Return-Path: <commits-return-38885-archive-asf-public=cust-asf.ponee.io@tomee.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id B0A82200B76
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Tue, 30 Aug 2016 09:30:46 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id AF234160ABA; Tue, 30 Aug 2016 07:30:46 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id F4167160AA8
	for <archive-asf-public@cust-asf.ponee.io>; Tue, 30 Aug 2016 09:30:45 +0200 (CEST)
Received: (qmail 21595 invoked by uid 500); 30 Aug 2016 07:30:45 -0000
Mailing-List: contact commits-help@tomee.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@tomee.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@tomee.apache.org>
List-Post: <mailto:commits@tomee.apache.org>
List-Id: <commits.tomee.apache.org>
Reply-To: dev@tomee.apache.org
Delivered-To: mailing list commits@tomee.apache.org
Received: (qmail 21586 invoked by uid 99); 30 Aug 2016 07:30:45 -0000
Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 30 Aug 2016 07:30:45 +0000
Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33)
	id 11FB3E0551; Tue, 30 Aug 2016 07:30:45 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: rmannibucau@apache.org
To: commits@tomee.apache.org
Message-Id: <df781ac5c2f54f42b2d5d8ea3f2f7a0d@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: tomee git commit: trying to enforce for security context cleanup
Date: Tue, 30 Aug 2016 07:30:45 +0000 (UTC)
archived-at: Tue, 30 Aug 2016 07:30:46 -0000

Repository: tomee
Updated Branches:
  refs/heads/master 07a1b8aa3 -> a52405e56


trying to enforce for security context cleanup


Project: http://git-wip-us.apache.org/repos/asf/tomee/repo
Commit: http://git-wip-us.apache.org/repos/asf/tomee/commit/a52405e5
Tree: http://git-wip-us.apache.org/repos/asf/tomee/tree/a52405e5
Diff: http://git-wip-us.apache.org/repos/asf/tomee/diff/a52405e5

Branch: refs/heads/master
Commit: a52405e56dab47ee082dfc55eecaff3d3ca96557
Parents: 07a1b8a
Author: Romain manni-Bucau <rmannibucau@gmail.com>
Authored: Tue Aug 30 09:30:41 2016 +0200
Committer: Romain manni-Bucau <rmannibucau@gmail.com>
Committed: Tue Aug 30 09:30:41 2016 +0200

----------------------------------------------------------------------
 .../org/apache/openejb/threads/task/CUTask.java | 55 +++++++++++++++++---
 .../server/cxf/OpenEJBLoginValidator.java       |  3 +-
 .../httpd/BasicAuthHttpListenerWrapper.java     | 22 +++++---
 3 files changed, 63 insertions(+), 17 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/tomee/blob/a52405e5/container/openejb-core/src/main/java/org/apache/openejb/threads/task/CUTask.java
----------------------------------------------------------------------
diff --git a/container/openejb-core/src/main/java/org/apache/openejb/threads/task/CUTask.java b/container/openejb-core/src/main/java/org/apache/openejb/threads/task/CUTask.java
index 756c58d..e3bef03 100644
--- a/container/openejb-core/src/main/java/org/apache/openejb/threads/task/CUTask.java
+++ b/container/openejb-core/src/main/java/org/apache/openejb/threads/task/CUTask.java
@@ -22,6 +22,9 @@ import org.apache.openejb.core.ivm.ClientSecurity;
 import org.apache.openejb.core.security.AbstractSecurityService;
 import org.apache.openejb.loader.SystemInstance;
 import org.apache.openejb.spi.SecurityService;
+import org.apache.openejb.util.Join;
+import org.apache.openejb.util.LogCategory;
+import org.apache.openejb.util.Logger;
 
 import javax.security.auth.login.LoginException;
 import java.util.ArrayList;
@@ -204,22 +207,48 @@ public abstract class CUTask<T> extends ManagedTaskListenerTask implements Compa
         }
 
         public void exit() {
+            Collection<RuntimeException> errors = null;
+
             // exit tasks are designed to be in execution added post tasks so execution them before next ones
             // ie inversed ordered compared to init phase
             if (exitTasks != null) {
-                for (Runnable r : exitTasks) {
-                    r.run();
+                for (final Runnable r : exitTasks) {
+                    try {
+                        r.run();
+                    } catch (final RuntimeException re) {
+                        if (errors == null) {
+                            errors = new ArrayList<>();
+                        }
+                        errors.add(re);
+                        Logger.getInstance(LogCategory.OPENEJB, CUTask.class).warning(re.getMessage(), re);
+                    }
                 }
             }
 
             if (threadContext != null) { // ensure we use the same condition as point A, see OPENEJB-2109
-                ThreadContext.exit(currentContext.threadContext);
+                try {
+                    ThreadContext.exit(currentContext.threadContext);
+                } catch (final RuntimeException re) {
+                    if (errors == null) {
+                        errors = new ArrayList<>();
+                    }
+                    errors.add(re);
+                    Logger.getInstance(LogCategory.OPENEJB, CUTask.class).warning(re.getMessage(), re);
+                }
             }
 
