tomee-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jlmonte...@apache.org
Subject [2/2] tomee git commit: First impl of TOMEE-1487
Date Thu, 08 Jan 2015 14:27:32 GMT
First impl of TOMEE-1487


Project: http://git-wip-us.apache.org/repos/asf/tomee/repo
Commit: http://git-wip-us.apache.org/repos/asf/tomee/commit/4b4447af
Tree: http://git-wip-us.apache.org/repos/asf/tomee/tree/4b4447af
Diff: http://git-wip-us.apache.org/repos/asf/tomee/diff/4b4447af

Branch: refs/heads/develop
Commit: 4b4447afe173cb06d0bea241fca031e0e8b5f3ba
Parents: a700640
Author: Jean-Louis Monteiro <jeanouii@gmail.com>
Authored: Thu Jan 8 00:53:23 2015 +0100
Committer: Jean-Louis Monteiro <jeanouii@gmail.com>
Committed: Thu Jan 8 14:57:00 2015 +0100

----------------------------------------------------------------------
 .../arquillian-tomee-webprofile-tests/pom.xml   |   6 +
 .../tests/realm/CdiEventRealmIntegTest.java     | 124 ++++++++++++
 .../tests/realm/CdiEventRealmTest.java          | 191 ++++++++++++++++++
 .../tomee/catalina/realm/CdiEventRealm.java     | 193 +++++++++++++++++++
 .../realm/event/BaseAuthenticationEvent.java    |  32 +++
 .../realm/event/DigestAuthenticationEvent.java  |  76 ++++++++
 .../event/FindSecurityConstraintsEvent.java     |  52 +++++
 .../realm/event/GssAuthenticationEvent.java     |  38 ++++
 .../realm/event/HasResourcePermissionEvent.java |  63 ++++++
 .../catalina/realm/event/HasRoleEvent.java      |  55 ++++++
 .../realm/event/HasUserDataPermissionEvent.java |  55 ++++++
 .../realm/event/SslAuthenticationEvent.java     |  32 +++
 .../event/UserPasswordAuthenticationEvent.java  |  37 ++++
 13 files changed, 954 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/tomee/blob/4b4447af/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/pom.xml
----------------------------------------------------------------------
diff --git a/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/pom.xml b/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/pom.xml
index dcba88a..fa422fa 100644
--- a/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/pom.xml
+++ b/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/pom.xml
@@ -35,6 +35,12 @@
       <groupId>org.apache.commons</groupId>
       <version>${commons-lang3.version}</version>
     </dependency>
+    <dependency>
+      <groupId>org.mockito</groupId>
+      <artifactId>mockito-all</artifactId>
+      <version>1.9.5</version>
+      <scope>test</scope>
+    </dependency>
   </dependencies>
 
   <build>

http://git-wip-us.apache.org/repos/asf/tomee/blob/4b4447af/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/realm/CdiEventRealmIntegTest.java
----------------------------------------------------------------------
diff --git a/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/realm/CdiEventRealmIntegTest.java
b/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/realm/CdiEventRealmIntegTest.java
new file mode 100644
index 0000000..d8c1b06
--- /dev/null
+++ b/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/realm/CdiEventRealmIntegTest.java
@@ -0,0 +1,124 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.openejb.arquillian.tests.realm;
+
+import jdk.nashorn.internal.ir.annotations.Ignore;
+import org.apache.catalina.authenticator.BasicAuthenticator;
+import org.apache.catalina.realm.GenericPrincipal;
+import org.apache.cxf.jaxrs.client.WebClient;
+import org.apache.tomee.catalina.realm.CdiEventRealm;
+import org.apache.tomee.catalina.realm.event.UserPasswordAuthenticationEvent;
+import org.jboss.arquillian.container.test.api.Deployment;
+import org.jboss.arquillian.junit.Arquillian;
+import org.jboss.arquillian.test.api.ArquillianResource;
+import org.jboss.shrinkwrap.api.Archive;
+import org.jboss.shrinkwrap.api.ShrinkWrap;
+import org.jboss.shrinkwrap.api.asset.EmptyAsset;
+import org.jboss.shrinkwrap.api.asset.StringAsset;
+import org.jboss.shrinkwrap.api.spec.WebArchive;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import javax.annotation.security.RolesAllowed;
+import javax.ejb.Singleton;
+import javax.enterprise.context.RequestScoped;
+import javax.enterprise.event.Observes;
