Repository: tomee Updated Branches: refs/heads/master 07a1b8aa3 -> a52405e56
trying to enforce for security context cleanup Project: http://git-wip-us.apache.org/repos/asf/tomee/repo Commit: http://git-wip-us.apache.org/repos/asf/tomee/commit/a52405e5 Tree: http://git-wip-us.apache.org/repos/asf/tomee/tree/a52405e5 Diff: http://git-wip-us.apache.org/repos/asf/tomee/diff/a52405e5 Branch: refs/heads/master Commit: a52405e56dab47ee082dfc55eecaff3d3ca96557 Parents: 07a1b8a Author: Romain manni-Bucau <rmannibu...@gmail.com> Authored: Tue Aug 30 09:30:41 2016 +0200 Committer: Romain manni-Bucau <rmannibu...@gmail.com> Committed: Tue Aug 30 09:30:41 2016 +0200 ---------------------------------------------------------------------- .../org/apache/openejb/threads/task/CUTask.java | 55 +++++++++++++++++--- .../server/cxf/OpenEJBLoginValidator.java | 3 +- .../httpd/BasicAuthHttpListenerWrapper.java | 22 +++++--- 3 files changed, 63 insertions(+), 17 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/tomee/blob/a52405e5/container/openejb-core/src/main/java/org/apache/openejb/threads/task/CUTask.java ---------------------------------------------------------------------- diff --git a/container/openejb-core/src/main/java/org/apache/openejb/threads/task/CUTask.java b/container/openejb-core/src/main/java/org/apache/openejb/threads/task/CUTask.java index 756c58d..e3bef03 100644 --- a/container/openejb-core/src/main/java/org/apache/openejb/threads/task/CUTask.java +++ b/container/openejb-core/src/main/java/org/apache/openejb/threads/task/CUTask.java @@ -22,6 +22,9 @@ import org.apache.openejb.core.ivm.ClientSecurity; import org.apache.openejb.core.security.AbstractSecurityService; import org.apache.openejb.loader.SystemInstance; import org.apache.openejb.spi.SecurityService; +import org.apache.openejb.util.Join; +import org.apache.openejb.util.LogCategory; +import org.apache.openejb.util.Logger; import javax.security.auth.login.LoginException; import java.util.ArrayList; @@ -204,22 +207,48 @@ public abstract class CUTask<T> extends ManagedTaskListenerTask implements Compa } public void exit() { + Collection<RuntimeException> errors = null; + // exit tasks are designed to be in execution added post tasks so execution them before next ones // ie inversed ordered compared to init phase if (exitTasks != null) { - for (Runnable r : exitTasks) { - r.run(); + for (final Runnable r : exitTasks) { + try { + r.run(); + } catch (final RuntimeException re) { + if (errors == null) { + errors = new ArrayList<>(); + } + errors.add(re); + Logger.getInstance(LogCategory.OPENEJB, CUTask.class).warning(re.getMessage(), re); + } } } if (threadContext != null) { // ensure we use the same condition as point A, see OPENEJB-2109 - ThreadContext.exit(currentContext.threadContext); + try { + ThreadContext.exit(currentContext.threadContext); + } catch (final RuntimeException re) { + if (errors == null) { + errors = new ArrayList<>(); + } + errors.add(re); + Logger.getInstance(LogCategory.OPENEJB, CUTask.class).warning(re.getMessage(), re); + } } - if (!associate) { - SECURITY_SERVICE.setState(currentContext.securityServiceState); - } else { - SECURITY_SERVICE.disassociate(); + try { + if (!associate) { + SECURITY_SERVICE.setState(currentContext.securityServiceState); + } else { + SECURITY_SERVICE.disassociate(); + } + } catch (final RuntimeException re) { + if (errors == null) { + errors = new ArrayList<>(); + } + errors.add(re); + Logger.getInstance(LogCategory.OPENEJB, CUTask.class).warning(re.getMessage(), re); } /* propagation of CDI context seems wrong @@ -236,6 +265,18 @@ public abstract class CUTask<T> extends ManagedTaskListenerTask implements Compa CURRENT.set(currentContext.stack); } currentContext = null; + + if (errors != null) { + if (errors.size() == 1) { + throw errors.iterator().next(); + } + throw new OpenEJBRuntimeException(Join.join("\n", new Join.NameCallback<RuntimeException>() { + @Override + public String getName(final RuntimeException object) { + return object.getMessage(); + } + }, errors)); + } } public void pushExitTask(final Runnable runnable) { http://git-wip-us.apache.org/repos/asf/tomee/blob/a52405e5/server/openejb-cxf/src/main/java/org/apache/openejb/server/cxf/OpenEJBLoginValidator.java ---------------------------------------------------------------------- diff --git a/server/openejb-cxf/src/main/java/org/apache/openejb/server/cxf/OpenEJBLoginValidator.java b/server/openejb-cxf/src/main/java/org/apache/openejb/server/cxf/OpenEJBLoginValidator.java index fd7a518..1c6fc77 100644 --- a/server/openejb-cxf/src/main/java/org/apache/openejb/server/cxf/OpenEJBLoginValidator.java +++ b/server/openejb-cxf/src/main/java/org/apache/openejb/server/cxf/OpenEJBLoginValidator.java @@ -55,8 +55,7 @@ public class OpenEJBLoginValidator extends UsernameTokenValidator { if (AbstractSecurityService.class.isInstance(securityService) && AbstractSecurityService.class.cast(securityService).currentState() == null) { securityService.associate(token); } - - } catch (LoginException e) { + } catch (final LoginException e) { throw new SecurityException("cannot log user " + user, e); } } http://git-wip-us.apache.org/repos/asf/tomee/blob/a52405e5/server/openejb-http/src/main/java/org/apache/openejb/server/httpd/BasicAuthHttpListenerWrapper.java ---------------------------------------------------------------------- diff --git a/server/openejb-http/src/main/java/org/apache/openejb/server/httpd/BasicAuthHttpListenerWrapper.java b/server/openejb-http/src/main/java/org/apache/openejb/server/httpd/BasicAuthHttpListenerWrapper.java index 885b8e2..cfd01dd 100644 --- a/server/openejb-http/src/main/java/org/apache/openejb/server/httpd/BasicAuthHttpListenerWrapper.java +++ b/server/openejb-http/src/main/java/org/apache/openejb/server/httpd/BasicAuthHttpListenerWrapper.java @@ -61,14 +61,20 @@ public class BasicAuthHttpListenerWrapper implements HttpListener { } } - if (token != null || HttpRequest.Method.GET.name().equals(request.getMethod())) { - httpListener.onMessage(request, response); - } else { - // login failed, return 401 - } - - if (token != null) { - getSecurityService().disassociate(); + try { + if (token != null || HttpRequest.Method.GET.name().equals(request.getMethod())) { + httpListener.onMessage(request, response); + } else { + // login failed, return 401 + } + } finally { + if (token != null) { + final SecurityService securityService = getSecurityService(); + final Object disassociate = securityService.disassociate(); + if (disassociate != null) { + securityService.logout(disassociate); + } + } } }