Commit e4c385501a15507e61f38f69de7244d289fde6e8
1 parent
bdc8ac62
Exists in
master
Ajustes na interface Authentication e SecurityContext
Showing
15 changed files
with
237 additions
and
189 deletions
Show diff stats
impl/core/src/main/java/br/gov/frameworkdemoiselle/internal/implementation/DefaultAuthenticator.java
@@ -40,6 +40,7 @@ import static br.gov.frameworkdemoiselle.internal.implementation.StrategySelecto | @@ -40,6 +40,7 @@ import static br.gov.frameworkdemoiselle.internal.implementation.StrategySelecto | ||
40 | import br.gov.frameworkdemoiselle.DemoiselleException; | 40 | import br.gov.frameworkdemoiselle.DemoiselleException; |
41 | import br.gov.frameworkdemoiselle.annotation.Priority; | 41 | import br.gov.frameworkdemoiselle.annotation.Priority; |
42 | import br.gov.frameworkdemoiselle.internal.producer.ResourceBundleProducer; | 42 | import br.gov.frameworkdemoiselle.internal.producer.ResourceBundleProducer; |
43 | +import br.gov.frameworkdemoiselle.security.AuthenticationException; | ||
43 | import br.gov.frameworkdemoiselle.security.Authenticator; | 44 | import br.gov.frameworkdemoiselle.security.Authenticator; |
44 | import br.gov.frameworkdemoiselle.security.SecurityContext; | 45 | import br.gov.frameworkdemoiselle.security.SecurityContext; |
45 | import br.gov.frameworkdemoiselle.security.User; | 46 | import br.gov.frameworkdemoiselle.security.User; |
@@ -51,6 +52,7 @@ import br.gov.frameworkdemoiselle.util.ResourceBundle; | @@ -51,6 +52,7 @@ import br.gov.frameworkdemoiselle.util.ResourceBundle; | ||
51 | * @author SERPRO | 52 | * @author SERPRO |
52 | * @see Authenticator | 53 | * @see Authenticator |
53 | */ | 54 | */ |
55 | +@SuppressWarnings("deprecation") | ||
54 | @Priority(CORE_PRIORITY) | 56 | @Priority(CORE_PRIORITY) |
55 | public class DefaultAuthenticator implements Authenticator { | 57 | public class DefaultAuthenticator implements Authenticator { |
56 | 58 | ||
@@ -62,7 +64,7 @@ public class DefaultAuthenticator implements Authenticator { | @@ -62,7 +64,7 @@ public class DefaultAuthenticator implements Authenticator { | ||
62 | * @see br.gov.frameworkdemoiselle.security.Authenticator#authenticate() | 64 | * @see br.gov.frameworkdemoiselle.security.Authenticator#authenticate() |
63 | */ | 65 | */ |
64 | @Override | 66 | @Override |
65 | - public boolean authenticate() { | 67 | + public void authenticate() throws AuthenticationException { |
66 | throw getException(); | 68 | throw getException(); |
67 | } | 69 | } |
68 | 70 |
impl/core/src/main/java/br/gov/frameworkdemoiselle/internal/implementation/SecurityContextImpl.java
@@ -36,8 +36,12 @@ | @@ -36,8 +36,12 @@ | ||
36 | */ | 36 | */ |
37 | package br.gov.frameworkdemoiselle.internal.implementation; | 37 | package br.gov.frameworkdemoiselle.internal.implementation; |
38 | 38 | ||
39 | +import java.io.Serializable; | ||
40 | +import java.security.Principal; | ||
41 | + | ||
39 | import javax.inject.Named; | 42 | import javax.inject.Named; |
40 | 43 | ||
44 | +import br.gov.frameworkdemoiselle.DemoiselleException; | ||
41 | import br.gov.frameworkdemoiselle.internal.bootstrap.AuthenticatorBootstrap; | 45 | import br.gov.frameworkdemoiselle.internal.bootstrap.AuthenticatorBootstrap; |
42 | import br.gov.frameworkdemoiselle.internal.bootstrap.AuthorizerBootstrap; | 46 | import br.gov.frameworkdemoiselle.internal.bootstrap.AuthorizerBootstrap; |
43 | import br.gov.frameworkdemoiselle.internal.configuration.SecurityConfig; | 47 | import br.gov.frameworkdemoiselle.internal.configuration.SecurityConfig; |
@@ -45,6 +49,7 @@ import br.gov.frameworkdemoiselle.internal.configuration.SecurityConfigImpl; | @@ -45,6 +49,7 @@ import br.gov.frameworkdemoiselle.internal.configuration.SecurityConfigImpl; | ||
45 | import br.gov.frameworkdemoiselle.internal.producer.ResourceBundleProducer; | 49 | import br.gov.frameworkdemoiselle.internal.producer.ResourceBundleProducer; |
46 | import br.gov.frameworkdemoiselle.security.AfterLoginSuccessful; | 50 | import br.gov.frameworkdemoiselle.security.AfterLoginSuccessful; |
47 | import br.gov.frameworkdemoiselle.security.AfterLogoutSuccessful; | 51 | import br.gov.frameworkdemoiselle.security.AfterLogoutSuccessful; |
52 | +import br.gov.frameworkdemoiselle.security.AuthenticationException; | ||
48 | import br.gov.frameworkdemoiselle.security.Authenticator; | 53 | import br.gov.frameworkdemoiselle.security.Authenticator; |
49 | import br.gov.frameworkdemoiselle.security.Authorizer; | 54 | import br.gov.frameworkdemoiselle.security.Authorizer; |
50 | import br.gov.frameworkdemoiselle.security.NotLoggedInException; | 55 | import br.gov.frameworkdemoiselle.security.NotLoggedInException; |
@@ -58,6 +63,7 @@ import br.gov.frameworkdemoiselle.util.ResourceBundle; | @@ -58,6 +63,7 @@ import br.gov.frameworkdemoiselle.util.ResourceBundle; | ||
58 | * | 63 | * |
59 | * @author SERPRO | 64 | * @author SERPRO |
60 | */ | 65 | */ |
66 | +@SuppressWarnings("deprecation") | ||
61 | @Named("securityContext") | 67 | @Named("securityContext") |
62 | public class SecurityContextImpl implements SecurityContext { | 68 | public class SecurityContextImpl implements SecurityContext { |
63 | 69 | ||
@@ -116,13 +122,14 @@ public class SecurityContextImpl implements SecurityContext { | @@ -116,13 +122,14 @@ public class SecurityContextImpl implements SecurityContext { | ||
116 | */ | 122 | */ |