+import javax.inject.Inject;
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.core.Response;
+import java.net.URL;
+import java.util.Arrays;
+
+import static org.junit.Assert.assertEquals;
+
+@RunWith(Arquillian.class)
+@Ignore
+public class CdiEventRealmIntegTest
+{
+    @Deployment(testable = false)
+    public static Archive<?> war() {
+        return ShrinkWrap.create(WebArchive.class, "realm-test.war")
+                .addClasses(MultiAuthenticator.class, MyService.class)
+                .addAsWebResource(EmptyAsset.INSTANCE, "beans.xml")
+                .addAsManifestResource(new StringAsset("<Context preemptive=\"true\" antiJARLocking=\"true\">\n"
+
+                        "<Valve className=\"" + BasicAuthenticator.class.getName() + "\"
/>\n" +
+                        "<Realm className=\"" + CdiEventRealm.class.getName() + "\" />\n"
+
+                        "</Context>"), "context.xml");
+    }
+
+    @ArquillianResource
+    private URL webapp;
+
+    @Test
+    public void success() {
+        final String val = WebClient.create(webapp.toExternalForm(), "admin", "secret", null)
+                .path("/test").get(String.class);
+
+        assertEquals("ok", val);
+    }
+
+    @Test
+    public void notAuthorized() {
+        final Response val = WebClient.create(webapp.toExternalForm(), "user", "secret",
null)
+                .path("/test").get();
+
+        assertEquals(403, val.getStatus());
+    }
+
+    @Test
+    public void notAuthenticated() {
+        final Response val = WebClient.create(webapp.toExternalForm(), "admin", "bla bla",
null)
+                .path("/test").get();
+
+        assertEquals(401, val.getStatus());
+    }
+
+
+    @Path("/test")
+    @Singleton
+    public static class MyService {
+        @Inject
+        private MultiAuthenticator authenticator;
+
+        @GET
+        @RolesAllowed("admin")
+        public String hello() {
+            return authenticator.stacked ? "ok" : "ko";
+        }
+    }
+
+    @RequestScoped
+    public static class MultiAuthenticator {
+        private boolean stacked = false;
+
+        public void authenticate(@Observes final UserPasswordAuthenticationEvent event) {
+            System.err.println(">> enter > " + event.getUsername());
+            assertEquals("secret", event.getCredential());
+            event.setPrincipal(new GenericPrincipal(event.getUsername(), "", Arrays.asList(event.getUsername())));
+        }
+
+        public void stacked(@Observes final UserPasswordAuthenticationEvent event) {
+            stacked = true;
+        }
+
+        public boolean isStacked() {
+            return stacked;
+        }
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/tomee/blob/4b4447af/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/realm/CdiEventRealmTest.java
----------------------------------------------------------------------
diff --git a/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/realm/CdiEventRealmTest.java
b/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/realm/CdiEventRealmTest.java
new file mode 100644
index 0000000..c9e1b9e
--- /dev/null
+++ b/arquillian/arquillian-tomee-tests/arquillian-tomee-webprofile-tests/src/test/java/org/apache/openejb/arquillian/tests/realm/CdiEventRealmTest.java
@@ -0,0 +1,191 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.openejb.arquillian.tests.realm;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.Wrapper;
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
+import org.apache.catalina.realm.GenericPrincipal;
+import org.apache.openejb.jee.WebApp;
+import org.apache.openejb.junit.ApplicationComposer;
+import org.apache.openejb.testing.Classes;
+import org.apache.openejb.testing.Module;
+import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
+import org.apache.tomee.catalina.realm.CdiEventRealm;
+import org.apache.tomee.catalina.realm.event.DigestAuthenticationEvent;
+import org.apache.tomee.catalina.realm.event.FindSecurityConstraintsEvent;
+import org.apache.tomee.catalina.realm.event.GssAuthenticationEvent;
+import org.apache.tomee.catalina.realm.event.HasResourcePermissionEvent;
