Download as
Browse Code »

Commit e4c385501a15507e61f38f69de7244d289fde6e8

Authored by Cleverson Sacramento
1 parent bdc8ac62
Exists in master

Ajustes na interface Authentication e SecurityContext

Showing 15 changed files with 237 additions and 189 deletions   Show diff stats
impl/core/src/main/java/br/gov/frameworkdemoiselle/internal/implementation/DefaultAuthenticator.java
  Diff comments   View file @e4c3855
... ... @@ -40,6 +40,7 @@ import static br.gov.frameworkdemoiselle.internal.implementation.StrategySelecto
40 40 import br.gov.frameworkdemoiselle.DemoiselleException;
41 41 import br.gov.frameworkdemoiselle.annotation.Priority;
42 42 import br.gov.frameworkdemoiselle.internal.producer.ResourceBundleProducer;
  43 +import br.gov.frameworkdemoiselle.security.AuthenticationException;
43 44 import br.gov.frameworkdemoiselle.security.Authenticator;
44 45 import br.gov.frameworkdemoiselle.security.SecurityContext;
45 46 import br.gov.frameworkdemoiselle.security.User;
... ... @@ -51,6 +52,7 @@ import br.gov.frameworkdemoiselle.util.ResourceBundle;
51 52 * @author SERPRO
52 53 * @see Authenticator
53 54 */
  55 +@SuppressWarnings("deprecation")
54 56 @Priority(CORE_PRIORITY)
55 57 public class DefaultAuthenticator implements Authenticator {
56 58  
... ... @@ -62,7 +64,7 @@ public class DefaultAuthenticator implements Authenticator {
62 64 * @see br.gov.frameworkdemoiselle.security.Authenticator#authenticate()
63 65 */
64 66 @Override
65   - public boolean authenticate() {
  67 + public void authenticate() throws AuthenticationException {
66 68 throw getException();
67 69 }
68 70  
... ...
impl/core/src/main/java/br/gov/frameworkdemoiselle/internal/implementation/SecurityContextImpl.java
  Diff comments   View file @e4c3855
... ... @@ -36,8 +36,12 @@
36 36 */
37 37 package br.gov.frameworkdemoiselle.internal.implementation;
38 38  
  39 +import java.io.Serializable;
  40 +import java.security.Principal;
  41 +
39 42 import javax.inject.Named;
40 43  
  44 +import br.gov.frameworkdemoiselle.DemoiselleException;
41 45 import br.gov.frameworkdemoiselle.internal.bootstrap.AuthenticatorBootstrap;
42 46 import br.gov.frameworkdemoiselle.internal.bootstrap.AuthorizerBootstrap;
43 47 import br.gov.frameworkdemoiselle.internal.configuration.SecurityConfig;
... ... @@ -45,6 +49,7 @@ import br.gov.frameworkdemoiselle.internal.configuration.SecurityConfigImpl;
45 49 import br.gov.frameworkdemoiselle.internal.producer.ResourceBundleProducer;
46 50 import br.gov.frameworkdemoiselle.security.AfterLoginSuccessful;
47 51 import br.gov.frameworkdemoiselle.security.AfterLogoutSuccessful;
  52 +import br.gov.frameworkdemoiselle.security.AuthenticationException;
48 53 import br.gov.frameworkdemoiselle.security.Authenticator;
49 54 import br.gov.frameworkdemoiselle.security.Authorizer;
50 55 import br.gov.frameworkdemoiselle.security.NotLoggedInException;
... ... @@ -58,6 +63,7 @@ import br.gov.frameworkdemoiselle.util.ResourceBundle;
58 63 *
59 64 * @author SERPRO
60 65 */
  66 +@SuppressWarnings("deprecation")
61 67 @Named("securityContext")
62 68 public class SecurityContextImpl implements SecurityContext {
63 69  
... ... @@ -116,13 +122,14 @@ public class SecurityContextImpl implements SecurityContext {
116 122 */
117 123 @Override
118 124 public boolean hasRole(String role) throws NotLoggedInException {
  125 + boolean result = true;
  126 +
119 127 if (getConfig().isEnabled()) {
120 128 checkLoggedIn();
121   - return getAuthorizer().hasRole(role);
122   -
123   - } else {
124   - return true;
  129 + result = getAuthorizer().hasRole(role);
125 130 }
  131 +
  132 + return result;
126 133 }
127 134  
128 135 /**
... ... @@ -130,24 +137,34 @@ public class SecurityContextImpl implements SecurityContext {
130 137 */
131 138 @Override
132 139 public boolean isLoggedIn() {
  140 + boolean result = true;
  141 +
133 142 if (getConfig().isEnabled()) {
134   - return getUser() != null;
135   - } else {
136   - return true;
  143 + result = getCurrentUser() != null;
137 144 }
  145 +
  146 + return result;
138 147 }
139 148  
140 149 /**
141 150 * @see br.gov.frameworkdemoiselle.security.SecurityContext#login()
142 151 */
143 152 @Override
144   - public void login() {
145   - if (getConfig().isEnabled() && getAuthenticator().authenticate()) {
146   - Beans.getBeanManager().fireEvent(new AfterLoginSuccessful() {
147   -
148   - private static final long serialVersionUID = 1L;
149   -
150   - });
  153 + public void login() throws AuthenticationException {
  154 + if (getConfig().isEnabled()) {
  155 +
  156 + try {
  157 + getAuthenticator().authenticate();
  158 +
  159 + Beans.getBeanManager().fireEvent(new AfterLoginSuccessful() {
  160 +
  161 + private static final long serialVersionUID = 1L;
  162 +
  163 + });
  164 +
  165 + } catch (AuthenticationException cause) {
  166 + throw cause;
  167 + }
151 168 }
152 169 }
153 170  
... ... @@ -168,31 +185,20 @@ public class SecurityContextImpl implements SecurityContext {
168 185 }
169 186  
170 187 /**
  188 + * @deprecated Use {@link #getCurrentUser()} instead.
