Repository: tomee Updated Branches: refs/heads/master 184cfcfb5 -> 21ee2b6f8
TOMEE-1865 TOMEE-1866 capturing the request used by CDI in the host to be able to use the request in request scoped beans Project: http://git-wip-us.apache.org/repos/asf/tomee/repo Commit: http://git-wip-us.apache.org/repos/asf/tomee/commit/21ee2b6f Tree: http://git-wip-us.apache.org/repos/asf/tomee/tree/21ee2b6f Diff: http://git-wip-us.apache.org/repos/asf/tomee/diff/21ee2b6f Branch: refs/heads/master Commit: 21ee2b6f8500be3dd1e682b1c77a304904898693 Parents: 184cfcf Author: Romain manni-Bucau <rmannibu...@gmail.com> Authored: Wed Jul 13 07:42:14 2016 +0200 Committer: Romain manni-Bucau <rmannibu...@gmail.com> Committed: Wed Jul 13 07:42:14 2016 +0200 ---------------------------------------------------------------------- .../securityejb/SecurityEJBPropagationTest.java | 7 +++- .../arquillian/tests/securityejb/TheBean.java | 33 ++++++++++++++++ .../tests/securityejb/TheServerAuthModule.java | 40 ++++++++++++++------ .../tomee/catalina/OpenEJBSecurityListener.java | 32 +++++++++++++--- .../tomee/catalina/TomcatWebAppBuilder.java | 1 + 5 files changed, 96 insertions(+), 17 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/tomee/blob/21ee2b6f/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/securityejb/SecurityEJBPropagationTest.java ---------------------------------------------------------------------- diff --git a/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/securityejb/SecurityEJBPropagationTest.java b/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/securityejb/SecurityEJBPropagationTest.java index d1c4500..ec17428 100644 --- a/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/securityejb/SecurityEJBPropagationTest.java +++ b/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/securityejb/SecurityEJBPropagationTest.java @@ -37,7 +37,7 @@ public class SecurityEJBPropagationTest { public static Archive<?> app() { return ShrinkWrap.create(WebArchive.class, "jaspic-ejb.war") .addClasses( - TheAuthConfigProvider.class, TheEJb.class, TheServlet.class, Init.class, + TheAuthConfigProvider.class, TheEJb.class, TheServlet.class, Init.class, TheBean.class, TheServerAuthConfig.class, TheServerAuthContext.class, TheServerAuthModule.class, TheServerAuthModule.class); } @@ -48,4 +48,9 @@ public class SecurityEJBPropagationTest { public void run() throws IOException { assertEquals("testtestnullguest", IO.slurp(new URL(base.toExternalForm() + "test?doLogin=true"))); } + + @Test + public void cdi() throws IOException { + assertEquals("vrcstesttestnullguestsr", IO.slurp(new URL(base.toExternalForm() + "test?doLogin=true&bean=true"))); + } } http://git-wip-us.apache.org/repos/asf/tomee/blob/21ee2b6f/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/securityejb/TheBean.java ---------------------------------------------------------------------- diff --git a/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/securityejb/TheBean.java b/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/securityejb/TheBean.java new file mode 100644 index 0000000..81156e3 --- /dev/null +++ b/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/securityejb/TheBean.java @@ -0,0 +1,33 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.openejb.arquillian.tests.securityejb; + +import javax.enterprise.context.RequestScoped; +import javax.inject.Inject; +import javax.inject.Named; +import javax.servlet.http.HttpServletRequest; + +@Named +@RequestScoped +public class TheBean { + @Inject + private HttpServletRequest request; + + public void set(final String val) { + request.setAttribute("cdi", val); + } +} http://git-wip-us.apache.org/repos/asf/tomee/blob/21ee2b6f/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/securityejb/TheServerAuthModule.java ---------------------------------------------------------------------- diff --git a/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/securityejb/TheServerAuthModule.java b/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/securityejb/TheServerAuthModule.java index d285df5..1562967 100644 --- a/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/securityejb/TheServerAuthModule.java +++ b/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/securityejb/TheServerAuthModule.java @@ -5,17 +5,18 @@ * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * <p> + * http://www.apache.org/licenses/LICENSE-2.0 + * <p> + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ package org.apache.openejb.arquillian.tests.securityejb; +import javax.enterprise.inject.spi.CDI; import javax.security.auth.Subject; import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; @@ -70,6 +71,8 @@ public class TheServerAuthModule