tomee-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rmannibu...@apache.org
Subject tomee git commit: trying to enforce for security context cleanup
Date Tue, 30 Aug 2016 07:30:45 GMT
Repository: tomee
Updated Branches:
  refs/heads/master 07a1b8aa3 -> a52405e56


trying to enforce for security context cleanup


Project: http://git-wip-us.apache.org/repos/asf/tomee/repo
Commit: http://git-wip-us.apache.org/repos/asf/tomee/commit/a52405e5
Tree: http://git-wip-us.apache.org/repos/asf/tomee/tree/a52405e5
Diff: http://git-wip-us.apache.org/repos/asf/tomee/diff/a52405e5

Branch: refs/heads/master
Commit: a52405e56dab47ee082dfc55eecaff3d3ca96557
Parents: 07a1b8a
Author: Romain manni-Bucau <rmannibucau@gmail.com>
Authored: Tue Aug 30 09:30:41 2016 +0200
Committer: Romain manni-Bucau <rmannibucau@gmail.com>
Committed: Tue Aug 30 09:30:41 2016 +0200

----------------------------------------------------------------------
 .../org/apache/openejb/threads/task/CUTask.java | 55 +++++++++++++++++---
 .../server/cxf/OpenEJBLoginValidator.java       |  3 +-
 .../httpd/BasicAuthHttpListenerWrapper.java     | 22 +++++---
 3 files changed, 63 insertions(+), 17 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/tomee/blob/a52405e5/container/openejb-core/src/main/java/org/apache/openejb/threads/task/CUTask.java
----------------------------------------------------------------------
diff --git a/container/openejb-core/src/main/java/org/apache/openejb/threads/task/CUTask.java
b/container/openejb-core/src/main/java/org/apache/openejb/threads/task/CUTask.java
index 756c58d..e3bef03 100644
--- a/container/openejb-core/src/main/java/org/apache/openejb/threads/task/CUTask.java
+++ b/container/openejb-core/src/main/java/org/apache/openejb/threads/task/CUTask.java
@@ -22,6 +22,9 @@ import org.apache.openejb.core.ivm.ClientSecurity;
 import org.apache.openejb.core.security.AbstractSecurityService;
 import org.apache.openejb.loader.SystemInstance;
 import org.apache.openejb.spi.SecurityService;
+import org.apache.openejb.util.Join;
+import org.apache.openejb.util.LogCategory;
+import org.apache.openejb.util.Logger;
 
 import javax.security.auth.login.LoginException;
 import java.util.ArrayList;
@@ -204,22 +207,48 @@ public abstract class CUTask<T> extends ManagedTaskListenerTask
implements Compa
         }
 
         public void exit() {
+            Collection<RuntimeException> errors = null;
+
             // exit tasks are designed to be in execution added post tasks so execution them
before next ones
             // ie inversed ordered compared to init phase
             if (exitTasks != null) {
-                for (Runnable r : exitTasks) {
-                    r.run();
+                for (final Runnable r : exitTasks) {
+                    try {
+                        r.run();
+                    } catch (final RuntimeException re) {
+                        if (errors == null) {
+                            errors = new ArrayList<>();
+                        }
+                        errors.add(re);
+                        Logger.getInstance(LogCategory.OPENEJB, CUTask.class).warning(re.getMessage(),
re);
+                    }
                 }
             }
 
             if (threadContext != null) { // ensure we use the same condition as point A,
see OPENEJB-2109
-                ThreadContext.exit(currentContext.threadContext);
+                try {
+                    ThreadContext.exit(currentContext.threadContext);
+                } catch (final RuntimeException re) {
+                    if (errors == null) {
+                        errors = new ArrayList<>();
+                    }
+                    errors.add(re);
+                    Logger.getInstance(LogCategory.OPENEJB, CUTask.class).warning(re.getMessage(),
re);
+                }
             }
 
