Example 1 with TomcatSecurityService
use of org.apache.tomee.catalina.TomcatSecurityService in project tomee by apache.
the class MPJWTFilter method doFilter.
@Override
public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) throws IOException, ServletException {
final Optional<JWTAuthConfiguration> authContextInfo = getAuthContextInfo();
if (!authContextInfo.isPresent()) {
chain.doFilter(request, response);
return;
}
final HttpServletRequest httpServletRequest = (HttpServletRequest) request;
// now wrap the httpServletRequest and override the principal so CXF can propagate into the SecurityContext
try {
final MPJWTServletRequestWrapper wrappedRequest = new MPJWTServletRequestWrapper(httpServletRequest, authContextInfo.get());
chain.doFilter(wrappedRequest, response);
Object state = request.getAttribute("MP_JWT_PRE_LOGIN_STATE");
final SecurityService securityService = SystemInstance.get().getComponent(SecurityService.class);
if (TomcatSecurityService.class.isInstance(securityService) && state != null) {
final TomcatSecurityService tomcatSecurityService = TomcatSecurityService.class.cast(securityService);
tomcatSecurityService.exitWebApp(state);
}
} catch (final Exception e) {
// or users to add it into their webapp for scanning or into the Application itself
if (MPJWTException.class.isInstance(e)) {
final MPJWTException jwtException = MPJWTException.class.cast(e);
HttpServletResponse.class.cast(response).sendError(jwtException.getStatus(), jwtException.getMessage());
} else if (MPJWTException.class.isInstance(e.getCause())) {
final MPJWTException jwtException = MPJWTException.class.cast(e.getCause());
HttpServletResponse.class.cast(response).sendError(jwtException.getStatus(), jwtException.getMessage());
} else {
throw e;
}
}
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
JWTAuthConfiguration(org.apache.tomee.microprofile.jwt.config.JWTAuthConfiguration)
SecurityService(org.apache.openejb.spi.SecurityService)
TomcatSecurityService(org.apache.tomee.catalina.TomcatSecurityService)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
TomcatSecurityService(org.apache.tomee.catalina.TomcatSecurityService)
ServletException(javax.servlet.ServletException)
InvalidJwtException(org.jose4j.jwt.consumer.InvalidJwtException)
MalformedClaimException(org.jose4j.jwt.MalformedClaimException)
IOException(java.io.IOException)
Example 2 with TomcatSecurityService
use of org.apache.tomee.catalina.TomcatSecurityService in project tomee by apache.
the class TomEESecurityContext method registerContainerAboutLogin.
public static void registerContainerAboutLogin(final Principal principal, final Set<String> groups) {
final SecurityService securityService = SystemInstance.get().getComponent(SecurityService.class);
if (securityService instanceof TomcatSecurityService) {
final TomcatSecurityService tomcatSecurityService = (TomcatSecurityService) securityService;
final Request request = OpenEJBSecurityListener.requests.get();
final GenericPrincipal genericPrincipal = new GenericPrincipal(principal.getName(), null, groups == null ? Collections.emptyList() : new ArrayList<>(groups), principal);
// todo should it be done in the enterWebApp?
JavaSecurityManagers.setContextID(toAppContext(request.getServletContext(), request.getContextPath()));
tomcatSecurityService.enterWebApp(request.getWrapper().getRealm(), genericPrincipal, request.getWrapper().getRunAs());
}
}
Also used :
GenericPrincipal(org.apache.catalina.realm.GenericPrincipal)
SecurityService(org.apache.openejb.spi.SecurityService)
TomcatSecurityService(org.apache.tomee.catalina.TomcatSecurityService)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Request(org.apache.catalina.connector.Request)
ArrayList(java.util.ArrayList)
TomcatSecurityService(org.apache.tomee.catalina.TomcatSecurityService)
Example 3 with TomcatSecurityService
use of org.apache.tomee.catalina.TomcatSecurityService in project tomee by apache.
the class TomEESecurityContext method init.
@PostConstruct
private void init() {
final SecurityService securityService = SystemInstance.get().getComponent(SecurityService.class);
if (securityService instanceof TomcatSecurityService) {
this.securityService = (TomcatSecurityService) securityService;
}
jaccProvider = JaccProvider.get();
}
Also used :
SecurityService(org.apache.openejb.spi.SecurityService)
TomcatSecurityService(org.apache.tomee.catalina.TomcatSecurityService)
TomcatSecurityService(org.apache.tomee.catalina.TomcatSecurityService)
PostConstruct(javax.annotation.PostConstruct)
Aggregations
SecurityService (org.apache.openejb.spi.SecurityService)3
TomcatSecurityService (org.apache.tomee.catalina.TomcatSecurityService)3
HttpServletRequest (javax.servlet.http.HttpServletRequest)2
IOException (java.io.IOException)1
ArrayList (java.util.ArrayList)1
PostConstruct (javax.annotation.PostConstruct)1
ServletException (javax.servlet.ServletException)1
HttpServletResponse (javax.servlet.http.HttpServletResponse)1
Request (org.apache.catalina.connector.Request)1
GenericPrincipal (org.apache.catalina.realm.GenericPrincipal)1
JWTAuthConfiguration (org.apache.tomee.microprofile.jwt.config.JWTAuthConfiguration)1
MalformedClaimException (org.jose4j.jwt.MalformedClaimException)1
InvalidJwtException (org.jose4j.jwt.consumer.InvalidJwtException)1