171 189 * @see br.gov.frameworkdemoiselle.security.SecurityContext#getUser()
172 190 */
173 191 @Override
174 192 public User getUser() {
175   - User user = getAuthenticator().getUser();
176   -
177   - if (!getConfig().isEnabled() && user == null) {
178   - user = new User() {
179   -
180   - private static final long serialVersionUID = 1L;
181   -
182   - @Override
183   - public void setAttribute(Object key, Object value) {
184   - }
  193 + throw new DemoiselleException("Utilize o método getCurrentUser() ao invés do getUser()");
  194 + }
185 195  
186   - @Override
187   - public String getId() {
188   - return "demoiselle";
189   - }
  196 + @Override
  197 + public Principal getCurrentUser() {
  198 + Principal user = getAuthenticator().getUser();
190 199  
191   - @Override
192   - public Object getAttribute(Object key) {
193   - return null;
194   - }
195   - };
  200 + if (!getConfig().isEnabled() && user == null) {
  201 + user = new EmptyUser();
196 202 }
197 203  
198 204 return user;
... ... @@ -208,4 +214,14 @@ public class SecurityContextImpl implements SecurityContext {
208 214 throw new NotLoggedInException(bundle.getString("user-not-authenticated"));
209 215 }
210 216 }
  217 +
  218 + private class EmptyUser implements Principal, Serializable {
  219 +
  220 + private static final long serialVersionUID = 1L;
  221 +
  222 + @Override
  223 + public String getName() {
  224 + return "demoiselle";
  225 + }
  226 + }
211 227 }
... ...
impl/core/src/main/java/br/gov/frameworkdemoiselle/internal/interceptor/RequiredPermissionInterceptor.java
  Diff comments   View file @e4c3855
... ... @@ -37,6 +37,7 @@
37 37 package br.gov.frameworkdemoiselle.internal.interceptor;
38 38  
39 39 import java.io.Serializable;
  40 +import java.security.Principal;
40 41  
41 42 import javax.interceptor.AroundInvoke;
42 43 import javax.interceptor.Interceptor;
... ... @@ -50,7 +51,6 @@ import br.gov.frameworkdemoiselle.internal.producer.ResourceBundleProducer;
50 51 import br.gov.frameworkdemoiselle.security.AuthorizationException;
51 52 import br.gov.frameworkdemoiselle.security.RequiredPermission;
52 53 import br.gov.frameworkdemoiselle.security.SecurityContext;
53   -import br.gov.frameworkdemoiselle.security.User;
54 54 import br.gov.frameworkdemoiselle.util.Beans;
55 55 import br.gov.frameworkdemoiselle.util.ResourceBundle;
56 56 import br.gov.frameworkdemoiselle.util.Strings;
... ... @@ -112,10 +112,10 @@ public class RequiredPermissionInterceptor implements Serializable {
112 112 */
113 113 private String getUsername() {
114 114 String username = "";
115   - User user = getSecurityContext().getUser();
  115 + Principal user = getSecurityContext().getCurrentUser();
116 116  
117   - if (user != null && user.getId() != null) {
118   - username = user.getId();
  117 + if (user != null && user.getName() != null) {
  118 + username = user.getName();
119 119 }
120 120  
121 121 return username;
... ...