117 | @Override | 123 | @Override |
118 | public boolean hasRole(String role) throws NotLoggedInException { | 124 | public boolean hasRole(String role) throws NotLoggedInException { |
125 | + boolean result = true; | ||
126 | + | ||
119 | if (getConfig().isEnabled()) { | 127 | if (getConfig().isEnabled()) { |
120 | checkLoggedIn(); | 128 | checkLoggedIn(); |
121 | - return getAuthorizer().hasRole(role); | ||
122 | - | ||
123 | - } else { | ||
124 | - return true; | 129 | + result = getAuthorizer().hasRole(role); |
125 | } | 130 | } |
131 | + | ||
132 | + return result; | ||
126 | } | 133 | } |
127 | 134 | ||
128 | /** | 135 | /** |
@@ -130,24 +137,34 @@ public class SecurityContextImpl implements SecurityContext { | @@ -130,24 +137,34 @@ public class SecurityContextImpl implements SecurityContext { | ||
130 | */ | 137 | */ |
131 | @Override | 138 | @Override |
132 | public boolean isLoggedIn() { | 139 | public boolean isLoggedIn() { |
140 | + boolean result = true; | ||
141 | + | ||
133 | if (getConfig().isEnabled()) { | 142 | if (getConfig().isEnabled()) { |
134 | - return getUser() != null; | ||
135 | - } else { | ||
136 | - return true; | 143 | + result = getCurrentUser() != null; |
137 | } | 144 | } |
145 | + | ||
146 | + return result; | ||
138 | } | 147 | } |
139 | 148 | ||
140 | /** | 149 | /** |
141 | * @see br.gov.frameworkdemoiselle.security.SecurityContext#login() | 150 | * @see br.gov.frameworkdemoiselle.security.SecurityContext#login() |
142 | */ | 151 | */ |
143 | @Override | 152 | @Override |
144 | - public void login() { | ||
145 | - if (getConfig().isEnabled() && getAuthenticator().authenticate()) { | ||
146 | - Beans.getBeanManager().fireEvent(new AfterLoginSuccessful() { | ||
147 | - | ||
148 | - private static final long serialVersionUID = 1L; | ||
149 | - | ||
150 | - }); | 153 | + public void login() throws AuthenticationException { |
154 | + if (getConfig().isEnabled()) { | ||
155 | + | ||
156 | + try { | ||
157 | + getAuthenticator().authenticate(); | ||
158 | + | ||
159 | + Beans.getBeanManager().fireEvent(new AfterLoginSuccessful() { | ||
160 | + | ||
161 | + private static final long serialVersionUID = 1L; | ||
162 | + | ||
163 | + }); | ||
164 | + | ||
165 | + } catch (AuthenticationException cause) { | ||
166 | + throw cause; | ||
167 | + } | ||
151 | } | 168 | } |
152 | } | 169 | } |
153 | 170 | ||
@@ -168,31 +185,20 @@ public class SecurityContextImpl implements SecurityContext { | @@ -168,31 +185,20 @@ public class SecurityContextImpl implements SecurityContext { | ||
168 | } | 185 | } |
169 | 186 | ||
170 | /** | 187 | /** |
188 | + * @deprecated Use {@link #getCurrentUser()} instead. | ||
171 | * @see br.gov.frameworkdemoiselle.security.SecurityContext#getUser() | 189 | * @see br.gov.frameworkdemoiselle.security.SecurityContext#getUser() |
172 | */ | 190 | */ |
173 | @Override | 191 | @Override |
174 | public User getUser() { | 192 | public User getUser() { |
175 | - User user = getAuthenticator().getUser(); | ||
176 | - | ||
177 | - if (!getConfig().isEnabled() && user == null) { | ||
178 | - user = new User() { | ||
179 | - | ||
180 | - private static final long serialVersionUID = 1L; | ||
181 | - | ||
182 | - @Override | ||
183 | - public void setAttribute(Object key, Object value) { | ||
184 | - } | 193 | + throw new DemoiselleException("Utilize o método getCurrentUser() ao invés do getUser()"); |
194 | + } | ||
185 | 195 | ||
186 | - @Override | ||
187 | - public String getId() { | ||
188 | - return "demoiselle"; | ||
189 | - } | 196 | + @Override |
197 | + public Principal getCurrentUser() { | ||
198 | + Principal user = getAuthenticator().getUser(); | ||
190 | 199 | ||
191 | - @Override | ||
192 | - public Object getAttribute(Object key) { | ||
193 | - return null; | ||
194 | - } | ||
195 | - }; | 200 | + if (!getConfig().isEnabled() && user == null) { |
201 | + user = new EmptyUser(); | ||
196 | } | 202 | } |
197 | 203 | ||
198 | return user; | 204 | return user; |
@@ -208,4 +214,14 @@ public class SecurityContextImpl implements SecurityContext { | @@ -208,4 +214,14 @@ public class SecurityContextImpl implements SecurityContext { | ||
208 | throw new NotLoggedInException(bundle.getString("user-not-authenticated")); | 214 | throw new NotLoggedInException(bundle.getString("user-not-authenticated")); |
209 | } | 215 | } |
210 | } | 216 | } |
217 | + | ||
218 | + private class EmptyUser implements Principal, Serializable { | ||
219 | + | ||
220 | + private static final long serialVersionUID = 1L; | ||
221 | + | ||
222 | + @Override | ||
223 | + public String getName() { | ||
224 | + return "demoiselle"; | ||
225 | + } | ||
226 | + } | ||
211 | } | 227 | } |
impl/core/src/main/java/br/gov/frameworkdemoiselle/internal/interceptor/RequiredPermissionInterceptor.java
@@ -37,6 +37,7 @@ | @@ -37,6 +37,7 @@ | ||
37 | package br.gov.frameworkdemoiselle.internal.interceptor; | 37 | package br.gov.frameworkdemoiselle.internal.interceptor; |
38 | 38 | ||
39 | import java.io.Serializable; | 39 | import java.io.Serializable; |
40 | +import java.security.Principal; | ||
40 | 41 | ||
41 | import javax.interceptor.AroundInvoke; | 42 | import javax.interceptor.AroundInvoke; |
42 | import javax.interceptor.Interceptor; | 43 | import javax.interceptor.Interceptor; |
@@ -50,7 +51,6 @@ import br.gov.frameworkdemoiselle.internal.producer.ResourceBundleProducer; | @@ -50,7 +51,6 @@ import br.gov.frameworkdemoiselle.internal.producer.ResourceBundleProducer; | ||
