tomee-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From radcor...@apache.org
Subject [tomee] 04/48: TOMEE-2365 - Initial implementation classes with ServerAuthModule to support Security spec Authentication Mechanisms.
Date Wed, 09 Jan 2019 17:25:52 GMT
This is an automated email from the ASF dual-hosted git repository.

radcortez pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomee.git

commit a3e8dce0abc9e567852279b1a14a431dbf008cd9
Author: Roberto Cortez <radcortez@yahoo.com>
AuthorDate: Fri Dec 14 23:32:29 2018 +0000

    TOMEE-2365 - Initial implementation classes with ServerAuthModule to support Security
spec Authentication Mechanisms.
---
 .../provider/TomEESecurityAuthConfigProvider.java  | 44 ++++++++++++++++
 .../provider/TomEESecurityServerAuthConfig.java    | 58 ++++++++++++++++++++++
 .../provider/TomEESecurityServerAuthContext.java   | 51 +++++++++++++++++++
 .../provider/TomEESecurityServerAuthModule.java    | 57 +++++++++++++++++++++
 .../TomEESecurityServletContainerInitializer.java  | 34 +++++++++++++
 .../javax.servlet.ServletContainerInitializer      | 17 +++++++
 .../tomee/security/servlet/SimpleServletTest.java  |  4 +-
 7 files changed, 264 insertions(+), 1 deletion(-)

diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/provider/TomEESecurityAuthConfigProvider.java
b/tomee/tomee-security/src/main/java/org/apache/tomee/security/provider/TomEESecurityAuthConfigProvider.java
new file mode 100644
index 0000000..6654089
--- /dev/null
+++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/provider/TomEESecurityAuthConfigProvider.java
@@ -0,0 +1,44 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.security.provider;
+
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.config.AuthConfigProvider;
+import javax.security.auth.message.config.ClientAuthConfig;
+import javax.security.auth.message.config.ServerAuthConfig;
+
+public class TomEESecurityAuthConfigProvider implements AuthConfigProvider {
+    @Override
+    public ClientAuthConfig getClientAuthConfig(final String layer, final String appContext,
+                                                final CallbackHandler handler)
+            throws AuthException, SecurityException {
+        return null;
+    }
+
+    @Override
+    public ServerAuthConfig getServerAuthConfig(final String layer, final String appContext,
+                                                final CallbackHandler handler)
+            throws AuthException, SecurityException {
+        return new TomEESecurityServerAuthConfig();
+    }
+
+    @Override
+    public void refresh() {
+
+    }
+}
diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/provider/TomEESecurityServerAuthConfig.java
b/tomee/tomee-security/src/main/java/org/apache/tomee/security/provider/TomEESecurityServerAuthConfig.java
new file mode 100644
index 0000000..bee97ce
--- /dev/null
+++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/provider/TomEESecurityServerAuthConfig.java
@@ -0,0 +1,58 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.security.provider;
+
+import javax.security.auth.Subject;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.MessageInfo;
+import javax.security.auth.message.config.ServerAuthConfig;
+import javax.security.auth.message.config.ServerAuthContext;
+import java.util.Map;
+
+public class TomEESecurityServerAuthConfig implements ServerAuthConfig {
+    @Override
+    public ServerAuthContext getAuthContext(final String authContextID, final Subject serviceSubject,
+                                            final Map properties)
+            throws AuthException {
+        return new TomEESecurityServerAuthContext();
+    }
+
+    @Override
+    public String getAppContext() {
+        return null;
+    }
+
+    @Override
+    public String getAuthContextID(final MessageInfo messageInfo) throws IllegalArgumentException
{
+        return null;
+    }
+
+    @Override
+    public String getMessageLayer() {
+        return null;
+    }
+
+    @Override
+    public boolean isProtected() {
+        return false;
+    }
+
+    @Override
+    public void refresh() {
+
+    }
+}
diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/provider/TomEESecurityServerAuthContext.java
b/tomee/tomee-security/src/main/java/org/apache/tomee/security/provider/TomEESecurityServerAuthContext.java
new file mode 100644
index 0000000..6161a9b
--- /dev/null
+++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/provider/TomEESecurityServerAuthContext.java
@@ -0,0 +1,51 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.security.provider;
+
+import javax.security.auth.Subject;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.AuthStatus;
+import javax.security.auth.message.MessageInfo;
+import javax.security.auth.message.config.ServerAuthContext;
+
+public class TomEESecurityServerAuthContext implements ServerAuthContext {
+    private TomEESecurityServerAuthModule serverAuthModule;
+
+    public TomEESecurityServerAuthContext() throws AuthException {
+        this.serverAuthModule = new TomEESecurityServerAuthModule();
+        this.serverAuthModule.initialize(null, null, null, null);
+    }
+
+    @Override
+    public void cleanSubject(final MessageInfo messageInfo, final Subject subject)
+            throws AuthException {
+        serverAuthModule.cleanSubject(messageInfo, subject);
+    }
+
+    @Override
+    public AuthStatus secureResponse(final MessageInfo messageInfo, final Subject serviceSubject)
+            throws AuthException {
+        return serverAuthModule.secureResponse(messageInfo, serviceSubject);
+    }
+
+    @Override
+    public AuthStatus validateRequest(final MessageInfo messageInfo, final Subject clientSubject,
+                                      final Subject serviceSubject)
+            throws AuthException {
+        return serverAuthModule.validateRequest(messageInfo, clientSubject, serviceSubject);
+    }
+}
diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/provider/TomEESecurityServerAuthModule.java
b/tomee/tomee-security/src/main/java/org/apache/tomee/security/provider/TomEESecurityServerAuthModule.java
new file mode 100644
index 0000000..03418b4
--- /dev/null
+++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/provider/TomEESecurityServerAuthModule.java
@@ -0,0 +1,57 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.security.provider;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.AuthStatus;
+import javax.security.auth.message.MessageInfo;
+import javax.security.auth.message.MessagePolicy;
+import javax.security.auth.message.module.ServerAuthModule;
+import java.util.Map;
+
+public class TomEESecurityServerAuthModule implements ServerAuthModule {
+    @Override
+    public Class[] getSupportedMessageTypes() {
+        return new Class[0];
+    }
+
+    @Override
+    public void initialize(final MessagePolicy requestPolicy, final MessagePolicy responsePolicy,
+                           final CallbackHandler handler,
+                           final Map options) throws AuthException {
+
+    }
+
+    @Override
+    public void cleanSubject(final MessageInfo messageInfo, final Subject subject) throws
AuthException {
+
+    }
+
+    @Override
+    public AuthStatus secureResponse(final MessageInfo messageInfo, final Subject serviceSubject)
throws AuthException {
+        return AuthStatus.SUCCESS;
+    }
+
+    @Override
+    public AuthStatus validateRequest(final MessageInfo messageInfo, final Subject clientSubject,
+                                      final Subject serviceSubject)
+            throws AuthException {
+        return AuthStatus.SUCCESS;
+    }
+}
diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/servlet/TomEESecurityServletContainerInitializer.java
b/tomee/tomee-security/src/main/java/org/apache/tomee/security/servlet/TomEESecurityServletContainerInitializer.java
new file mode 100644
index 0000000..fd49140
--- /dev/null
+++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/servlet/TomEESecurityServletContainerInitializer.java
@@ -0,0 +1,34 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.security.servlet;
+
+import org.apache.tomee.security.provider.TomEESecurityAuthConfigProvider;
+
+import javax.security.auth.message.config.AuthConfigFactory;
+import javax.servlet.ServletContainerInitializer;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
+import java.util.Set;
+
+public class TomEESecurityServletContainerInitializer implements ServletContainerInitializer
{
+    @Override
+    public void onStartup(final Set<Class<?>> c, final ServletContext ctx) throws
ServletException {
+        AuthConfigFactory.getFactory()
+                         .registerConfigProvider(new TomEESecurityAuthConfigProvider(), null,
null,
+                                                 "TomEE Security JSR-375");
+    }
+}
diff --git a/tomee/tomee-security/src/main/resources/META-INF/services/javax.servlet.ServletContainerInitializer
b/tomee/tomee-security/src/main/resources/META-INF/services/javax.servlet.ServletContainerInitializer
new file mode 100644
index 0000000..b70f313
--- /dev/null
+++ b/tomee/tomee-security/src/main/resources/META-INF/services/javax.servlet.ServletContainerInitializer
@@ -0,0 +1,17 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+org.apache.tomee.security.servlet.TomEESecurityServletContainerInitializer
diff --git a/tomee/tomee-security/src/test/java/org/apache/tomee/security/servlet/SimpleServletTest.java
b/tomee/tomee-security/src/test/java/org/apache/tomee/security/servlet/SimpleServletTest.java
index a9eabcb..e645971 100644
--- a/tomee/tomee-security/src/test/java/org/apache/tomee/security/servlet/SimpleServletTest.java
+++ b/tomee/tomee-security/src/test/java/org/apache/tomee/security/servlet/SimpleServletTest.java
@@ -41,7 +41,9 @@ public class SimpleServletTest {
                         .http(NetworkUtil.getNextAvailablePort())
                         .property("openejb.container.additional.exclude", "org.apache.tomee.security.")
                         .property("openejb.additional.include", "tomee-"))
-                .deployPathsAsWebapp(JarLocation.jarLocation(SimpleServletTest.class))) {
+                .deployPathsAsWebapp(
+                        JarLocation.jarLocation(SimpleServletTest.class),
+                        JarLocation.jarLocation(TomEESecurityServletContainerInitializer.class)))
{
 
             assertEquals("ok!", IO.slurp(
                     new URL("http://localhost:" + container.getConfiguration().getHttpPort()
+ "/servlet")));


Mime
View raw message