impl/core/src/main/java/br/gov/frameworkdemoiselle/internal/interceptor/RequiredRoleInterceptor.java
  Diff comments   View file @e4c3855
... ... @@ -90,7 +90,7 @@ public class RequiredRoleInterceptor implements Serializable {
90 90  
91 91 if (getSecurityContext().isLoggedIn()) {
92 92 getLogger().info(
93   - getBundle().getString("has-role-verification", getSecurityContext().getUser().getId(), roles));
  93 + getBundle().getString("has-role-verification", getSecurityContext().getCurrentUser().getName(), roles));
94 94 }
95 95  
96 96 List<String> userRoles = new ArrayList<String>();
... ... @@ -103,14 +103,14 @@ public class RequiredRoleInterceptor implements Serializable {
103 103  
104 104 if (userRoles.isEmpty()) {
105 105 getLogger().error(
106   - getBundle().getString("does-not-have-role", getSecurityContext().getUser().getId(), roles));
  106 + getBundle().getString("does-not-have-role", getSecurityContext().getCurrentUser().getName(), roles));
107 107  
108 108 @SuppressWarnings("unused")
109 109 AuthorizationException a = new AuthorizationException(null);
110 110 throw new AuthorizationException(getBundle().getString("does-not-have-role-ui", roles));
111 111 }
112 112  
113   - getLogger().debug(getBundle().getString("user-has-role", getSecurityContext().getUser().getId(), userRoles));
  113 + getLogger().debug(getBundle().getString("user-has-role", getSecurityContext().getCurrentUser().getName(), userRoles));
114 114  
115 115 return ic.proceed();
116 116 }
... ...
impl/core/src/main/java/br/gov/frameworkdemoiselle/security/AuthenticationException.java 0 → 100644
  Diff comments   View file @e4c3855
... ... @@ -0,0 +1,79 @@
  1 +/*
  2 + * Demoiselle Framework
  3 + * Copyright (C) 2010 SERPRO
  4 + * ----------------------------------------------------------------------------
  5 + * This file is part of Demoiselle Framework.
  6 + *
  7 + * Demoiselle Framework is free software; you can redistribute it and/or
  8 + * modify it under the terms of the GNU Lesser General Public License version 3
  9 + * as published by the Free Software Foundation.
  10 + *
  11 + * This program is distributed in the hope that it will be useful,
  12 + * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  14 + * GNU General Public License for more details.
  15 + *
  16 + * You should have received a copy of the GNU Lesser General Public License version 3
  17 + * along with this program; if not, see <http://www.gnu.org/licenses/>
  18 + * or write to the Free Software Foundation, Inc., 51 Franklin Street,
  19 + * Fifth Floor, Boston, MA 02110-1301, USA.
  20 + * ----------------------------------------------------------------------------
  21 + * Este arquivo é parte do Framework Demoiselle.
  22 + *
  23 + * O Framework Demoiselle é um software livre; você pode redistribuí-lo e/ou
  24 + * modificá-lo dentro dos termos da GNU LGPL versão 3 como publicada pela Fundação
  25 + * do Software Livre (FSF).
  26 + *
  27 + * Este programa é distribuído na esperança que possa ser útil, mas SEM NENHUMA
  28 + * GARANTIA; sem uma garantia implícita de ADEQUAÇÃO a qualquer MERCADO ou
  29 + * APLICAÇÃO EM PARTICULAR. Veja a Licença Pública Geral GNU/LGPL em português
  30 + * para maiores detalhes.
  31 + *
  32 + * Você deve ter recebido uma cópia da GNU LGPL versão 3, sob o título
  33 + * "LICENCA.txt", junto com esse programa. Se não, acesse <http://www.gnu.org/licenses/>
  34 + * ou escreva para a Fundação do Software Livre (FSF) Inc.,
  35 + * 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA.
  36 + */
  37 +package br.gov.frameworkdemoiselle.security;
  38 +
  39 +/**
  40 + * Thrown when the authorization process fails.
  41 + *
  42 + * @author SERPRO
  43 + */
  44 +public class AuthenticationException extends SecurityException {
  45 +
  46 + private static final long serialVersionUID = 1L;
  47 +
  48 + /**
  49 + * Constructor with message.
  50 + *
  51 + * @param message
  52 + * exception message
  53 + */
  54 + public AuthenticationException(String message) {
  55 + super(message);
  56 + }
  57 +
  58 + /**
  59 + * Constructor with the cause.
  60 + *
  61 + * @param cause
  62 + * exception cause
  63 + */
  64 + public AuthenticationException(Throwable cause) {
  65 + super(cause);
  66 + }
  67 +
  68 + /**
  69 + * Constructor with message and cause.
  70 + *
  71 + * @param message
  72 + * exception message
  73 + * @param cause
  74 + * exception cause
  75 + */
  76 + public AuthenticationException(String message, Throwable cause) {
  77 + super(message, cause);
  78 + }
  79 +}
... ...
impl/core/src/main/java/br/gov/frameworkdemoiselle/security/Authenticator.java
  Diff comments   View file @e4c3855
... ... @@ -37,6 +37,7 @@
37 37 package br.gov.frameworkdemoiselle.security;
38 38  
39 39 import java.io.Serializable;
  40 +import java.security.Principal;
40 41  
41 42 /**
42 43 * Defines the methods that should be implemented by anyone who wants an authentication mechanism.