50 | import br.gov.frameworkdemoiselle.security.AuthorizationException; | 51 | import br.gov.frameworkdemoiselle.security.AuthorizationException; |
51 | import br.gov.frameworkdemoiselle.security.RequiredPermission; | 52 | import br.gov.frameworkdemoiselle.security.RequiredPermission; |
52 | import br.gov.frameworkdemoiselle.security.SecurityContext; | 53 | import br.gov.frameworkdemoiselle.security.SecurityContext; |
53 | -import br.gov.frameworkdemoiselle.security.User; | ||
54 | import br.gov.frameworkdemoiselle.util.Beans; | 54 | import br.gov.frameworkdemoiselle.util.Beans; |
55 | import br.gov.frameworkdemoiselle.util.ResourceBundle; | 55 | import br.gov.frameworkdemoiselle.util.ResourceBundle; |
56 | import br.gov.frameworkdemoiselle.util.Strings; | 56 | import br.gov.frameworkdemoiselle.util.Strings; |
@@ -112,10 +112,10 @@ public class RequiredPermissionInterceptor implements Serializable { | @@ -112,10 +112,10 @@ public class RequiredPermissionInterceptor implements Serializable { | ||
112 | */ | 112 | */ |
113 | private String getUsername() { | 113 | private String getUsername() { |
114 | String username = ""; | 114 | String username = ""; |
115 | - User user = getSecurityContext().getUser(); | 115 | + Principal user = getSecurityContext().getCurrentUser(); |
116 | 116 | ||
117 | - if (user != null && user.getId() != null) { | ||
118 | - username = user.getId(); | 117 | + if (user != null && user.getName() != null) { |
118 | + username = user.getName(); | ||
119 | } | 119 | } |
120 | 120 | ||
121 | return username; | 121 | return username; |
impl/core/src/main/java/br/gov/frameworkdemoiselle/internal/interceptor/RequiredRoleInterceptor.java
@@ -90,7 +90,7 @@ public class RequiredRoleInterceptor implements Serializable { | @@ -90,7 +90,7 @@ public class RequiredRoleInterceptor implements Serializable { | ||
90 | 90 | ||
91 | if (getSecurityContext().isLoggedIn()) { | 91 | if (getSecurityContext().isLoggedIn()) { |
92 | getLogger().info( | 92 | getLogger().info( |
93 | - getBundle().getString("has-role-verification", getSecurityContext().getUser().getId(), roles)); | 93 | + getBundle().getString("has-role-verification", getSecurityContext().getCurrentUser().getName(), roles)); |
94 | } | 94 | } |
95 | 95 | ||
96 | List<String> userRoles = new ArrayList<String>(); | 96 | List<String> userRoles = new ArrayList<String>(); |
@@ -103,14 +103,14 @@ public class RequiredRoleInterceptor implements Serializable { | @@ -103,14 +103,14 @@ public class RequiredRoleInterceptor implements Serializable { | ||
103 | 103 | ||
104 | if (userRoles.isEmpty()) { | 104 | if (userRoles.isEmpty()) { |
105 | getLogger().error( | 105 | getLogger().error( |
106 | - getBundle().getString("does-not-have-role", getSecurityContext().getUser().getId(), roles)); | 106 | + getBundle().getString("does-not-have-role", getSecurityContext().getCurrentUser().getName(), roles)); |
107 | 107 | ||
108 | @SuppressWarnings("unused") | 108 | @SuppressWarnings("unused") |
109 | AuthorizationException a = new AuthorizationException(null); | 109 | AuthorizationException a = new AuthorizationException(null); |
110 | throw new AuthorizationException(getBundle().getString("does-not-have-role-ui", roles)); | 110 | throw new AuthorizationException(getBundle().getString("does-not-have-role-ui", roles)); |
111 | } | 111 | } |
112 | 112 | ||
113 | - getLogger().debug(getBundle().getString("user-has-role", getSecurityContext().getUser().getId(), userRoles)); | 113 | + getLogger().debug(getBundle().getString("user-has-role", getSecurityContext().getCurrentUser().getName(), userRoles)); |
114 | 114 | ||
115 | return ic.proceed(); | 115 | return ic.proceed(); |
116 | } | 116 | } |
impl/core/src/main/java/br/gov/frameworkdemoiselle/security/AuthenticationException.java
0 → 100644
@@ -0,0 +1,79 @@ | @@ -0,0 +1,79 @@ | ||
1 | +/* | ||
2 | + * Demoiselle Framework | ||
3 | + * Copyright (C) 2010 SERPRO | ||
4 | + * ---------------------------------------------------------------------------- | ||
5 | + * This file is part of Demoiselle Framework. | ||
6 | + * | ||
7 | + * Demoiselle Framework is free software; you can redistribute it and/or | ||
8 | + * modify it under the terms of the GNU Lesser General Public License version 3 | ||
9 | + * as published by the Free Software Foundation. | ||
10 | + * | ||
11 | + * This program is distributed in the hope that it will be useful, | ||
12 | + * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
13 | + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
14 | + * GNU General Public License for more details. | ||
15 | + * | ||
16 | + * You should have received a copy of the GNU Lesser General Public License version 3 | ||
17 | + * along with this program; if not, see <http://www.gnu.org/licenses/> | ||
18 | + * or write to the Free Software Foundation, Inc., 51 Franklin Street, | ||
19 | + * Fifth Floor, Boston, MA 02110-1301, USA. | ||
20 | + * ---------------------------------------------------------------------------- | ||
21 | + * Este arquivo é parte do Framework Demoiselle. | ||
22 | + * | ||
23 | + * O Framework Demoiselle é um software livre; você pode redistribuí-lo e/ou | ||
24 | + * modificá-lo dentro dos termos da GNU LGPL versão 3 como publicada pela Fundação | ||
25 | + * do Software Livre (FSF). | ||
