tomee-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From radcor...@apache.org
Subject [tomee] 01/17: TOMEE-2365 - Fixed FormAuthenticationMechanism j_security_check resolution when added only to a servlet.
Date Thu, 17 Jan 2019 13:10:15 GMT
This is an automated email from the ASF dual-hosted git repository.

radcortez pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomee.git

commit 5cfae0d5a5d84344d888d2f1223ca77a4727168f
Author: Roberto Cortez <radcortez@yahoo.com>
AuthorDate: Mon Jan 14 12:10:36 2019 +0000

    TOMEE-2365 - Fixed FormAuthenticationMechanism j_security_check resolution when added
only to a servlet.
---
 .../TomEESecurityServletAuthenticationMechanismMapper.java   | 11 ++++++++++-
 .../security/provider/TomEESecurityServerAuthModule.java     |  4 +---
 .../apache/tomee/security/servlet/FormAuthServletTest.java   | 12 +++---------
 3 files changed, 14 insertions(+), 13 deletions(-)

diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityServletAuthenticationMechanismMapper.java
b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityServletAuthenticationMechanismMapper.java
index 2f2979c..f1772b6 100644
--- a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityServletAuthenticationMechanismMapper.java
+++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityServletAuthenticationMechanismMapper.java
@@ -25,8 +25,10 @@ import javax.inject.Inject;
 import javax.security.enterprise.authentication.mechanism.http.BasicAuthenticationMechanismDefinition;
 import javax.security.enterprise.authentication.mechanism.http.FormAuthenticationMechanismDefinition;
 import javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism;
+import javax.security.enterprise.authentication.mechanism.http.HttpMessageContext;
 import javax.servlet.ServletContext;
 import javax.servlet.ServletRegistration;
+import javax.servlet.http.HttpServletRequest;
 import java.util.Map;
 import java.util.Set;
 import java.util.concurrent.ConcurrentHashMap;
@@ -82,7 +84,14 @@ public class TomEESecurityServletAuthenticationMechanismMapper {
         }
     }
 
-    public HttpAuthenticationMechanism getCurrentAuthenticationMechanism(final String servletName)
{
+    public HttpAuthenticationMechanism getCurrentAuthenticationMechanism(final HttpMessageContext
httpMessageContext) {
+        final HttpServletRequest request = httpMessageContext.getRequest();
+
+        if (request.getRequestURI().endsWith("j_security_check")) {
+            return CDI.current().select(FormAuthenticationMechanism.class).get();
+        }
+
+        final String servletName = request.getHttpServletMapping().getServletName();
         return servletAuthenticationMapper.getOrDefault(servletName, defaultAuthenticationMechanism);
     }
 }
diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/provider/TomEESecurityServerAuthModule.java
b/tomee/tomee-security/src/main/java/org/apache/tomee/security/provider/TomEESecurityServerAuthModule.java
index e884f0e..f48f6db 100644
--- a/tomee/tomee-security/src/main/java/org/apache/tomee/security/provider/TomEESecurityServerAuthModule.java
+++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/provider/TomEESecurityServerAuthModule.java
@@ -68,13 +68,11 @@ public class TomEESecurityServerAuthModule implements ServerAuthModule
{
         final HttpMessageContext httpMessageContext =
                 httpMessageContext(handler, messageInfo, clientSubject, serviceSubject);
 
-        final HttpServletRequest request = httpMessageContext.getRequest();
-        final String servletName = request.getHttpServletMapping().getServletName();
         final HttpAuthenticationMechanism authenticationMechanism =
                 CDI.current()
                    .select(TomEESecurityServletAuthenticationMechanismMapper.class)
                    .get()
-                   .getCurrentAuthenticationMechanism(servletName);
+                   .getCurrentAuthenticationMechanism(httpMessageContext);
 
         final AuthenticationStatus authenticationStatus;
         try {
diff --git a/tomee/tomee-security/src/test/java/org/apache/tomee/security/servlet/FormAuthServletTest.java
b/tomee/tomee-security/src/test/java/org/apache/tomee/security/servlet/FormAuthServletTest.java
index df81b39..c695223 100644
--- a/tomee/tomee-security/src/test/java/org/apache/tomee/security/servlet/FormAuthServletTest.java
+++ b/tomee/tomee-security/src/test/java/org/apache/tomee/security/servlet/FormAuthServletTest.java
@@ -23,7 +23,6 @@ import com.gargoylesoftware.htmlunit.html.HtmlPage;
 import org.apache.tomee.security.AbstractTomEESecurityTest;
 import org.junit.Test;
 
-import javax.enterprise.context.ApplicationScoped;
 import javax.security.enterprise.authentication.mechanism.http.FormAuthenticationMechanismDefinition;
 import javax.security.enterprise.authentication.mechanism.http.LoginToContinue;
 import javax.servlet.ServletException;
@@ -55,14 +54,6 @@ public class FormAuthServletTest extends AbstractTomEESecurityTest {
         assertEquals("ok!", webClient.getPage(getAppUrl() + "/form").getWebResponse().getContentAsString());
     }
 
-    @ApplicationScoped
-    @FormAuthenticationMechanismDefinition(
-            loginToContinue = @LoginToContinue()
-    )
-    public static class ApplicationAuthentication {
-
-    }
-
     @WebServlet(urlPatterns = "/login")
     public static class LoginServlet extends HttpServlet {
         @Override
@@ -97,6 +88,9 @@ public class FormAuthServletTest extends AbstractTomEESecurityTest {
 
     @WebServlet(urlPatterns = "/form")
     @ServletSecurity(@HttpConstraint(rolesAllowed = "tomcat"))
+    @FormAuthenticationMechanismDefinition(
+            loginToContinue = @LoginToContinue()
+    )
     public static class TestServlet extends HttpServlet {
         @Override
         protected void doGet(final HttpServletRequest req, final HttpServletResponse resp)


Mime
View raw message