... ... @@ -48,9 +49,9 @@ public interface Authenticator extends Serializable {
48 49 /**
49 50 * Executes the necessary steps to authenticate an user.
50 51 *
51   - * @return {@code true} if the user was authenticated properly
  52 + * @throws AuthenticationException When the authentication process fails, this exception is thrown.
52 53 */
53   - boolean authenticate();
  54 + void authenticate() throws AuthenticationException;
54 55  
55 56 /**
56 57 * Executes the necessary steps to unauthenticate an user.
... ... @@ -62,5 +63,5 @@ public interface Authenticator extends Serializable {
62 63 *
63 64 * @return the user currently authenticated
64 65 */
65   - User getUser();
  66 + Principal getUser();
66 67 }
... ...
impl/core/src/main/java/br/gov/frameworkdemoiselle/security/AuthorizationException.java
  Diff comments   View file @e4c3855
... ... @@ -36,11 +36,8 @@
36 36 */
37 37 package br.gov.frameworkdemoiselle.security;
38 38  
39   -import br.gov.frameworkdemoiselle.internal.producer.ResourceBundleProducer;
40   -import br.gov.frameworkdemoiselle.util.ResourceBundle;
41   -
42 39 /**
43   - * Thrown when trying to access some resource and/or execute an operation without the proper authorization.
  40 + * Thrown when a fail on trying to access some resource and/or execute an operation without the proper authorization.
44 41 *
45 42 * @author SERPRO
46 43 */
... ... @@ -48,8 +45,6 @@ public class AuthorizationException extends SecurityException {
48 45  
49 46 private static final long serialVersionUID = 1L;
50 47  
51   - private static ResourceBundle bundle;
52   -
53 48 /**
54 49 * Constructor with message.
55 50 *
... ... @@ -59,16 +54,4 @@ public class AuthorizationException extends SecurityException {
59 54 public AuthorizationException(String message) {
60 55 super(message);
61 56 }
62   -
63   - public AuthorizationException(String resource, String operation) {
64   - super(getBundle().getString("access-denied-ui", resource, operation));
65   - }
66   -
67   - private static ResourceBundle getBundle() {
68   - if (bundle == null) {
69   - bundle = ResourceBundleProducer.create("demoiselle-core-bundle");
70   - }
71   -
72   - return bundle;
73   - }
74 57 }
... ...
impl/core/src/main/java/br/gov/frameworkdemoiselle/security/SecurityContext.java
  Diff comments   View file @e4c3855
... ... @@ -37,7 +37,7 @@
37 37 package br.gov.frameworkdemoiselle.security;
38 38  
39 39 import java.io.Serializable;
40   -
  40 +import java.security.Principal;
41 41  
42 42 /**
43 43 * Structure used to handle both authentication and authorizations mechanisms.
... ... @@ -48,8 +48,11 @@ public interface SecurityContext extends Serializable {
48 48  
49 49 /**
50 50 * Executes the login of a user to the application.
  51 + *
  52 + * @throws AuthorizationException
  53 + * When the logon process fails, this exception is thrown.
51 54 */
52   - void login();
  55 + void login() throws AuthorizationException;
53 56  
54 57 /**
55 58 * Executes the logout of a user.
... ... @@ -65,7 +68,7 @@ public interface SecurityContext extends Serializable {
65 68 * @return {@code true} if the user is logged in
66 69 */
67 70 boolean isLoggedIn();
68   -
  71 +
69 72 void checkLoggedIn() throws NotLoggedInException;
70 73  
71 74 /**
... ... @@ -95,7 +98,15 @@ public interface SecurityContext extends Serializable {
95 98 /**
96 99 * Return the user logged in the session.
97 100 *
  101 + * @deprecated See {@link #getCurrentUser()}
98 102 * @return the user logged in a specific session. If there is no active session returns {@code null}
99 103 */
100 104 User getUser();
  105 +
  106 + /**
  107 + * Return the user logged in the authenticated session.
  108 + *
  109 + * @return the user logged in a specific session. If there is no active authenticated session returns {@code null}
  110 + */
  111 + Principal getCurrentUser();
101 112 }
... ...
impl/core/src/main/java/br/gov/frameworkdemoiselle/security/SecurityException.java
  Diff comments   View file @e4c3855
... ... @@ -67,4 +67,16 @@ public class SecurityException extends DemoiselleException {
67 67 public SecurityException(Throwable cause) {
68 68 super(cause);
69 69 }
  70 +
  71 + /**
  72 + * Constructor with message and cause.