26 | + * | ||
27 | + * Este programa é distribuído na esperança que possa ser útil, mas SEM NENHUMA | ||
28 | + * GARANTIA; sem uma garantia implícita de ADEQUAÇÃO a qualquer MERCADO ou | ||
29 | + * APLICAÇÃO EM PARTICULAR. Veja a Licença Pública Geral GNU/LGPL em português | ||
30 | + * para maiores detalhes. | ||
31 | + * | ||
32 | + * Você deve ter recebido uma cópia da GNU LGPL versão 3, sob o título | ||
33 | + * "LICENCA.txt", junto com esse programa. Se não, acesse <http://www.gnu.org/licenses/> | ||
34 | + * ou escreva para a Fundação do Software Livre (FSF) Inc., | ||
35 | + * 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA. | ||
36 | + */ | ||
37 | +package br.gov.frameworkdemoiselle.security; | ||
38 | + | ||
39 | +/** | ||
40 | + * Thrown when the authorization process fails. | ||
41 | + * | ||
42 | + * @author SERPRO | ||
43 | + */ | ||
44 | +public class AuthenticationException extends SecurityException { | ||
45 | + | ||
46 | + private static final long serialVersionUID = 1L; | ||
47 | + | ||
48 | + /** | ||
49 | + * Constructor with message. | ||
50 | + * | ||
51 | + * @param message | ||
52 | + * exception message | ||
53 | + */ | ||
54 | + public AuthenticationException(String message) { | ||
55 | + super(message); | ||
56 | + } | ||
57 | + | ||
58 | + /** | ||
59 | + * Constructor with the cause. | ||
60 | + * | ||
61 | + * @param cause | ||
62 | + * exception cause | ||
63 | + */ | ||
64 | + public AuthenticationException(Throwable cause) { | ||
65 | + super(cause); | ||
66 | + } | ||
67 | + | ||
68 | + /** | ||
69 | + * Constructor with message and cause. | ||
70 | + * | ||
71 | + * @param message | ||
72 | + * exception message | ||
73 | + * @param cause | ||
74 | + * exception cause | ||
75 | + */ | ||
76 | + public AuthenticationException(String message, Throwable cause) { | ||
77 | + super(message, cause); | ||
78 | + } | ||
79 | +} |
impl/core/src/main/java/br/gov/frameworkdemoiselle/security/Authenticator.java
@@ -37,6 +37,7 @@ | @@ -37,6 +37,7 @@ | ||
37 | package br.gov.frameworkdemoiselle.security; | 37 | package br.gov.frameworkdemoiselle.security; |
38 | 38 | ||
39 | import java.io.Serializable; | 39 | import java.io.Serializable; |
40 | +import java.security.Principal; | ||
40 | 41 | ||
41 | /** | 42 | /** |
42 | * Defines the methods that should be implemented by anyone who wants an authentication mechanism. | 43 | * Defines the methods that should be implemented by anyone who wants an authentication mechanism. |
@@ -48,9 +49,9 @@ public interface Authenticator extends Serializable { | @@ -48,9 +49,9 @@ public interface Authenticator extends Serializable { | ||
48 | /** | 49 | /** |
49 | * Executes the necessary steps to authenticate an user. | 50 | * Executes the necessary steps to authenticate an user. |
50 | * | 51 | * |
51 | - * @return {@code true} if the user was authenticated properly | 52 | + * @throws AuthenticationException When the authentication process fails, this exception is thrown. |
52 | */ | 53 | */ |
53 | - boolean authenticate(); | 54 | + void authenticate() throws AuthenticationException; |
54 | 55 | ||
55 | /** | 56 | /** |
56 | * Executes the necessary steps to unauthenticate an user. | 57 | * Executes the necessary steps to unauthenticate an user. |
@@ -62,5 +63,5 @@ public interface Authenticator extends Serializable { | @@ -62,5 +63,5 @@ public interface Authenticator extends Serializable { | ||
62 | * | 63 | * |
63 | * @return the user currently authenticated | 64 | * @return the user currently authenticated |
64 | */ | 65 | */ |
65 | - User getUser(); | 66 | + Principal getUser(); |
66 | } | 67 | } |
impl/core/src/main/java/br/gov/frameworkdemoiselle/security/AuthorizationException.java
@@ -36,11 +36,8 @@ | @@ -36,11 +36,8 @@ | ||
36 | */ | 36 | */ |
37 | package br.gov.frameworkdemoiselle.security; | 37 | package br.gov.frameworkdemoiselle.security; |
38 | 38 | ||
39 | -import br.gov.frameworkdemoiselle.internal.producer.ResourceBundleProducer; | ||
40 | -import br.gov.frameworkdemoiselle.util.ResourceBundle; | ||
41 | - | ||
42 | /** | 39 | /** |
43 | - * Thrown when trying to access some resource and/or execute an operation without the proper authorization. | 40 | + * Thrown when a fail on trying to access some resource and/or execute an operation without the proper authorization. |
44 | * | 41 | * |
45 | * @author SERPRO | 42 | * @author SERPRO |
46 | */ | 43 | */ |
@@ -48,8 +45,6 @@ public class AuthorizationException extends SecurityException { | @@ -48,8 +45,6 @@ public class AuthorizationException extends SecurityException { | ||
48 | 45 | ||
49 | private static final long serialVersionUID = 1L; | 46 | private static final long serialVersionUID = 1L; |
50 | 47 | ||
51 | - private static ResourceBundle bundle; | ||
52 | - | ||
53 | /** | 48 | /** |
54 | * Constructor with message. | 49 | * Constructor with message. |
55 | * | 50 | * |
@@ -59,16 +54,4 @@ public class AuthorizationException extends SecurityException { | @@ -59,16 +54,4 @@ public class AuthorizationException extends SecurityException { | ||
59 | public AuthorizationException(String message) { | 54 | public AuthorizationException(String message) { |
60 | super(message); | 55 | super(message); |
61 | } | 56 | } |
62 | - | ||
63 | - public AuthorizationException(String resource, String operation) { | ||