-            if (!associate) {
-                SECURITY_SERVICE.setState(currentContext.securityServiceState);
-            } else {
-                SECURITY_SERVICE.disassociate();
+            try {
+                if (!associate) {
+                    SECURITY_SERVICE.setState(currentContext.securityServiceState);
+                } else {
+                    SECURITY_SERVICE.disassociate();
+                }
+            } catch (final RuntimeException re) {
+                if (errors == null) {
+                    errors = new ArrayList<>();
+                }
+                errors.add(re);
+                Logger.getInstance(LogCategory.OPENEJB, CUTask.class).warning(re.getMessage(),
re);
             }
 
             /* propagation of CDI context seems wrong
@@ -236,6 +265,18 @@ public abstract class CUTask<T> extends ManagedTaskListenerTask
implements Compa
                 CURRENT.set(currentContext.stack);
             }
             currentContext = null;
+
+            if (errors != null) {
+                if (errors.size() == 1) {
+                    throw errors.iterator().next();
+                }
+                throw new OpenEJBRuntimeException(Join.join("\n", new Join.NameCallback<RuntimeException>()
{
+                    @Override
+                    public String getName(final RuntimeException object) {
+                        return object.getMessage();
+                    }
+                }, errors));
+            }
         }
 
         public void pushExitTask(final Runnable runnable) {

http://git-wip-us.apache.org/repos/asf/tomee/blob/a52405e5/server/openejb-cxf/src/main/java/org/apache/openejb/server/cxf/OpenEJBLoginValidator.java
----------------------------------------------------------------------
diff --git a/server/openejb-cxf/src/main/java/org/apache/openejb/server/cxf/OpenEJBLoginValidator.java
b/server/openejb-cxf/src/main/java/org/apache/openejb/server/cxf/OpenEJBLoginValidator.java
index fd7a518..1c6fc77 100644
--- a/server/openejb-cxf/src/main/java/org/apache/openejb/server/cxf/OpenEJBLoginValidator.java
+++ b/server/openejb-cxf/src/main/java/org/apache/openejb/server/cxf/OpenEJBLoginValidator.java
@@ -55,8 +55,7 @@ public class OpenEJBLoginValidator extends UsernameTokenValidator {
             if (AbstractSecurityService.class.isInstance(securityService) && AbstractSecurityService.class.cast(securityService).currentState()
== null) {
                 securityService.associate(token);
             }
-
-        } catch (LoginException e) {
+        } catch (final LoginException e) {
             throw new SecurityException("cannot log user " + user, e);
         }
     }

http://git-wip-us.apache.org/repos/asf/tomee/blob/a52405e5/server/openejb-http/src/main/java/org/apache/openejb/server/httpd/BasicAuthHttpListenerWrapper.java
----------------------------------------------------------------------
diff --git a/server/openejb-http/src/main/java/org/apache/openejb/server/httpd/BasicAuthHttpListenerWrapper.java
b/server/openejb-http/src/main/java/org/apache/openejb/server/httpd/BasicAuthHttpListenerWrapper.java
index 885b8e2..cfd01dd 100644
--- a/server/openejb-http/src/main/java/org/apache/openejb/server/httpd/BasicAuthHttpListenerWrapper.java
+++ b/server/openejb-http/src/main/java/org/apache/openejb/server/httpd/BasicAuthHttpListenerWrapper.java
@@ -61,14 +61,20 @@ public class BasicAuthHttpListenerWrapper implements HttpListener {
             }
         }
 
-        if (token != null || HttpRequest.Method.GET.name().equals(request.getMethod())) {
-            httpListener.onMessage(request, response);
-        } else {
-            // login failed,  return 401
-        }
-
-        if (token != null) {
-            getSecurityService().disassociate();
+        try {
+            if (token != null || HttpRequest.Method.GET.name().equals(request.getMethod()))
{
+                httpListener.onMessage(request, response);
+            } else {
+                // login failed,  return 401
+            }
+        } finally {
+            if (token != null) {
+                final SecurityService securityService = getSecurityService();
+                final Object disassociate = securityService.disassociate();
+                if (disassociate != null) {
+                    securityService.logout(disassociate);
+                }
+            }
         }
     }
 


Mime
View raw message