  73 + *
  74 + * @param message
  75 + * exception message
  76 + * @param cause
  77 + * exception cause
  78 + */
  79 + public SecurityException(String message, Throwable cause) {
  80 + super(message, cause);
  81 + }
70 82 }
... ...
impl/core/src/main/java/br/gov/frameworkdemoiselle/security/User.java
  Diff comments   View file @e4c3855
... ... @@ -37,12 +37,13 @@
37 37 package br.gov.frameworkdemoiselle.security;
38 38  
39 39 import java.io.Serializable;
  40 +import java.security.Principal;
40 41  
41 42 /**
42 43 * @author SERPRO
43   - *
  44 + * @deprecated
44 45 */
45   -public interface User extends Serializable {
  46 +public interface User extends Principal, Serializable {
46 47  
47 48 /**
48 49 * Returns the id of the logged user.
... ...
impl/core/src/test/java/br/gov/frameworkdemoiselle/internal/implementation/SecurityContextImplTest.java
  Diff comments   View file @e4c3855
... ... @@ -47,13 +47,12 @@ import static org.easymock.EasyMock.expect;
47 47 import static org.powermock.api.easymock.PowerMock.mockStatic;
48 48 import static org.powermock.api.easymock.PowerMock.replay;
49 49 import static org.powermock.api.easymock.PowerMock.replayAll;
  50 +import static org.powermock.reflect.Whitebox.setInternalState;
50 51  
51 52 import java.util.ArrayList;
52 53 import java.util.List;
53 54 import java.util.Locale;
54 55  
55   -import static org.powermock.reflect.Whitebox.setInternalState;
56   -
57 56 import javax.enterprise.inject.spi.BeanManager;
58 57  
59 58 import org.easymock.EasyMock;
... ... @@ -64,13 +63,13 @@ import org.powermock.api.easymock.PowerMock;
64 63 import org.powermock.core.classloader.annotations.PrepareForTest;
65 64 import org.powermock.modules.junit4.PowerMockRunner;
66 65  
67   -import br.gov.frameworkdemoiselle.security.Authenticator;
68   -import br.gov.frameworkdemoiselle.security.User;
69   -import br.gov.frameworkdemoiselle.security.Authorizer;
70   -import br.gov.frameworkdemoiselle.security.NotLoggedInException;
71 66 import br.gov.frameworkdemoiselle.internal.bootstrap.AuthenticatorBootstrap;
72 67 import br.gov.frameworkdemoiselle.internal.configuration.SecurityConfigImpl;
73 68 import br.gov.frameworkdemoiselle.internal.producer.ResourceBundleProducer;
  69 +import br.gov.frameworkdemoiselle.security.Authenticator;
  70 +import br.gov.frameworkdemoiselle.security.Authorizer;
  71 +import br.gov.frameworkdemoiselle.security.NotLoggedInException;
  72 +import br.gov.frameworkdemoiselle.security.User;
74 73 import br.gov.frameworkdemoiselle.util.Beans;
75 74 import br.gov.frameworkdemoiselle.util.ResourceBundle;
76 75  
... ... @@ -79,7 +78,9 @@ import br.gov.frameworkdemoiselle.util.ResourceBundle;
79 78 public class SecurityContextImplTest {
80 79  
81 80 private SecurityContextImpl context;
  81 +
82 82 private SecurityConfigImpl config;
  83 +
83 84 private ResourceBundle bundle;
84 85  
85 86 @Before
... ... @@ -94,7 +95,7 @@ public class SecurityContextImplTest {
94 95 @Test
95 96 public void testHasPermissionWithSecurityDisabled() {
96 97 expect(config.isEnabled()).andReturn(false);
97   - replayAll(Beans.class,config);
  98 + replayAll(Beans.class, config);
98 99  
99 100 try {
100 101 assertTrue(context.hasPermission(null, null));
... ... @@ -107,23 +108,23 @@ public class SecurityContextImplTest {
107 108 Class<? extends Authenticator> cache = AuthenticatorImpl.class;
108 109 List<Class<? extends Authenticator>> cacheList = new ArrayList<Class<? extends Authenticator>>();
109 110 cacheList.add(cache);
110   -
  111 +
111 112 AuthenticatorBootstrap bootstrap = PowerMock.createMock(AuthenticatorBootstrap.class);
112   -
  113 +
113 114 expect(Beans.getReference(AuthenticatorBootstrap.class)).andReturn(bootstrap).anyTimes();
114 115 expect(config.getAuthenticatorClass()).andReturn(null).anyTimes();
115 116 expect(bootstrap.getCache()).andReturn(cacheList);
116 117 expect(Beans.getReference(AuthenticatorImpl.class)).andReturn(new AuthenticatorImpl());
117 118 expect(Beans.getReference(Locale.class)).andReturn(Locale.getDefault()).anyTimes();
118 119 }
119   -
  120 +
120 121 @Test