64 | - super(getBundle().getString("access-denied-ui", resource, operation)); | ||
65 | - } | ||
66 | - | ||
67 | - private static ResourceBundle getBundle() { | ||
68 | - if (bundle == null) { | ||
69 | - bundle = ResourceBundleProducer.create("demoiselle-core-bundle"); | ||
70 | - } | ||
71 | - | ||
72 | - return bundle; | ||
73 | - } | ||
74 | } | 57 | } |
impl/core/src/main/java/br/gov/frameworkdemoiselle/security/SecurityContext.java
@@ -37,7 +37,7 @@ | @@ -37,7 +37,7 @@ | ||
37 | package br.gov.frameworkdemoiselle.security; | 37 | package br.gov.frameworkdemoiselle.security; |
38 | 38 | ||
39 | import java.io.Serializable; | 39 | import java.io.Serializable; |
40 | - | 40 | +import java.security.Principal; |
41 | 41 | ||
42 | /** | 42 | /** |
43 | * Structure used to handle both authentication and authorizations mechanisms. | 43 | * Structure used to handle both authentication and authorizations mechanisms. |
@@ -48,8 +48,11 @@ public interface SecurityContext extends Serializable { | @@ -48,8 +48,11 @@ public interface SecurityContext extends Serializable { | ||
48 | 48 | ||
49 | /** | 49 | /** |
50 | * Executes the login of a user to the application. | 50 | * Executes the login of a user to the application. |
51 | + * | ||
52 | + * @throws AuthorizationException | ||
53 | + * When the logon process fails, this exception is thrown. | ||
51 | */ | 54 | */ |
52 | - void login(); | 55 | + void login() throws AuthorizationException; |
53 | 56 | ||
54 | /** | 57 | /** |
55 | * Executes the logout of a user. | 58 | * Executes the logout of a user. |
@@ -65,7 +68,7 @@ public interface SecurityContext extends Serializable { | @@ -65,7 +68,7 @@ public interface SecurityContext extends Serializable { | ||
65 | * @return {@code true} if the user is logged in | 68 | * @return {@code true} if the user is logged in |
66 | */ | 69 | */ |
67 | boolean isLoggedIn(); | 70 | boolean isLoggedIn(); |
68 | - | 71 | + |
69 | void checkLoggedIn() throws NotLoggedInException; | 72 | void checkLoggedIn() throws NotLoggedInException; |
70 | 73 | ||
71 | /** | 74 | /** |
@@ -95,7 +98,15 @@ public interface SecurityContext extends Serializable { | @@ -95,7 +98,15 @@ public interface SecurityContext extends Serializable { | ||
95 | /** | 98 | /** |
96 | * Return the user logged in the session. | 99 | * Return the user logged in the session. |
97 | * | 100 | * |
101 | + * @deprecated See {@link #getCurrentUser()} | ||
98 | * @return the user logged in a specific session. If there is no active session returns {@code null} | 102 | * @return the user logged in a specific session. If there is no active session returns {@code null} |
99 | */ | 103 | */ |
100 | User getUser(); | 104 | User getUser(); |
105 | + | ||
106 | + /** | ||
107 | + * Return the user logged in the authenticated session. | ||
108 | + * | ||
109 | + * @return the user logged in a specific session. If there is no active authenticated session returns {@code null} | ||
110 | + */ | ||
111 | + Principal getCurrentUser(); | ||
101 | } | 112 | } |
impl/core/src/main/java/br/gov/frameworkdemoiselle/security/SecurityException.java
@@ -67,4 +67,16 @@ public class SecurityException extends DemoiselleException { | @@ -67,4 +67,16 @@ public class SecurityException extends DemoiselleException { | ||
67 | public SecurityException(Throwable cause) { | 67 | public SecurityException(Throwable cause) { |
68 | super(cause); | 68 | super(cause); |
69 | } | 69 | } |
70 | + | ||
71 | + /** | ||
72 | + * Constructor with message and cause. | ||
73 | + * | ||
74 | + * @param message | ||
75 | + * exception message | ||
76 | + * @param cause | ||
77 | + * exception cause | ||
78 | + */ | ||
79 | + public SecurityException(String message, Throwable cause) { | ||
80 | + super(message, cause); | ||
81 | + } | ||
70 | } | 82 | } |
impl/core/src/main/java/br/gov/frameworkdemoiselle/security/User.java
@@ -37,12 +37,13 @@ | @@ -37,12 +37,13 @@ | ||
37 | package br.gov.frameworkdemoiselle.security; | 37 | package br.gov.frameworkdemoiselle.security; |
38 | 38 | ||
39 | import java.io.Serializable; | 39 | import java.io.Serializable; |
40 | +import java.security.Principal; | ||
40 | 41 | ||
41 | /** | 42 | /** |
42 | * @author SERPRO | 43 | * @author SERPRO |
43 | - * | 44 | + * @deprecated |
44 | */ | 45 | */ |
45 | -public interface User extends Serializable { | 46 | +public interface User extends Principal, Serializable { |
46 | 47 | ||
47 | /** | 48 | /** |
48 | * Returns the id of the logged user. | 49 | * Returns the id of the logged user. |
impl/core/src/test/java/br/gov/frameworkdemoiselle/internal/implementation/SecurityContextImplTest.java
@@ -47,13 +47,12 @@ import static org.easymock.EasyMock.expect; | @@ -47,13 +47,12 @@ import static org.easymock.EasyMock.expect; | ||
47 | import static org.powermock.api.easymock.PowerMock.mockStatic; | 47 | import static org.powermock.api.easymock.PowerMock.mockStatic; |
48 | import static org.powermock.api.easymock.PowerMock.replay; | 48 | import static org.powermock.api.easymock.PowerMock.replay; |
49 | import static org.powermock.api.easymock.PowerMock.replayAll; | 49 | import static org.powermock.api.easymock.PowerMock.replayAll; |
50 | +import static org.powermock.reflect.Whitebox.setInternalState; | ||
50 | 51 | ||
51 | import java.util.ArrayList; | 52 | import java.util.ArrayList; |
52 | import java.util.List; | 53 | import java.util.List; |