+import org.apache.tomee.catalina.realm.event.HasRoleEvent;
+import org.apache.tomee.catalina.realm.event.HasUserDataPermissionEvent;
+import org.apache.tomee.catalina.realm.event.SslAuthenticationEvent;
+import org.apache.tomee.catalina.realm.event.UserPasswordAuthenticationEvent;
+import org.ietf.jgss.GSSContext;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import javax.enterprise.event.Observes;
+import java.io.IOException;
+import java.security.Principal;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import java.util.concurrent.atomic.AtomicInteger;
+
+import static org.junit.Assert.assertArrayEquals;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+@RunWith(ApplicationComposer.class)
+public class CdiEventRealmTest {
+
+    @Module
+    @Classes(cdi = true, innerClassesAsBean = true)
+    public WebApp app() {
+        return new WebApp();
+    }
+
+    @Test
+    public void userPassword() {
+        final GenericPrincipal gp = getGenericPrincipal(new CdiEventRealm().authenticate("john",
"secret"));
+        assertEquals("john", gp.getName());
+        assertEquals("", gp.getPassword());
+        assertEquals(1, gp.getRoles().length);
+        assertEquals("admin", gp.getRoles()[0]);
+    }
+
+    @Test
+    public void digest() {
+        final GenericPrincipal gp = getGenericPrincipal(new CdiEventRealm().authenticate("ryan",
"md5", "nonce", "nc", "cnonce", "qop", "realm", "md5a2"));
+        final String[] actual = gp.getRoles();
+        final String[] expected = new String[] {"ryan", "md5", "nonce", "nc", "cnonce", "qop",
"realm", "md5a2"};
+
+        Arrays.sort(actual);
+        Arrays.sort(expected);
+
+        assertArrayEquals(actual, expected);
+    }
+
+    @Test
+    public void gss() {
+        final GenericPrincipal gp = getGenericPrincipal(new CdiEventRealm().authenticate(mock(GSSContext.class),
false));
+        assertEquals("gss", gp.getName());
+        assertEquals("", gp.getPassword());
+        assertEquals(1, gp.getRoles().length);
+        assertEquals("dummy", gp.getRoles()[0]);
+    }
+
+    @Test
+    public void ssl() {
+        X509Certificate cert = mock(X509Certificate.class);
+        GenericPrincipal expected = new GenericPrincipal("john", "doe", Arrays.asList("test"));
+        when(cert.getSubjectDN()).thenReturn(expected);
+        final GenericPrincipal gp = getGenericPrincipal(new CdiEventRealm().authenticate(new
X509Certificate[] { cert }));
+        assertEquals(expected, gp);
+        assertEquals("john", gp.getName());
+        assertEquals("doe", gp.getPassword());
+        assertEquals(1, gp.getRoles().length);
+        assertEquals("test", gp.getRoles()[0]);
+    }
+
+    @Test
+    public void find() {
+        final SecurityConstraint[] securityConstraints = new CdiEventRealm().findSecurityConstraints(mock(Request.class),
mock(Context.class));
+        assertEquals(1, securityConstraints.length);
+        assertEquals("awesome", securityConstraints[0].getDisplayName());
+    }
+
+    @Test
+    public void has() throws IOException {
+        new CdiEventRealm().hasResourcePermission(mock(Request.class), mock(Response.class),
new SecurityConstraint[0], mock(Context.class));
+        new CdiEventRealm().hasRole(mock(Wrapper.class), mock(Principal.class), "admin");
+        new CdiEventRealm().hasUserDataPermission(mock(Request.class), mock(Response.class),
new SecurityConstraint[0]);
+
+        assertEquals(1, MultiAuthenticator.hasResourcePermission.get());
+        assertEquals(1, MultiAuthenticator.hasRole.get());
+        assertEquals(1, MultiAuthenticator.hasUserDataPermission.get());
+    }
+
+    private GenericPrincipal getGenericPrincipal(Principal principal) {
+        assertNotNull(principal);
+        assertTrue(GenericPrincipal.class.isInstance(principal));
+        return GenericPrincipal.class.cast(principal);
+    }
+
+    public static class MultiAuthenticator {
+
+        public static final AtomicInteger hasRole = new AtomicInteger(0);
+        public static final AtomicInteger hasResourcePermission = new AtomicInteger(0);
+        public static final AtomicInteger hasUserDataPermission = new AtomicInteger(0);
+
