openwebbeans-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rmannibu...@apache.org
Subject svn commit: r1767534 - in /openwebbeans/microwave/trunk/microwave-core/src: main/java/org/apache/microwave/ main/java/org/apache/microwave/openwebbeans/ main/resources/META-INF/openwebbeans/ test/java/org/apache/microwave/ test/java/org/superbiz/app/
Date Tue, 01 Nov 2016 17:59:22 GMT
Author: rmannibucau
Date: Tue Nov  1 17:59:22 2016
New Revision: 1767534

URL: http://svn.apache.org/viewvc?rev=1767534&view=rev
Log:
testing and fixing security setup

Added:
    openwebbeans/microwave/trunk/microwave-core/src/main/java/org/apache/microwave/openwebbeans/MicrowaveSecurityService.java
    openwebbeans/microwave/trunk/microwave-core/src/test/java/org/apache/microwave/PrincipalTest.java
Modified:
    openwebbeans/microwave/trunk/microwave-core/src/main/java/org/apache/microwave/Microwave.java
    openwebbeans/microwave/trunk/microwave-core/src/main/resources/META-INF/openwebbeans/openwebbeans.properties
    openwebbeans/microwave/trunk/microwave-core/src/test/java/org/superbiz/app/Endpoint.java

Modified: openwebbeans/microwave/trunk/microwave-core/src/main/java/org/apache/microwave/Microwave.java
URL: http://svn.apache.org/viewvc/openwebbeans/microwave/trunk/microwave-core/src/main/java/org/apache/microwave/Microwave.java?rev=1767534&r1=1767533&r2=1767534&view=diff
==============================================================================
--- openwebbeans/microwave/trunk/microwave-core/src/main/java/org/apache/microwave/Microwave.java
(original)
+++ openwebbeans/microwave/trunk/microwave-core/src/main/java/org/apache/microwave/Microwave.java
Tue Nov  1 17:59:22 2016
@@ -188,14 +188,13 @@ public class Microwave implements AutoCl
             }
             ctx.setJarScanner(jarScanner);
         });
-        ctx.addLifecycleListener(new Tomcat.FixContextListener());
         ctx.addLifecycleListener(new MicrowaveContextConfig(configuration));
         ctx.addLifecycleListener(event -> {
             switch (event.getType()) {
                 case Lifecycle.AFTER_START_EVENT:
                     ctx.getResources().setCachingAllowed(configuration.webResourceCached);
                     break;
-                case Lifecycle.BEFORE_START_EVENT:
+                case Lifecycle.BEFORE_INIT_EVENT:
                     if (configuration.loginConfig != null) {
                         ctx.setLoginConfig(configuration.loginConfig.build());
                     }
@@ -210,6 +209,7 @@ public class Microwave implements AutoCl
             }
 
         });
+        ctx.addLifecycleListener(new Tomcat.FixContextListener()); // after having configured
the security!!!
 
         ctx.addServletContainerInitializer((c, ctx1) -> {
             ctx.getServletContext().setAttribute("microwave.configuration", configuration);
@@ -973,6 +973,11 @@ public class Microwave implements AutoCl
             return loginConfig;
         }
 
+        public Builder loginConfig(final LoginConfigBuilder loginConfig) {
+            setLoginConfig(loginConfig);
+            return this;
+        }
+
         public void setLoginConfig(final LoginConfigBuilder loginConfig) {
             this.loginConfig = loginConfig;
         }
@@ -981,6 +986,12 @@ public class Microwave implements AutoCl
             return securityConstraints;
         }
 
+        public Builder securityConstraints(final SecurityConstaintBuilder securityConstraint)
{
+            securityConstraints = securityConstraints == null ? new ArrayList<>() :
securityConstraints;
+            securityConstraints.add(securityConstraint);
+            return this;
+        }
+
         public void setSecurityConstraints(final Collection<SecurityConstaintBuilder>
securityConstraints) {
             this.securityConstraints = securityConstraints;
         }
@@ -989,6 +1000,11 @@ public class Microwave implements AutoCl
             return realm;
         }
 
+        public Builder realm(final Realm realm) {
+            setRealm(realm);
+            return this;
+        }
+
         public void setRealm(final Realm realm) {
             this.realm = realm;
         }