53 | import java.util.Locale; | 54 | import java.util.Locale; |
54 | 55 | ||
55 | -import static org.powermock.reflect.Whitebox.setInternalState; | ||
56 | - | ||
57 | import javax.enterprise.inject.spi.BeanManager; | 56 | import javax.enterprise.inject.spi.BeanManager; |
58 | 57 | ||
59 | import org.easymock.EasyMock; | 58 | import org.easymock.EasyMock; |
@@ -64,13 +63,13 @@ import org.powermock.api.easymock.PowerMock; | @@ -64,13 +63,13 @@ import org.powermock.api.easymock.PowerMock; | ||
64 | import org.powermock.core.classloader.annotations.PrepareForTest; | 63 | import org.powermock.core.classloader.annotations.PrepareForTest; |
65 | import org.powermock.modules.junit4.PowerMockRunner; | 64 | import org.powermock.modules.junit4.PowerMockRunner; |
66 | 65 | ||
67 | -import br.gov.frameworkdemoiselle.security.Authenticator; | ||
68 | -import br.gov.frameworkdemoiselle.security.User; | ||
69 | -import br.gov.frameworkdemoiselle.security.Authorizer; | ||
70 | -import br.gov.frameworkdemoiselle.security.NotLoggedInException; | ||
71 | import br.gov.frameworkdemoiselle.internal.bootstrap.AuthenticatorBootstrap; | 66 | import br.gov.frameworkdemoiselle.internal.bootstrap.AuthenticatorBootstrap; |
72 | import br.gov.frameworkdemoiselle.internal.configuration.SecurityConfigImpl; | 67 | import br.gov.frameworkdemoiselle.internal.configuration.SecurityConfigImpl; |
73 | import br.gov.frameworkdemoiselle.internal.producer.ResourceBundleProducer; | 68 | import br.gov.frameworkdemoiselle.internal.producer.ResourceBundleProducer; |
69 | +import br.gov.frameworkdemoiselle.security.Authenticator; | ||
70 | +import br.gov.frameworkdemoiselle.security.Authorizer; | ||
71 | +import br.gov.frameworkdemoiselle.security.NotLoggedInException; | ||
72 | +import br.gov.frameworkdemoiselle.security.User; | ||
74 | import br.gov.frameworkdemoiselle.util.Beans; | 73 | import br.gov.frameworkdemoiselle.util.Beans; |
75 | import br.gov.frameworkdemoiselle.util.ResourceBundle; | 74 | import br.gov.frameworkdemoiselle.util.ResourceBundle; |
76 | 75 | ||
@@ -79,7 +78,9 @@ import br.gov.frameworkdemoiselle.util.ResourceBundle; | @@ -79,7 +78,9 @@ import br.gov.frameworkdemoiselle.util.ResourceBundle; | ||
79 | public class SecurityContextImplTest { | 78 | public class SecurityContextImplTest { |
80 | 79 | ||
81 | private SecurityContextImpl context; | 80 | private SecurityContextImpl context; |
81 | + | ||
82 | private SecurityConfigImpl config; | 82 | private SecurityConfigImpl config; |
83 | + | ||
83 | private ResourceBundle bundle; | 84 | private ResourceBundle bundle; |
84 | 85 | ||
85 | @Before | 86 | @Before |
@@ -94,7 +95,7 @@ public class SecurityContextImplTest { | @@ -94,7 +95,7 @@ public class SecurityContextImplTest { | ||
94 | @Test | 95 | @Test |
95 | public void testHasPermissionWithSecurityDisabled() { | 96 | public void testHasPermissionWithSecurityDisabled() { |
96 | expect(config.isEnabled()).andReturn(false); | 97 | expect(config.isEnabled()).andReturn(false); |
97 | - replayAll(Beans.class,config); | 98 | + replayAll(Beans.class, config); |
98 | 99 | ||
99 | try { | 100 | try { |
100 | assertTrue(context.hasPermission(null, null)); | 101 | assertTrue(context.hasPermission(null, null)); |
@@ -107,23 +108,23 @@ public class SecurityContextImplTest { | @@ -107,23 +108,23 @@ public class SecurityContextImplTest { | ||
107 | Class<? extends Authenticator> cache = AuthenticatorImpl.class; | 108 | Class<? extends Authenticator> cache = AuthenticatorImpl.class; |
108 | List<Class<? extends Authenticator>> cacheList = new ArrayList<Class<? extends Authenticator>>(); | 109 | List<Class<? extends Authenticator>> cacheList = new ArrayList<Class<? extends Authenticator>>(); |
109 | cacheList.add(cache); | 110 | cacheList.add(cache); |
110 | - | 111 | + |
111 | AuthenticatorBootstrap bootstrap = PowerMock.createMock(AuthenticatorBootstrap.class); | 112 | AuthenticatorBootstrap bootstrap = PowerMock.createMock(AuthenticatorBootstrap.class); |
112 | - | 113 | + |
113 | expect(Beans.getReference(AuthenticatorBootstrap.class)).andReturn(bootstrap).anyTimes(); | 114 | expect(Beans.getReference(AuthenticatorBootstrap.class)).andReturn(bootstrap).anyTimes(); |
114 | expect(config.getAuthenticatorClass()).andReturn(null).anyTimes(); | 115 | expect(config.getAuthenticatorClass()).andReturn(null).anyTimes(); |
115 | expect(bootstrap.getCache()).andReturn(cacheList); | 116 | expect(bootstrap.getCache()).andReturn(cacheList); |
116 | expect(Beans.getReference(AuthenticatorImpl.class)).andReturn(new AuthenticatorImpl()); | 117 | expect(Beans.getReference(AuthenticatorImpl.class)).andReturn(new AuthenticatorImpl()); |
117 | expect(Beans.getReference(Locale.class)).andReturn(Locale.getDefault()).anyTimes(); | 118 | expect(Beans.getReference(Locale.class)).andReturn(Locale.getDefault()).anyTimes(); |
118 | } | 119 | } |
119 | - | 120 | + |
120 | @Test | 121 | @Test |
121 | public void testHasPermissionWithSecurityEnabledAndNotLoggedIn() { | 122 | public void testHasPermissionWithSecurityEnabledAndNotLoggedIn() { |
122 | mockGetAuthenticator(); | 123 | mockGetAuthenticator(); |
123 | 124 | ||
124 | expect(config.isEnabled()).andReturn(true).anyTimes(); | 125 | expect(config.isEnabled()).andReturn(true).anyTimes(); |
125 | - replayAll(Beans.class,config); | ||
126 | - | 126 | + replayAll(Beans.class, config); |