+        public void authenticate(@Observes final UserPasswordAuthenticationEvent event) {
+            assertEquals("john", event.getUsername());
+            assertEquals("secret", event.getCredential());
+            event.setPrincipal(new GenericPrincipal(event.getUsername(), "", Arrays.asList("admin")));
+        }
+
+        public void authenticate(@Observes final DigestAuthenticationEvent event) {
+            final List<String> roles = new ArrayList<>();
+            roles.add(event.getCnonce());
+            roles.add(event.getDigest());
+            roles.add(event.getMd5a2());
+            roles.add(event.getNc());
+            roles.add(event.getNonce());
+            roles.add(event.getQop());
+            roles.add(event.getRealm());
+            roles.add(event.getUsername());
+            event.setPrincipal(new GenericPrincipal(event.getUsername(), "", roles));
+        }
+
+        public void authenticate(@Observes final GssAuthenticationEvent event) {
+            assertNotNull(event.getGssContext());
+            event.setPrincipal(new GenericPrincipal("gss", "", Arrays.asList("dummy")));
+        }
+
+        public void authenticate(@Observes final SslAuthenticationEvent event) {
+            event.setPrincipal(event.getCerts()[0].getSubjectDN());
+        }
+
+        public void findSecurityConstraints(@Observes FindSecurityConstraintsEvent event)
{
+            SecurityConstraint mock = mock(SecurityConstraint.class);
+            when(mock.getDisplayName()).thenReturn("awesome");
+            event.addSecurityConstraint(mock);
+        }
+
+        public void hasResourcePermission(@Observes HasResourcePermissionEvent event) throws
IOException {
+            hasResourcePermission.incrementAndGet();
+            event.setHasResourcePermission(true);
+        }
+
+        public void hasRole(@Observes final HasRoleEvent event) {
+            hasRole.incrementAndGet();
+            event.setHasRole(true);
+        }
+
+        public void hasUserDataPermission(@Observes final HasUserDataPermissionEvent event)
throws IOException {
+            hasUserDataPermission.incrementAndGet();
+            event.setHasUserDataPermission(true);
+        }
+
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/tomee/blob/4b4447af/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/CdiEventRealm.java
----------------------------------------------------------------------
diff --git a/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/CdiEventRealm.java
b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/CdiEventRealm.java
new file mode 100644
index 0000000..33d1c6b
--- /dev/null
+++ b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/CdiEventRealm.java
@@ -0,0 +1,193 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.catalina.realm;
+
+import org.apache.catalina.Container;
+import org.apache.catalina.Context;
+import org.apache.catalina.CredentialHandler;
+import org.apache.catalina.Realm;
+import org.apache.catalina.Wrapper;
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
+import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
+import org.apache.tomee.catalina.realm.event.DigestAuthenticationEvent;
+import org.apache.tomee.catalina.realm.event.FindSecurityConstraintsEvent;
+import org.apache.tomee.catalina.realm.event.GssAuthenticationEvent;
+import org.apache.tomee.catalina.realm.event.HasResourcePermissionEvent;
+import org.apache.tomee.catalina.realm.event.HasRoleEvent;
+import org.apache.tomee.catalina.realm.event.HasUserDataPermissionEvent;
+import org.apache.tomee.catalina.realm.event.SslAuthenticationEvent;
+import org.apache.tomee.catalina.realm.event.UserPasswordAuthenticationEvent;
+import org.apache.webbeans.config.WebBeansContext;
+import org.ietf.jgss.GSSContext;
+
+import javax.enterprise.inject.spi.BeanManager;
+import java.beans.PropertyChangeListener;
+import java.beans.PropertyChangeSupport;
+import java.io.IOException;
+import java.security.Principal;
+import java.security.cert.X509Certificate;
+
+/**
+ * This simple CDI based realm gives the ability to send events a webapp can react to in
order to authenticate the user.