-            if (!associate) {
-                SECURITY_SERVICE.setState(currentContext.securityServiceState);
-            } else {
-                SECURITY_SERVICE.disassociate();
+            try {
+                if (!associate) {
+                    SECURITY_SERVICE.setState(currentContext.securityServiceState);
+                } else {
+                    SECURITY_SERVICE.disassociate();
+                }
+            } catch (final RuntimeException re) {
+                if (errors == null) {
+                    errors = new ArrayList<>();
+                }
+                errors.add(re);
+                Logger.getInstance(LogCategory.OPENEJB, CUTask.class).warning(re.getMessage(), re);
             }
 
             /* propagation of CDI context seems wrong
@@ -236,6 +265,18 @@ public abstract class CUTask<T> extends ManagedTaskListenerTask implements Compa
                 CURRENT.set(currentContext.stack);
             }
             currentContext = null;
+
+            if (errors != null) {
+                if (errors.size() == 1) {
+                    throw errors.iterator().next();
+                }
+                throw new OpenEJBRuntimeException(Join.join("\n", new Join.NameCallback<RuntimeException>() {
+                    @Override
+                    public String getName(final RuntimeException object) {
+                        return object.getMessage();
+                    }
+                }, errors));
+            }
         }
 
         public void pushExitTask(final Runnable runnable) {

http://git-wip-us.apache.org/repos/asf/tomee/blob/a52405e5/server/openejb-cxf/src/main/java/org/apache/openejb/server/cxf/OpenEJBLoginValidator.java
----------------------------------------------------------------------
diff --git a/server/openejb-cxf/src/main/java/org/apache/openejb/server/cxf/OpenEJBLoginValidator.java b/server/openejb-cxf/src/main/java/org/apache/openejb/server/cxf/OpenEJBLoginValidator.java
index fd7a518..1c6fc77 100644
--- a/server/openejb-cxf/src/main/java/org/apache/openejb/server/cxf/OpenEJBLoginValidator.java
+++ b/server/openejb-cxf/src/main/java/org/apache/openejb/server/cxf/OpenEJBLoginValidator.java
@@ -55,8 +55,7 @@ public class OpenEJBLoginValidator extends UsernameTokenValidator {
             if (AbstractSecurityService.class.isInstance(securityService) && AbstractSecurityService.class.cast(securityService).currentState() == null) {
                 securityService.associate(token);
             }
-
-        } catch (LoginException e) {
+        } catch (final LoginException e) {
             throw new SecurityException("cannot log user " + user, e);
         }
     }

http://git-wip-us.apache.org/repos/asf/tomee/blob/a52405e5/server/openejb-http/src/main/java/org/apache/openejb/server/httpd/BasicAuthHttpListenerWrapper.java
----------------------------------------------------------------------
diff --git a/server/openejb-http/src/main/java/org/apache/openejb/server/httpd/BasicAuthHttpListenerWrapper.java b/server/openejb-http/src/main/java/org/apache/openejb/server/httpd/BasicAuthHttpListenerWrapper.java
index 885b8e2..cfd01dd 100644
--- a/server/openejb-http/src/main/java/org/apache/openejb/server/httpd/BasicAuthHttpListenerWrapper.java
+++ b/server/openejb-http/src/main/java/org/apache/openejb/server/httpd/BasicAuthHttpListenerWrapper.java
@@ -61,14 +61,20 @@ public class BasicAuthHttpListenerWrapper implements HttpListener {
             }
         }
 
-        if (token != null || HttpRequest.Method.GET.name().equals(request.getMethod())) {
-            httpListener.onMessage(request, response);
-        } else {
-            // login failed,  return 401
-        }
-
-        if (token != null) {
-            getSecurityService().disassociate();
+        try {
+            if (token != null || HttpRequest.Method.GET.name().equals(request.getMethod())) {
+                httpListener.onMessage(request, response);
+            } else {
+                // login failed,  return 401
+            }
+        } finally {
+            if (token != null) {
+                final SecurityService securityService = getSecurityService();
+                final Object disassociate = securityService.disassociate();
+                if (disassociate != null) {
+                    securityService.logout(disassociate);
+                }
+            }
         }
     }