121 122 public void testHasPermissionWithSecurityEnabledAndNotLoggedIn() {
122 123 mockGetAuthenticator();
123 124  
124 125 expect(config.isEnabled()).andReturn(true).anyTimes();
125   - replayAll(Beans.class,config);
126   -
  126 + replayAll(Beans.class, config);
  127 +
127 128 bundle = ResourceBundleProducer.create("demoiselle-core-bundle");
128 129  
129 130 try {
... ... @@ -154,10 +155,10 @@ public class SecurityContextImplTest {
154 155 fail();
155 156 }
156 157 }
157   -
  158 +
158 159 private void loginSuccessfully() {
159 160 Authenticator authenticator = createMock(Authenticator.class);
160   - expect(authenticator.authenticate()).andReturn(true);
  161 + // expect(authenticator.authenticate()).andReturn(true);
161 162  
162 163 BeanManager manager = createMock(BeanManager.class);
163 164 expect(Beans.getBeanManager()).andReturn(manager);
... ... @@ -165,20 +166,20 @@ public class SecurityContextImplTest {
165 166 PowerMock.expectLastCall();
166 167  
167 168 User user = createMock(User.class);
168   - expect(authenticator.getUser()).andReturn(user).anyTimes();
  169 + expect(authenticator.getUser()).andReturn(user).anyTimes();
169 170  
170   - setInternalState(context, "authenticator", authenticator);
  171 + setInternalState(context, "authenticator", authenticator);
171 172  
172   - replayAll(authenticator, user, Beans.class, manager);
  173 + replayAll(authenticator, user, Beans.class, manager);
173 174  
174   - context.login();
175   - assertTrue(context.isLoggedIn());
  175 + context.login();
  176 + assertTrue(context.isLoggedIn());
176 177 }
177 178  
178 179 @Test
179 180 public void testHasRoleWithSecurityDisabled() {
180 181 expect(config.isEnabled()).andReturn(false);
181   - replayAll(Beans.class,config);
  182 + replayAll(Beans.class, config);
182 183  
183 184 try {
184 185 assertTrue(context.hasRole(null));
... ... @@ -190,10 +191,10 @@ public class SecurityContextImplTest {
190 191 @Test
191 192 public void testHasRoleWithSecurityEnabledAndNotLoggedIn() {
192 193 mockGetAuthenticator();
193   -
  194 +
194 195 expect(config.isEnabled()).andReturn(true).anyTimes();
195   - replayAll(Beans.class,config);
196   -
  196 + replayAll(Beans.class, config);
  197 +
197 198 bundle = ResourceBundleProducer.create("demoiselle-core-bundle");
198 199  
199 200 try {
... ... @@ -241,7 +242,7 @@ public class SecurityContextImplTest {
241 242 @Test
242 243 public void testIsLoggedInWithSecurityDisabled() {
243 244 expect(config.isEnabled()).andReturn(false);
244   - replayAll(config,Beans.class);
  245 + replayAll(config, Beans.class);
245 246  
246 247 assertTrue(context.isLoggedIn());
247 248 }
... ... @@ -249,7 +250,7 @@ public class SecurityContextImplTest {
249 250 @Test
250 251 public void testLoginWithSecurityDisabled() {
251 252 expect(config.isEnabled()).andReturn(false).times(2);
252   - replayAll(config,Beans.class);
  253 + replayAll(config, Beans.class);
253 254 context.login();
254 255  
255 256 assertTrue(context.isLoggedIn());
... ... @@ -258,9 +259,9 @@ public class SecurityContextImplTest {
258 259 @Test
259 260 public void testLoginWithAuthenticationFail() {
260 261 Authenticator authenticator = createMock(Authenticator.class);
261   -
  262 +
262 263 expect(config.isEnabled()).andReturn(true).anyTimes();
263   - expect(authenticator.authenticate()).andReturn(false);
  264 + // expect(authenticator.authenticate()).andReturn(false);
264 265 expect(authenticator.getUser()).andReturn(null).anyTimes();
265 266  
266 267 setInternalState(context, "authenticator", authenticator);
... ... @@ -275,7 +276,7 @@ public class SecurityContextImplTest {
275 276 public void testLogOutWithSecurityDisabled() {
276 277 expect(config.isEnabled()).andReturn(false).times(2);
277 278  
278   - replayAll(config,Beans.class);
  279 + replayAll(config, Beans.class);
279 280  
280 281 try {
281 282 context.logout();
... ... @@ -288,7 +289,7 @@ public class SecurityContextImplTest {
288 289 @Test
289 290 public void testLogOutWithoutPreviousLogin() {
290 291 Authenticator authenticator = createMock(Authenticator.class);