+ *
+ * There is one different event per credential types to make it easier to implement.
+ */
+public class CdiEventRealm implements Realm {
+
+    protected Container container = null;
+    protected final PropertyChangeSupport support = new PropertyChangeSupport(this);
+    private CredentialHandler credentialHandler;
+
+
+    @Override
+    public Principal authenticate(final String username, final String credentials) {
+        if (beanManager() == null) {
+            return null;
+        }
+
+        final UserPasswordAuthenticationEvent event = new UserPasswordAuthenticationEvent(username,
credentials);
+        beanManager().fireEvent(event);
+        return event.getPrincipal();
+    }
+
+    @Override
+    public Principal authenticate(final String username, final String digest, final String
nonce, final String nc,
+                                  final String cnonce, final String qop, final String realm,
final String md5a2) {
+        if (beanManager() == null) {
+            return null;
+        }
+
+        final DigestAuthenticationEvent event = new DigestAuthenticationEvent(username, digest,
nonce, nc,
+                cnonce, qop, realm, md5a2);
+        beanManager().fireEvent(event);
+        return event.getPrincipal();
+    }
+
+    @Override
+    public Principal authenticate(final GSSContext gssContext, final boolean storeCreds)
{
+        if (beanManager() == null) {
+            return null;
+        }
+
+        final GssAuthenticationEvent event = new GssAuthenticationEvent(gssContext, storeCreds);
+        beanManager().fireEvent(event);
+        return event.getPrincipal();
+    }
+
+    @Override
+    public Principal authenticate(final X509Certificate[] certs) {
+        if (beanManager() == null) {
+            return null;
+        }
+
+        final SslAuthenticationEvent event = new SslAuthenticationEvent(certs);
+        beanManager().fireEvent(event);
+        return event.getPrincipal();
+    }
+
+    @Override
+    public void backgroundProcess() {
+        // no-op for now
+    }
+
+    @Override
+    public SecurityConstraint[] findSecurityConstraints(final Request request, final Context
context) {
+        if (beanManager() == null) {
+            return null;
+        }
+
+        final FindSecurityConstraintsEvent event = new FindSecurityConstraintsEvent(request,
context);
+        beanManager().fireEvent(event);
+        return event.getSecurityConstraints();
+    }
+
+    @Override
+    public boolean hasResourcePermission(final Request request, final Response response,
+                                         final SecurityConstraint[] constraint,
+                                         final Context context) throws IOException {
+        if (beanManager() == null) {
+            return false;
+        }
+
+        final HasResourcePermissionEvent event = new HasResourcePermissionEvent(request,
response, constraint, context);
+        beanManager().fireEvent(event);
+        return event.isHasResourcePermission();
+    }
+
+    @Override
+    public boolean hasRole(final Wrapper wrapper, final Principal principal, final String
role) {
+        if (beanManager() == null) {
+            return false;
+        }
+
+        final HasRoleEvent event = new HasRoleEvent(wrapper, principal, role);
+        beanManager().fireEvent(event);
+        return event.isHasRole();
+    }
+
+    @Override
+    public boolean hasUserDataPermission(final Request request, final Response response,
final SecurityConstraint[] constraint) throws IOException {
+        if (beanManager() == null) {
+            return false;
+        }
+
+        final HasUserDataPermissionEvent event = new HasUserDataPermissionEvent(request,
response, constraint);
+        beanManager().fireEvent(event);
+        return event.isHasUserDataPermission();
+    }
+
+    @Override
+    public Container getContainer() {
+        return (container);
+    }
+
+    @Override
+    public void setContainer(final Container container) {
+        Container oldContainer = this.container;
+        this.container = container;
+        support.firePropertyChange("container", oldContainer, this.container);
+    }
+
+    @Override
+    public CredentialHandler getCredentialHandler() {
+        return credentialHandler;
+    }
+
+    @Override
+    public void setCredentialHandler(final CredentialHandler credentialHandler) {
+        this.credentialHandler = credentialHandler;
+    }
+
+    @Override