Added: openwebbeans/microwave/trunk/microwave-core/src/main/java/org/apache/microwave/openwebbeans/MicrowaveSecurityService.java
URL: http://svn.apache.org/viewvc/openwebbeans/microwave/trunk/microwave-core/src/main/java/org/apache/microwave/openwebbeans/MicrowaveSecurityService.java?rev=1767534&view=auto
==============================================================================
--- openwebbeans/microwave/trunk/microwave-core/src/main/java/org/apache/microwave/openwebbeans/MicrowaveSecurityService.java
(added)
+++ openwebbeans/microwave/trunk/microwave-core/src/main/java/org/apache/microwave/openwebbeans/MicrowaveSecurityService.java
Tue Nov  1 17:59:22 2016
@@ -0,0 +1,124 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.microwave.openwebbeans;
+
+import org.apache.webbeans.corespi.security.ManagedSecurityService;
+import org.apache.webbeans.spi.SecurityService;
+
+import javax.enterprise.inject.spi.BeanManager;
+import javax.enterprise.inject.spi.CDI;
+import javax.servlet.http.HttpServletRequest;
+import java.lang.reflect.AccessibleObject;
+import java.lang.reflect.Constructor;
+import java.lang.reflect.Field;
+import java.lang.reflect.Method;
+import java.security.Principal;
+import java.security.PrivilegedActionException;
+import java.util.Properties;
+
+public class MicrowaveSecurityService implements SecurityService {
+    private final SecurityService securityService = new ManagedSecurityService();
+
+    @Override // reason of that class
+    public Principal getCurrentPrincipal() {
+        return new MicrowavePrincipal();
+    }
+
+    @Override
+    public <T> Constructor<T> doPrivilegedGetDeclaredConstructor(final Class<T>
aClass, final Class<?>... classes) {
+        return securityService.doPrivilegedGetDeclaredConstructor(aClass, classes);
+    }
+
+    @Override
+    public <T> Constructor<T> doPrivilegedGetConstructor(final Class<T>
aClass, final Class<?>... classes) {
+        return securityService.doPrivilegedGetConstructor(aClass, classes);
+    }
+
+    @Override
+    public <T> Constructor<?>[] doPrivilegedGetDeclaredConstructors(final Class<T>
aClass) {
+        return securityService.doPrivilegedGetDeclaredConstructors(aClass);
+    }
+
+    @Override
+    public <T> Method doPrivilegedGetDeclaredMethod(final Class<T> aClass, final
String s, final Class<?>... classes) {
+        return securityService.doPrivilegedGetDeclaredMethod(aClass, s, classes);
+    }
+
+    @Override
+    public <T> Method[] doPrivilegedGetDeclaredMethods(final Class<T> aClass)
{
+        return securityService.doPrivilegedGetDeclaredMethods(aClass);
+    }
+
+    @Override
+    public <T> Field doPrivilegedGetDeclaredField(final Class<T> aClass, final
String s) {
+        return securityService.doPrivilegedGetDeclaredField(aClass, s);
+    }
+
+    @Override
+    public <T> Field[] doPrivilegedGetDeclaredFields(final Class<T> aClass) {
+        return securityService.doPrivilegedGetDeclaredFields(aClass);
+    }
+
+    @Override
+    public void doPrivilegedSetAccessible(final AccessibleObject accessibleObject, final
boolean b) {
+        securityService.doPrivilegedSetAccessible(accessibleObject, b);
+    }
+
+    @Override
+    public boolean doPrivilegedIsAccessible(final AccessibleObject accessibleObject) {
+        return securityService.doPrivilegedIsAccessible(accessibleObject);
+    }
+
+    @Override
+    public <T> T doPrivilegedObjectCreate(final Class<T> aClass) throws PrivilegedActionException,
IllegalAccessException, InstantiationException {
+        return securityService.doPrivilegedObjectCreate(aClass);
+    }
+
+    @Override
+    public void doPrivilegedSetSystemProperty(final String s, final String s1) {
+        securityService.doPrivilegedSetSystemProperty(s, s1);
+    }
+
+    @Override
+    public String doPrivilegedGetSystemProperty(final String s, final String s1) {
+        return securityService.doPrivilegedGetSystemProperty(s, s1);
+    }
+
+    @Override
+    public Properties doPrivilegedGetSystemProperties() {
+        return securityService.doPrivilegedGetSystemProperties();
+    }
+
+    // ensure it is contextual
+    public static class MicrowavePrincipal implements Principal {
+        @Override
+        public String getName() {
+            return unwrap().getName();
+        }
+
+        public /*ensure user can cast it to get the actual instance*/ Principal unwrap()
{
+            final BeanManager beanManager = CDI.current().getBeanManager();
+            return HttpServletRequest.class.cast(
+                    beanManager.getReference(
+                            beanManager.resolve(beanManager.getBeans(HttpServletRequest.class)),
HttpServletRequest.class,
+                            beanManager.createCreationalContext(null)))
+                    .getUserPrincipal();
+        }
+    }
+}

Modified: openwebbeans/microwave/trunk/microwave-core/src/main/resources/META-INF/openwebbeans/openwebbeans.properties
URL: http://svn.apache.org/viewvc/openwebbeans/microwave/trunk/microwave-core/src/main/resources/META-INF/openwebbeans/openwebbeans.properties?rev=1767534&r1=1767533&r2=1767534&view=diff
==============================================================================
--- openwebbeans/microwave/trunk/microwave-core/src/main/resources/META-INF/openwebbeans/openwebbeans.properties
(original)
+++ openwebbeans/microwave/trunk/microwave-core/src/main/resources/META-INF/openwebbeans/openwebbeans.properties
Tue Nov  1 17:59:22 2016
@@ -17,3 +17,4 @@
 configuration.ordinal=1000
 org.apache.xbean.finder.filter.Filter=org.apache.microwave.openwebbeans.KnowClassesFilter
 org.apache.webbeans.spi.ScannerService=org.apache.microwave.openwebbeans.OWBTomcatWebScannerService
+org.apache.webbeans.spi.SecurityService=org.apache.microwave.openwebbeans.MicrowaveSecurityService