291   -
  292 +
292 293 expect(authenticator.getUser()).andReturn(null).anyTimes();
293 294 expect(Beans.getReference(Locale.class)).andReturn(Locale.getDefault()).anyTimes();
294 295 expect(config.isEnabled()).andReturn(true).anyTimes();
... ... @@ -296,7 +297,7 @@ public class SecurityContextImplTest {
296 297 setInternalState(context, "authenticator", authenticator);
297 298  
298 299 replayAll(config, authenticator, Beans.class);
299   -
  300 +
300 301 bundle = ResourceBundleProducer.create("demoiselle-core-bundle");
301 302  
302 303 try {
... ... @@ -312,7 +313,7 @@ public class SecurityContextImplTest {
312 313 expect(config.isEnabled()).andReturn(true).anyTimes();
313 314  
314 315 Authenticator authenticator = createMock(Authenticator.class);
315   - expect(authenticator.authenticate()).andReturn(true);
  316 + // expect(authenticator.authenticate()).andReturn(true);
316 317 authenticator.unAuthenticate();
317 318 PowerMock.expectLastCall();
318 319  
... ... @@ -381,8 +382,7 @@ public class SecurityContextImplTest {
381 382 private static final long serialVersionUID = 1L;
382 383  
383 384 @Override
384   - public boolean authenticate() {
385   - return false;
  385 + public void authenticate() {
386 386 }
387 387  
388 388 @Override
... ...
impl/extension/jaas/src/main/java/br/gov/frameworkdemoiselle/security/JAASAuthenticator.java
  Diff comments   View file @e4c3855
... ... @@ -39,7 +39,7 @@ package br.gov.frameworkdemoiselle.security;
39 39 import static br.gov.frameworkdemoiselle.internal.implementation.StrategySelector.EXTENSIONS_L1_PRIORITY;
40 40  
41 41 import java.io.IOException;
42   -import java.security.SecurityPermission;
  42 +import java.security.Principal;
43 43  
44 44 import javax.enterprise.context.SessionScoped;
45 45 import javax.enterprise.inject.Produces;
... ... @@ -72,7 +72,7 @@ public class JAASAuthenticator implements Authenticator {
72 72  
73 73 private static Logger logger;
74 74  
75   - private User user;
  75 + private Principal user;
76 76  
77 77 private final Subject subject;
78 78  
... ... @@ -87,26 +87,20 @@ public class JAASAuthenticator implements Authenticator {
87 87 }
88 88  
89 89 @Override
90   - public boolean authenticate() {
91   - boolean result = false;
92   -
  90 + public void authenticate() throws AuthenticationException {
93 91 try {
94 92 LoginContext loginContext = createLoginContext();
95   -
  93 +
96 94 if (loginContext != null) {
97 95 loginContext.login();
98 96  
99 97 this.user = createUser(this.credentials.getUsername());
100 98 this.credentials.clear();
101   -
102   - result = true;
103 99 }
104 100  
105 101 } catch (LoginException cause) {
106   - getLogger().info(cause.getMessage());
  102 + throw new AuthenticationException(cause);
107 103 }
108   -
109   - return result;
110 104 }
111 105  
112 106 @Override
... ... @@ -114,52 +108,46 @@ public class JAASAuthenticator implements Authenticator {
114 108 this.user = null;
115 109 }
116 110  
117   - private User createUser(final String username) {
118   - return new User() {
  111 + private Principal createUser(final String username) {
  112 + return new Principal() {
119 113  
120   - private static final long serialVersionUID = 1L;
  114 + // TODO Tornar esta classe serializável
  115 + // private static final long serialVersionUID = 1L;
121 116  
122 117 @Override
123   - public String getId() {
  118 + public String getName() {
124 119 return username;
125 120 }
126   -
127   - @Override
128   - public Object getAttribute(Object key) {
129   - return null;
130   - }
131   -
132   - @Override
133   - public void setAttribute(Object key, Object value) {
134   - }
135 121 };
136 122 }
137 123  
138 124 @Override
139   - public User getUser() {
  125 + public Principal getUser() {
140 126 try {
141   -
142   -// LoginContext
143   -
144   -// AbstractSecurityContext.
145   -
146   -// Object securityContext = System.getSecurityManager().getSecurityContext();
147   -
148   -// System.out.println(securityContext.toString());
149   -
  127 +
  128 + // LoginContext
  129 +
  130 + // AbstractSecurityContext.