+    public void addPropertyChangeListener(final PropertyChangeListener listener) {
+        support.addPropertyChangeListener(listener);
+    }
+
+    @Override
+    public void removePropertyChangeListener(final PropertyChangeListener listener) {
+        support.removePropertyChangeListener(listener);
+    }
+
+    private BeanManager beanManager() {
+        final WebBeansContext webBeansContext = WebBeansContext.currentInstance();
+        if (webBeansContext == null) {
+            return null; // too early to have a cdi bean
+        }
+        return webBeansContext.getBeanManagerImpl();
+    }
+}

http://git-wip-us.apache.org/repos/asf/tomee/blob/4b4447af/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/BaseAuthenticationEvent.java
----------------------------------------------------------------------
diff --git a/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/BaseAuthenticationEvent.java
b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/BaseAuthenticationEvent.java
new file mode 100644
index 0000000..d191b63
--- /dev/null
+++ b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/BaseAuthenticationEvent.java
@@ -0,0 +1,32 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.catalina.realm.event;
+
+import java.security.Principal;
+
+public abstract class BaseAuthenticationEvent {
+
+    private Principal principal;
+
+    public Principal getPrincipal() {
+        return principal;
+    }
+
+    public void setPrincipal(Principal principal) {
+        this.principal = principal;
+    }
+}

http://git-wip-us.apache.org/repos/asf/tomee/blob/4b4447af/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/DigestAuthenticationEvent.java
----------------------------------------------------------------------
diff --git a/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/DigestAuthenticationEvent.java
b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/DigestAuthenticationEvent.java
new file mode 100644
index 0000000..76508c2
--- /dev/null
+++ b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/DigestAuthenticationEvent.java
@@ -0,0 +1,76 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.catalina.realm.event;
+
+import org.apache.tomee.catalina.realm.event.BaseAuthenticationEvent;
+
+public class DigestAuthenticationEvent extends BaseAuthenticationEvent {
+
+    private final String username;
+    private final String digest;
+    private final String nonce;
+    private final String nc;
+    private final String cnonce;
+    private final String qop;
+    private final String realm;
+    private final String md5a2;
+
+    public DigestAuthenticationEvent(final String username, final String digest, final String
nonce, final String nc,
+                                     final String cnonce, final String qop, final String
realm, final String md5a2) {
+
+        this.username = username;
+        this.digest = digest;
+        this.nonce = nonce;
+        this.nc = nc;
+        this.cnonce = cnonce;
+        this.qop = qop;
+        this.realm = realm;
+        this.md5a2 = md5a2;
+    }
+
+    public String getUsername() {
+        return username;
+    }
+
+    public String getDigest() {
+        return digest;
+    }
+
+    public String getNonce() {
+        return nonce;
+    }
+
+    public String getNc() {
+        return nc;
+    }
+
+    public String getCnonce() {
+        return cnonce;
+    }
+
+    public String getQop() {
+        return qop;
+    }
+
+    public String getRealm() {
+        return realm;
+    }
+
+    public String getMd5a2() {
+        return md5a2;
+    }
+}

http://git-wip-us.apache.org/repos/asf/tomee/blob/4b4447af/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/FindSecurityConstraintsEvent.java
----------------------------------------------------------------------
diff --git a/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/FindSecurityConstraintsEvent.java
b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/FindSecurityConstraintsEvent.java
new file mode 100644
index 0000000..6d5b3fb
--- /dev/null
+++ b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/FindSecurityConstraintsEvent.java
@@ -0,0 +1,52 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.catalina.realm.event;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.connector.Request;
+import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
+
+import java.util.List;
+
+public class FindSecurityConstraintsEvent {
+
+    private final Request request;