127 | + | ||
127 | bundle = ResourceBundleProducer.create("demoiselle-core-bundle"); | 128 | bundle = ResourceBundleProducer.create("demoiselle-core-bundle"); |
128 | 129 | ||
129 | try { | 130 | try { |
@@ -154,10 +155,10 @@ public class SecurityContextImplTest { | @@ -154,10 +155,10 @@ public class SecurityContextImplTest { | ||
154 | fail(); | 155 | fail(); |
155 | } | 156 | } |
156 | } | 157 | } |
157 | - | 158 | + |
158 | private void loginSuccessfully() { | 159 | private void loginSuccessfully() { |
159 | Authenticator authenticator = createMock(Authenticator.class); | 160 | Authenticator authenticator = createMock(Authenticator.class); |
160 | - expect(authenticator.authenticate()).andReturn(true); | 161 | + // expect(authenticator.authenticate()).andReturn(true); |
161 | 162 | ||
162 | BeanManager manager = createMock(BeanManager.class); | 163 | BeanManager manager = createMock(BeanManager.class); |
163 | expect(Beans.getBeanManager()).andReturn(manager); | 164 | expect(Beans.getBeanManager()).andReturn(manager); |
@@ -165,20 +166,20 @@ public class SecurityContextImplTest { | @@ -165,20 +166,20 @@ public class SecurityContextImplTest { | ||
165 | PowerMock.expectLastCall(); | 166 | PowerMock.expectLastCall(); |
166 | 167 | ||
167 | User user = createMock(User.class); | 168 | User user = createMock(User.class); |
168 | - expect(authenticator.getUser()).andReturn(user).anyTimes(); | 169 | + expect(authenticator.getUser()).andReturn(user).anyTimes(); |
169 | 170 | ||
170 | - setInternalState(context, "authenticator", authenticator); | 171 | + setInternalState(context, "authenticator", authenticator); |
171 | 172 | ||
172 | - replayAll(authenticator, user, Beans.class, manager); | 173 | + replayAll(authenticator, user, Beans.class, manager); |
173 | 174 | ||
174 | - context.login(); | ||
175 | - assertTrue(context.isLoggedIn()); | 175 | + context.login(); |
176 | + assertTrue(context.isLoggedIn()); | ||
176 | } | 177 | } |
177 | 178 | ||
178 | @Test | 179 | @Test |
179 | public void testHasRoleWithSecurityDisabled() { | 180 | public void testHasRoleWithSecurityDisabled() { |
180 | expect(config.isEnabled()).andReturn(false); | 181 | expect(config.isEnabled()).andReturn(false); |
181 | - replayAll(Beans.class,config); | 182 | + replayAll(Beans.class, config); |
182 | 183 | ||
183 | try { | 184 | try { |
184 | assertTrue(context.hasRole(null)); | 185 | assertTrue(context.hasRole(null)); |
@@ -190,10 +191,10 @@ public class SecurityContextImplTest { | @@ -190,10 +191,10 @@ public class SecurityContextImplTest { | ||
190 | @Test | 191 | @Test |
191 | public void testHasRoleWithSecurityEnabledAndNotLoggedIn() { | 192 | public void testHasRoleWithSecurityEnabledAndNotLoggedIn() { |
192 | mockGetAuthenticator(); | 193 | mockGetAuthenticator(); |
193 | - | 194 | + |
194 | expect(config.isEnabled()).andReturn(true).anyTimes(); | 195 | expect(config.isEnabled()).andReturn(true).anyTimes(); |
195 | - replayAll(Beans.class,config); | ||
196 | - | 196 | + replayAll(Beans.class, config); |
197 | + | ||
197 | bundle = ResourceBundleProducer.create("demoiselle-core-bundle"); | 198 | bundle = ResourceBundleProducer.create("demoiselle-core-bundle"); |
198 | 199 | ||
199 | try { | 200 | try { |
@@ -241,7 +242,7 @@ public class SecurityContextImplTest { | @@ -241,7 +242,7 @@ public class SecurityContextImplTest { | ||
241 | @Test | 242 | @Test |
242 | public void testIsLoggedInWithSecurityDisabled() { | 243 | public void testIsLoggedInWithSecurityDisabled() { |
243 | expect(config.isEnabled()).andReturn(false); | 244 | expect(config.isEnabled()).andReturn(false); |
244 | - replayAll(config,Beans.class); | 245 | + replayAll(config, Beans.class); |
245 | 246 | ||
246 | assertTrue(context.isLoggedIn()); | 247 | assertTrue(context.isLoggedIn()); |
247 | } | 248 | } |
@@ -249,7 +250,7 @@ public class SecurityContextImplTest { | @@ -249,7 +250,7 @@ public class SecurityContextImplTest { | ||
249 | @Test | 250 | @Test |
250 | public void testLoginWithSecurityDisabled() { | 251 | public void testLoginWithSecurityDisabled() { |
251 | expect(config.isEnabled()).andReturn(false).times(2); | 252 | expect(config.isEnabled()).andReturn(false).times(2); |
252 | - replayAll(config,Beans.class); | 253 | + replayAll(config, Beans.class); |
253 | context.login(); | 254 | context.login(); |
254 | 255 | ||
255 | assertTrue(context.isLoggedIn()); | 256 | assertTrue(context.isLoggedIn()); |
@@ -258,9 +259,9 @@ public class SecurityContextImplTest { | @@ -258,9 +259,9 @@ public class SecurityContextImplTest { | ||
258 | @Test | 259 | @Test |
259 | public void testLoginWithAuthenticationFail() { | 260 | public void testLoginWithAuthenticationFail() { |
260 | Authenticator authenticator = createMock(Authenticator.class); | 261 | Authenticator authenticator = createMock(Authenticator.class); |
261 | - | 262 | + |
262 | expect(config.isEnabled()).andReturn(true).anyTimes(); | 263 | expect(config.isEnabled()).andReturn(true).anyTimes(); |
263 | - expect(authenticator.authenticate()).andReturn(false); | 264 | + // expect(authenticator.authenticate()).andReturn(false); |
264 | expect(authenticator.getUser()).andReturn(null).anyTimes(); | 265 | expect(authenticator.getUser()).andReturn(null).anyTimes(); |
265 | 266 | ||
266 | setInternalState(context, "authenticator", authenticator); | 267 | setInternalState(context, "authenticator", authenticator); |
