org.apache.tomee.security.cdi.TomEESecurityServletAuthenticationMechanismMapper.java Source code

Java tutorial

  1. HOME
  2. Java
  3. org.apache.tomee.security.cdi.TomEESecurityServletAuthenticationMechanismMapper.java

Introduction

Here is the source code for org.apache.tomee.security.cdi.TomEESecurityServletAuthenticationMechanismMapper.java

Source

/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.tomee.security.cdi;

import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.context.Initialized;
import javax.enterprise.event.Observes;
import javax.enterprise.inject.Instance;
import javax.enterprise.inject.spi.CDI;
import javax.inject.Inject;
import javax.security.enterprise.authentication.mechanism.http.BasicAuthenticationMechanismDefinition;
import javax.security.enterprise.authentication.mechanism.http.FormAuthenticationMechanismDefinition;
import javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism;
import javax.security.enterprise.authentication.mechanism.http.HttpMessageContext;
import javax.servlet.ServletContext;
import javax.servlet.ServletRegistration;
import javax.servlet.http.HttpServletRequest;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.stream.Collectors;

import static java.util.stream.Collectors.toList;
import static org.apache.commons.lang3.StringUtils.substringBefore;

@ApplicationScoped
public class TomEESecurityServletAuthenticationMechanismMapper {
    private final Map<String, HttpAuthenticationMechanism> servletAuthenticationMapper = new ConcurrentHashMap<>();

    @Inject
    private Instance<HttpAuthenticationMechanism> authenticationMechanisms;
    @Inject
    private DefaultAuthenticationMechanism defaultAuthenticationMechanism;

    public void init(@Observes @Initialized(ApplicationScoped.class) final ServletContext context) {
        final Map<String, ? extends ServletRegistration> servletRegistrations = context.getServletRegistrations();
        servletRegistrations.forEach((servletName, servletRegistration) -> {
            try {
                final Class<?> servletClass = Thread.currentThread().getContextClassLoader().loadClass(servletName);
                if (servletClass.isAnnotationPresent(BasicAuthenticationMechanismDefinition.class)) {
                    servletAuthenticationMapper.put(servletName,
                            CDI.current().select(BasicAuthenticationMechanism.class).get());
                }

                if (servletClass.isAnnotationPresent(FormAuthenticationMechanismDefinition.class)) {
                    servletAuthenticationMapper.put(servletName,
                            CDI.current().select(FormAuthenticationMechanism.class).get());
                }

            } catch (final ClassNotFoundException e) {
                // Ignore
            }
        });

        final Set<HttpAuthenticationMechanism> availableBeans = authenticationMechanisms.stream()
                .collect(Collectors.toSet());
        availableBeans.removeAll(servletAuthenticationMapper.values());
        availableBeans.remove(defaultAuthenticationMechanism);

        if (availableBeans.size() == 1) {
            defaultAuthenticationMechanism.setDelegate(availableBeans.iterator().next());
        } else if (availableBeans.size() > 1) {
            throw new IllegalStateException("Multiple HttpAuthenticationMechanism found "
                    + availableBeans.stream().map(b -> substringBefore(b.getClass().getSimpleName(), "$$"))
                            .collect(toList())
                    + " " + "without a @WebServlet association. "
                    + "Deploy a single one for the application, or associate it with a @WebServlet.");
        }
    }

    public HttpAuthenticationMechanism getCurrentAuthenticationMechanism(
            final HttpMessageContext httpMessageContext) {
        final HttpServletRequest request = httpMessageContext.getRequest();

        if (request.getRequestURI().endsWith("j_security_check")) {
            return CDI.current().select(FormAuthenticationMechanism.class).get();
        }

        final String servletName = request.getHttpServletMapping().getServletName();
        return servletAuthenticationMapper.getOrDefault(servletName, defaultAuthenticationMechanism);
    }
}