+    private final Context context;
+    private List<SecurityConstraint> securityConstraints;
+
+    public FindSecurityConstraintsEvent(final Request request, final Context context) {
+        this.request = request;
+        this.context = context;
+    }
+
+    public Request getRequest() {
+        return request;
+    }
+
+    public Context getContext() {
+        return context;
+    }
+
+    public boolean addSecurityConstraint(final SecurityConstraint constraint) {
+        return securityConstraints.add(constraint);
+    }
+
+    public SecurityConstraint[] getSecurityConstraints() {
+        return securityConstraints.toArray(new SecurityConstraint[securityConstraints.size()]);
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/tomee/blob/4b4447af/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/GssAuthenticationEvent.java
----------------------------------------------------------------------
diff --git a/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/GssAuthenticationEvent.java
b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/GssAuthenticationEvent.java
new file mode 100644
index 0000000..61d6085
--- /dev/null
+++ b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/GssAuthenticationEvent.java
@@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.catalina.realm.event;
+
+import org.ietf.jgss.GSSContext;
+
+public class GssAuthenticationEvent extends BaseAuthenticationEvent {
+
+    private final GSSContext gssContext;
+    private final boolean storeCreds;
+
+    public GssAuthenticationEvent(final GSSContext gssContext, final boolean storeCreds)
{
+        this.gssContext = gssContext;
+        this.storeCreds = storeCreds;
+    }
+
+    public GSSContext getGssContext() {
+        return gssContext;
+    }
+
+    public boolean isStoreCreds() {
+        return storeCreds;
+    }
+}

http://git-wip-us.apache.org/repos/asf/tomee/blob/4b4447af/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/HasResourcePermissionEvent.java
----------------------------------------------------------------------
diff --git a/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/HasResourcePermissionEvent.java
b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/HasResourcePermissionEvent.java
new file mode 100644
index 0000000..2698874
--- /dev/null
+++ b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/HasResourcePermissionEvent.java
@@ -0,0 +1,63 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.catalina.realm.event;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
+import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
+
+public class HasResourcePermissionEvent {
+
+    private final Request request;
+    private final Response response;
+    private final SecurityConstraint[] constraints;
+    private final Context context;
+
+    private boolean hasResourcePermission;
+
+    public HasResourcePermissionEvent(final Request request, final Response response, final
SecurityConstraint[] constraints, final Context context) {
+        this.request = request;
+        this.response = response;
+        this.constraints = constraints;
+        this.context = context;
+    }
+
+    public Request getRequest() {
+        return request;
+    }
+
+    public Response getResponse() {
+        return response;
+    }
+
+    public SecurityConstraint[] getConstraints() {
+        return constraints;
+    }
+
+    public Context getContext() {
+        return context;
+    }
+
+    public boolean isHasResourcePermission() {
+        return hasResourcePermission;
+    }
+
+    public void setHasResourcePermission(boolean hasResourcePermission) {
+        this.hasResourcePermission = hasResourcePermission;
+    }
+}

http://git-wip-us.apache.org/repos/asf/tomee/blob/4b4447af/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/HasRoleEvent.java
----------------------------------------------------------------------
diff --git a/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/HasRoleEvent.java
b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/HasRoleEvent.java
new file mode 100644
index 0000000..4ca152d
--- /dev/null
+++ b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/HasRoleEvent.java
@@ -0,0 +1,55 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.catalina.realm.event;
+
+import org.apache.catalina.Wrapper;
+
+import java.security.Principal;
+
+public class HasRoleEvent {
+    private final Wrapper wrapper;
+    private final Principal principal;