  131 +
  132 + // Object securityContext = System.getSecurityManager().getSecurityContext();
  133 +
  134 + // System.out.println(securityContext.toString());
  135 +
150 136 String name = config.getLoginModuleName();
151 137 LoginContext loginContext = new LoginContext(name, this.subject);
152 138 loginContext.login();
153   -
  139 +
154 140 Subject subject2 = loginContext.getSubject();
155 141  
156   - System.out.println(subject2.toString());
157   -
  142 + //subject2.get
  143 +
  144 + //System.out.println(subject2.toString());
  145 +
158 146 } catch (LoginException e) {
159 147 // TODO Auto-generated catch block
160 148 e.printStackTrace();
161 149 }
162   -
  150 +
163 151 return this.user;
164 152 }
165 153  
... ...
impl/extension/servlet/src/main/java/br/gov/frameworkdemoiselle/security/ServletAuthenticator.java
  Diff comments   View file @e4c3855
... ... @@ -43,11 +43,7 @@ import java.security.Principal;
43 43 import javax.servlet.ServletException;
44 44 import javax.servlet.http.HttpServletRequest;
45 45  
46   -import org.slf4j.Logger;
47   -
48 46 import br.gov.frameworkdemoiselle.annotation.Priority;
49   -import br.gov.frameworkdemoiselle.internal.interceptor.TransactionalInterceptor;
50   -import br.gov.frameworkdemoiselle.internal.producer.LoggerProducer;
51 47 import br.gov.frameworkdemoiselle.internal.producer.ResourceBundleProducer;
52 48 import br.gov.frameworkdemoiselle.util.Beans;
53 49 import br.gov.frameworkdemoiselle.util.ResourceBundle;
... ... @@ -59,23 +55,14 @@ public class ServletAuthenticator implements Authenticator {
59 55  
60 56 private static ResourceBundle bundle;
61 57  
62   - private static Logger logger;
63   -
64 58 @Override
65   - public boolean authenticate() {
66   - boolean result;
67   -
  59 + public void authenticate() throws AuthenticationException {
68 60 try {
69 61 getRequest().login(getCredentials().getUsername(), getCredentials().getPassword());
70   - result = true;
71 62  
72 63 } catch (ServletException cause) {
73   - getLogger().debug(getBundle().getString("authentication-failed") + cause.getLocalizedMessage());
74   -
75   - result = false;
  64 + throw new AuthenticationException(getBundle().getString("authentication-failed"), cause);
76 65 }
77   -
78   - return result;
79 66 }
80 67  
81 68 @Override
... ... @@ -85,32 +72,8 @@ public class ServletAuthenticator implements Authenticator {
85 72 }
86 73  
87 74 @Override
88   - public User getUser() {
89   - User user = null;
90   - final Principal userPincipal = getRequest().getUserPrincipal();
91   -
92   - if (userPincipal != null) {
93   - user = new User() {
94   -
95   - private static final long serialVersionUID = 1L;
96   -
97   - @Override
98   - public String getId() {
99   - return userPincipal.getName();
100   - }
101   -
102   - @Override
103   - public void setAttribute(Object key, Object value) {
104   - }
105   -
106   - @Override
107   - public Object getAttribute(Object key) {
108   - return null;
109   - }
110   - };
111   - }
112   -
113   - return user;
  75 + public Principal getUser() {
  76 + return getRequest().getUserPrincipal();
114 77 }
115 78  
116 79 protected Credentials getCredentials() {
... ... @@ -128,12 +91,4 @@ public class ServletAuthenticator implements Authenticator {
128 91  
129 92 return bundle;
130 93 }
131   -
132   - private static Logger getLogger() {
133   - if (logger == null) {
134   - logger = LoggerProducer.create(TransactionalInterceptor.class);
135   - }
136   -
137   - return logger;
138   - }
139 94 }
... ...
impl/extension/servlet/src/main/resources/demoiselle-servlet-bundle.properties
  Diff comments   View file @e4c3855
... ... @@ -34,4 +34,4 @@
34 34 # 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA.
35 35  
36 36 has-permission-not-supported=N\u00E3o \u00E9 poss\u00EDvel utilizar @{0}, pois esta funcionalidade n\u00E3o \u00E9 suportada pelo JAAS.
37   -authentication-failed=Falha na autentica\u00E7\u00E3o \:
  37 +authentication-failed=Falha no processo de autentica\u00E7\u00E3o.
... ...
pom.xml
  Diff comments   View file @e4c3855
... ... @@ -49,7 +49,7 @@
49 49 <relativePath>../internal/parent/build/demoiselle</relativePath>
50 50 </parent>
51 51  
52   - <name>Demoiselle Framework Build Aggregator</name>
  52 + <name>Demoiselle Framework</name>
53 53 <description>
54 54 A liberação de versões do framework deve ser feita a partir deste build, que fará automaticamente o build
55 55 de todos os artefatos com versionamento sincronizado. Jamais gere uma versão do framework sem utilizar este build.
... ...