Added: openwebbeans/microwave/trunk/microwave-core/src/test/java/org/apache/microwave/PrincipalTest.java
URL: http://svn.apache.org/viewvc/openwebbeans/microwave/trunk/microwave-core/src/test/java/org/apache/microwave/PrincipalTest.java?rev=1767534&view=auto
==============================================================================
--- openwebbeans/microwave/trunk/microwave-core/src/test/java/org/apache/microwave/PrincipalTest.java
(added)
+++ openwebbeans/microwave/trunk/microwave-core/src/test/java/org/apache/microwave/PrincipalTest.java
Tue Nov  1 17:59:22 2016
@@ -0,0 +1,87 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.microwave;
+
+import org.apache.catalina.realm.RealmBase;
+import org.apache.microwave.io.IO;
+import org.junit.Test;
+
+import java.io.IOException;
+import java.net.HttpURLConnection;
+import java.net.URL;
+import java.net.URLConnection;
+import java.nio.charset.StandardCharsets;
+import java.security.Principal;
+
+import static javax.xml.bind.DatatypeConverter.printBase64Binary;
+import static org.junit.Assert.assertEquals;
+
+public class PrincipalTest {
+    @Test
+    public void run() throws IOException {
+        try (final Microwave container = new Microwave(new Microwave.Builder()
+                .randomHttpPort()
+                .realm(new RealmBase() {
+                    @Override
+                    protected String getName() {
+                        return "test";
+                    }
+
+                    @Override
+                    protected String getPassword(final String username) {
+                        return "foo".equals(username) ? "pwd" : null;
+                    }
+
+                    @Override
+                    protected Principal getPrincipal(final String username) {
+                        return new MyPrincipal(username);
+                    }
+                }).loginConfig(new Microwave.LoginConfigBuilder()
+                        .basic()
+                        .realmName("basic realm"))
+                .securityConstraints(new Microwave.SecurityConstaintBuilder()
+                        .authConstraint(true)
+                        .addAuthRole("**")
+                        .addCollection("secured", "/*")))
+                .bake()) {
+            assertEquals(
+                    "org.apache.microwave.PrincipalTest$MyPrincipal_foo  org.apache.webbeans.custom.security.Principal_foo",
+                    slurp(new URL("http://localhost:" + container.getConfiguration().getHttpPort()
+ "/api/test/principal")));
+        }
+    }
+
+    private String slurp(final URL url) throws IOException {
+        final URLConnection is = HttpURLConnection.class.cast(url.openConnection());
+        is.setRequestProperty("Authorization", "Basic " + printBase64Binary("foo:pwd".getBytes(StandardCharsets.UTF_8)));
+        return IO.toString(is.getInputStream());
+    }
+
+    private static class MyPrincipal implements Principal {
+        private final String name;
+
+        private MyPrincipal(final String username) {
+            this.name = username;
+        }
+
+        @Override
+        public String getName() {
+            return name;
+        }
+    }
+}

Modified: openwebbeans/microwave/trunk/microwave-core/src/test/java/org/superbiz/app/Endpoint.java
URL: http://svn.apache.org/viewvc/openwebbeans/microwave/trunk/microwave-core/src/test/java/org/superbiz/app/Endpoint.java?rev=1767534&r1=1767533&r2=1767534&view=diff
==============================================================================
--- openwebbeans/microwave/trunk/microwave-core/src/test/java/org/superbiz/app/Endpoint.java
(original)
+++ openwebbeans/microwave/trunk/microwave-core/src/test/java/org/superbiz/app/Endpoint.java
Tue Nov  1 17:59:22 2016
@@ -20,11 +20,13 @@ package org.superbiz.app;
 
 import javax.enterprise.context.ApplicationScoped;
 import javax.inject.Inject;
+import javax.servlet.http.HttpServletRequest;
 import javax.ws.rs.GET;
 import javax.ws.rs.Path;
 import javax.ws.rs.Produces;
 import javax.ws.rs.QueryParam;
 import javax.ws.rs.core.MediaType;
+import java.security.Principal;
 
 import static java.util.Optional.ofNullable;
 
@@ -34,6 +36,12 @@ public class Endpoint {
     @Inject
     private Injectable injectable;
 
+    @Inject
+    private Principal pcp;
+
+    @Inject
+    private HttpServletRequest request;
+
     @GET
     @Produces(MediaType.TEXT_PLAIN)
     public String simple(@QueryParam("checkcustom") final String query) {
@@ -47,6 +55,15 @@ public class Endpoint {
         return new Simple("test");
     }
 
+
+    @GET
+    @Path("principal")
+    @Produces(MediaType.TEXT_PLAIN)
+    public String principal() {
+        return request.getUserPrincipal().getClass().getName() + "_" + request.getUserPrincipal().getName()
+ "  " +
+                pcp.getClass().getName().replaceAll("\\$\\$OwbNormalScopeProxy[0-9]+", "")
+ "_" + pcp.getName();
+    }
+
     public static class Simple {
         private String name;
 



Mime
View raw message