentityStoreDefinition @WebServlet(urlPatterns = "/basic") @ServletSecurity(@HttpConstraint(rolesAllowed = "tomcat")) @BasicAuthenticationMechanismDefinition diff --git a/tomee/tomee-security/src/test/java/org/apache/tomee/security/servlet/FormAuthServletTest.java b/tomee/tomee-security/src/test/java/org/apache/tomee/security/servlet/FormAuthServletTest.java index c695223..efb6873 100644 --- a/tomee/tomee-security/src/test/java/org/apache/tomee/security/servlet/FormAuthServletTest.java +++ b/tomee/tomee-security/src/test/java/org/apache/tomee/security/servlet/FormAuthServletTest.java @@ -21,6 +21,7 @@ import com.gargoylesoftware.htmlunit.WebClient; import com.gargoylesoftware.htmlunit.html.HtmlForm; import com.gargoylesoftware.htmlunit.html.HtmlPage; import org.apache.tomee.security.AbstractTomEESecurityTest; +import org.apache.tomee.security.cdi.TomcatUserIdentityStoreDefinition; import org.junit.Test; import javax.security.enterprise.authentication.mechanism.http.FormAuthenticationMechanismDefinition; @@ -54,6 +55,7 @@ public class FormAuthServletTest extends AbstractTomEESecurityTest { assertEquals("ok!", webClient.getPage(getAppUrl() + "/form").getWebResponse().getContentAsString()); } + @TomcatUserIdentityStoreDefinition @WebServlet(urlPatterns = "/login") public static class LoginServlet extends HttpServlet { @Override @@ -86,6 +88,7 @@ public class FormAuthServletTest extends AbstractTomEESecurityTest { } } + @TomcatUserIdentityStoreDefinition @WebServlet(urlPatterns = "/form") @ServletSecurity(@HttpConstraint(rolesAllowed = "tomcat")) @FormAuthenticationMechanismDefinition( diff --git a/tomee/tomee-security/src/test/java/org/apache/tomee/security/servlet/SimpleServletTest.java b/tomee/tomee-security/src/test/java/org/apache/tomee/security/servlet/SimpleServletTest.java index 7b37d51..bed87ea 100644 --- a/tomee/tomee-security/src/test/java/org/apache/tomee/security/servlet/SimpleServletTest.java +++ b/tomee/tomee-security/src/test/java/org/apache/tomee/security/servlet/SimpleServletTest.java @@ -17,6 +17,7 @@ package org.apache.tomee.security.servlet; import org.apache.tomee.security.AbstractTomEESecurityTest; +import org.apache.tomee.security.cdi.TomcatUserIdentityStoreDefinition; import org.junit.Test; import javax.servlet.ServletException; @@ -42,6 +43,7 @@ public class SimpleServletTest extends AbstractTomEESecurityTest { assertEquals(200, response.getStatus()); } + @TomcatUserIdentityStoreDefinition @WebServlet(urlPatterns = "/servlet") public static class TestServlet extends HttpServlet { @Override