+    private final String role;
+
+    private boolean hasRole;
+
+    public HasRoleEvent(final Wrapper wrapper, final Principal principal, final String role)
{
+        this.wrapper = wrapper;
+        this.principal = principal;
+        this.role = role;
+    }
+
+    public Wrapper getWrapper() {
+        return wrapper;
+    }
+
+    public Principal getPrincipal() {
+        return principal;
+    }
+
+    public String getRole() {
+        return role;
+    }
+
+    public boolean isHasRole() {
+        return hasRole;
+    }
+
+    public void setHasRole(boolean hasRole) {
+        this.hasRole = hasRole;
+    }
+}

http://git-wip-us.apache.org/repos/asf/tomee/blob/4b4447af/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/HasUserDataPermissionEvent.java
----------------------------------------------------------------------
diff --git a/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/HasUserDataPermissionEvent.java
b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/HasUserDataPermissionEvent.java
new file mode 100644
index 0000000..f4f2a51
--- /dev/null
+++ b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/HasUserDataPermissionEvent.java
@@ -0,0 +1,55 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.catalina.realm.event;
+
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
+import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
+
+public class HasUserDataPermissionEvent {
+    private final Request request;
+    private final Response response;
+    private final SecurityConstraint[] constraint;
+
+    private boolean hasUserDataPermission;
+
+    public HasUserDataPermissionEvent(final Request request, final Response response, final
SecurityConstraint[] constraint) {
+        this.request = request;
+        this.response = response;
+        this.constraint = constraint;
+    }
+
+    public Request getRequest() {
+        return request;
+    }
+
+    public Response getResponse() {
+        return response;
+    }
+
+    public SecurityConstraint[] getConstraint() {
+        return constraint;
+    }
+
+    public boolean isHasUserDataPermission() {
+        return hasUserDataPermission;
+    }
+
+    public void setHasUserDataPermission(boolean hasUserDataPermission) {
+        this.hasUserDataPermission = hasUserDataPermission;
+    }
+}

http://git-wip-us.apache.org/repos/asf/tomee/blob/4b4447af/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/SslAuthenticationEvent.java
----------------------------------------------------------------------
diff --git a/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/SslAuthenticationEvent.java
b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/SslAuthenticationEvent.java
new file mode 100644
index 0000000..f3a9553
--- /dev/null
+++ b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/SslAuthenticationEvent.java
@@ -0,0 +1,32 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.catalina.realm.event;
+
+import java.security.cert.X509Certificate;
+
+public class SslAuthenticationEvent extends BaseAuthenticationEvent {
+
+    private final X509Certificate[] certs;
+
+    public SslAuthenticationEvent(final X509Certificate[] certs) {
+        this.certs = certs;
+    }
+
+    public X509Certificate[] getCerts() {
+        return certs;
+    }
+}

http://git-wip-us.apache.org/repos/asf/tomee/blob/4b4447af/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/UserPasswordAuthenticationEvent.java
----------------------------------------------------------------------
diff --git a/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/UserPasswordAuthenticationEvent.java
b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/UserPasswordAuthenticationEvent.java
new file mode 100644
index 0000000..e33a0b2
--- /dev/null
+++ b/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/realm/event/UserPasswordAuthenticationEvent.java
@@ -0,0 +1,37 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.catalina.realm.event;
+
+public class UserPasswordAuthenticationEvent extends BaseAuthenticationEvent {
+
+    private final String username;
+    private final String credential;
+
+
+    public UserPasswordAuthenticationEvent(final String username, final String credential)
{
+        this.username = username;
+        this.credential = credential;
+    }
+
+    public String getUsername() {
+        return username;
+    }
+
+    public String getCredential() {
+        return credential;
+    }
+}


Mime
View raw message