implements ServerAuthModule { throw (AuthException) new AuthException().initCause(e); } + cdi(messageInfo, "vr"); + return SUCCESS; } @@ -79,12 +82,27 @@ public class TheServerAuthModule implements ServerAuthModule { } @Override - public AuthStatus secureResponse(MessageInfo messageInfo, Subject serviceSubject) throws AuthException { + public AuthStatus secureResponse(final MessageInfo messageInfo, final Subject serviceSubject) throws AuthException { + cdi(messageInfo, "sr"); return AuthStatus.SEND_SUCCESS; } + private void cdi(final MessageInfo messageInfo, final String msg) throws AuthException { + final HttpServletRequest request = HttpServletRequest.class.cast(messageInfo.getRequestMessage()); + final HttpServletResponse response = HttpServletResponse.class.cast(messageInfo.getResponseMessage()); + if (request.getParameter("bean") != null) { + final TheBean cdiBean = CDI.current().select(TheBean.class).get(); + cdiBean.set(msg); + try { + response.getWriter().write(String.valueOf(request.getAttribute("cdi"))); + } catch (final IOException e) { + throw new AuthException(e.getMessage()); + } + } + } + @Override - public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException { - // no-op + public void cleanSubject(final MessageInfo messageInfo, final Subject subject) throws AuthException { + cdi(messageInfo, "cs"); } } http://git-wip-us.apache.org/repos/asf/tomee/blob/21ee2b6f/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/OpenEJBSecurityListener.java ---------------------------------------------------------------------- diff --git a/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/OpenEJBSecurityListener.java b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/OpenEJBSecurityListener.java index eb0cc6a..937f87f 100644 --- a/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/OpenEJBSecurityListener.java +++ b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/OpenEJBSecurityListener.java @@ -17,9 +17,12 @@ package org.apache.tomee.catalina; import org.apache.catalina.connector.Request; +import org.apache.catalina.connector.Response; +import org.apache.catalina.valves.ValveBase; import javax.servlet.AsyncEvent; import javax.servlet.AsyncListener; +import javax.servlet.ServletException; import java.io.IOException; public class OpenEJBSecurityListener implements AsyncListener { @@ -36,36 +39,55 @@ public class OpenEJBSecurityListener implements AsyncListener { @Override public void onComplete(final AsyncEvent asyncEvent) throws IOException { - exit(); + asyncExit(); } @Override public void onError(final AsyncEvent asyncEvent) throws IOException { - exit(); + asyncExit(); } @Override public void onStartAsync(final AsyncEvent asyncEvent) throws IOException { asyncEvent.getAsyncContext().addListener(this); // super vicious isnt it? that's in servlet spec, start != end events. + requests.set(request); enter(); } @Override public void onTimeout(final AsyncEvent asyncEvent) throws IOException { - exit(); + asyncExit(); + } + + private void asyncExit() { + try { + exit(); + } finally { + requests.remove(); + } } public void enter() { - requests.set(request); if (securityService != null && request.getWrapper() != null) { oldState = securityService.enterWebApp(request.getWrapper().getRealm(), request.getPrincipal(), request.getWrapper().getRunAs()); } } public void exit() { - requests.remove(); if (securityService != null) { securityService.exitWebApp(oldState); } } + + public static class RequestCapturer extends ValveBase { + @Override + public void invoke(final Request request, final Response response) throws IOException, ServletException { + requests.set(request); + try { + getNext().invoke(request, response); + } finally { + requests.remove(); + } + } + } } http://git-wip-us.apache.org/repos/asf/tomee/blob/21ee2b6f/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/TomcatWebAppBuilder.java ---------------------------------------------------------------------- diff --git a/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/TomcatWebAppBuilder.java b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/TomcatWebAppBuilder.java index 3c0981a..66226ae 100644 --- a/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/TomcatWebAppBuilder.java +++ b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/TomcatWebAppBuilder.java @@ -307,6 +307,7 @@ public class TomcatWebAppBuilder implements WebAppBuilder, ContextListener, Pare final StandardHost host = (StandardHost) engineChild; manageCluster(host.getCluster()); addTomEERealm(host); + host.addValve(new OpenEJBSecurityListener.RequestCapturer()); hosts.add(host); for (final LifecycleListener listener : host.findLifecycleListeners()) { if (listener instanceof HostConfig) {