@@ -275,7 +276,7 @@ public class SecurityContextImplTest { | @@ -275,7 +276,7 @@ public class SecurityContextImplTest { | ||
275 | public void testLogOutWithSecurityDisabled() { | 276 | public void testLogOutWithSecurityDisabled() { |
276 | expect(config.isEnabled()).andReturn(false).times(2); | 277 | expect(config.isEnabled()).andReturn(false).times(2); |
277 | 278 | ||
278 | - replayAll(config,Beans.class); | 279 | + replayAll(config, Beans.class); |
279 | 280 | ||
280 | try { | 281 | try { |
281 | context.logout(); | 282 | context.logout(); |
@@ -288,7 +289,7 @@ public class SecurityContextImplTest { | @@ -288,7 +289,7 @@ public class SecurityContextImplTest { | ||
288 | @Test | 289 | @Test |
289 | public void testLogOutWithoutPreviousLogin() { | 290 | public void testLogOutWithoutPreviousLogin() { |
290 | Authenticator authenticator = createMock(Authenticator.class); | 291 | Authenticator authenticator = createMock(Authenticator.class); |
291 | - | 292 | + |
292 | expect(authenticator.getUser()).andReturn(null).anyTimes(); | 293 | expect(authenticator.getUser()).andReturn(null).anyTimes(); |
293 | expect(Beans.getReference(Locale.class)).andReturn(Locale.getDefault()).anyTimes(); | 294 | expect(Beans.getReference(Locale.class)).andReturn(Locale.getDefault()).anyTimes(); |
294 | expect(config.isEnabled()).andReturn(true).anyTimes(); | 295 | expect(config.isEnabled()).andReturn(true).anyTimes(); |
@@ -296,7 +297,7 @@ public class SecurityContextImplTest { | @@ -296,7 +297,7 @@ public class SecurityContextImplTest { | ||
296 | setInternalState(context, "authenticator", authenticator); | 297 | setInternalState(context, "authenticator", authenticator); |
297 | 298 | ||
298 | replayAll(config, authenticator, Beans.class); | 299 | replayAll(config, authenticator, Beans.class); |
299 | - | 300 | + |
300 | bundle = ResourceBundleProducer.create("demoiselle-core-bundle"); | 301 | bundle = ResourceBundleProducer.create("demoiselle-core-bundle"); |
301 | 302 | ||
302 | try { | 303 | try { |
@@ -312,7 +313,7 @@ public class SecurityContextImplTest { | @@ -312,7 +313,7 @@ public class SecurityContextImplTest { | ||
312 | expect(config.isEnabled()).andReturn(true).anyTimes(); | 313 | expect(config.isEnabled()).andReturn(true).anyTimes(); |
313 | 314 | ||
314 | Authenticator authenticator = createMock(Authenticator.class); | 315 | Authenticator authenticator = createMock(Authenticator.class); |
315 | - expect(authenticator.authenticate()).andReturn(true); | 316 | + // expect(authenticator.authenticate()).andReturn(true); |
316 | authenticator.unAuthenticate(); | 317 | authenticator.unAuthenticate(); |
317 | PowerMock.expectLastCall(); | 318 | PowerMock.expectLastCall(); |
318 | 319 | ||
@@ -381,8 +382,7 @@ public class SecurityContextImplTest { | @@ -381,8 +382,7 @@ public class SecurityContextImplTest { | ||
381 | private static final long serialVersionUID = 1L; | 382 | private static final long serialVersionUID = 1L; |
382 | 383 | ||
383 | @Override | 384 | @Override |
384 | - public boolean authenticate() { | ||
385 | - return false; | 385 | + public void authenticate() { |
386 | } | 386 | } |
387 | 387 | ||
388 | @Override | 388 | @Override |
impl/extension/jaas/src/main/java/br/gov/frameworkdemoiselle/security/JAASAuthenticator.java
@@ -39,7 +39,7 @@ package br.gov.frameworkdemoiselle.security; | @@ -39,7 +39,7 @@ package br.gov.frameworkdemoiselle.security; | ||
39 | import static br.gov.frameworkdemoiselle.internal.implementation.StrategySelector.EXTENSIONS_L1_PRIORITY; | 39 | import static br.gov.frameworkdemoiselle.internal.implementation.StrategySelector.EXTENSIONS_L1_PRIORITY; |
40 | 40 | ||
41 | import java.io.IOException; | 41 | import java.io.IOException; |
42 | -import java.security.SecurityPermission; | 42 | +import java.security.Principal; |
43 | 43 | ||
44 | import javax.enterprise.context.SessionScoped; | 44 | import javax.enterprise.context.SessionScoped; |
45 | import javax.enterprise.inject.Produces; | 45 | import javax.enterprise.inject.Produces; |
@@ -72,7 +72,7 @@ public class JAASAuthenticator implements Authenticator { | @@ -72,7 +72,7 @@ public class JAASAuthenticator implements Authenticator { | ||
72 | 72 | ||
73 | private static Logger logger; | 73 | private static Logger logger; |
74 | 74 | ||
75 | - private User user; | 75 | + private Principal user; |
76 | 76 | ||
77 | private final Subject subject; | 77 | private final Subject subject; |
78 | 78 | ||
@@ -87,26 +87,20 @@ public class JAASAuthenticator implements Authenticator { | @@ -87,26 +87,20 @@ public class JAASAuthenticator implements Authenticator { | ||
87 | } | 87 | } |
88 | 88 | ||
89 | @Override | 89 | @Override |
90 | - public boolean authenticate() { | ||
91 | - boolean result = false; | ||
92 | - | 90 | + public void authenticate() throws AuthenticationException { |
93 | try { | 91 | try { |
94 | LoginContext loginContext = createLoginContext(); | 92 | LoginContext loginContext = createLoginContext(); |
95 | - | 93 | + |
96 | if (loginContext != null) { | 94 | if (loginContext != null) { |
97 | loginContext.login(); | 95 | loginContext.login(); |
98 | 96 | ||
99 | this.user = createUser(this.credentials.getUsername()); | 97 | this.user = createUser(this.credentials.getUsername()); |
100 | this.credentials.clear(); | 98 | this.credentials.clear(); |
101 | - | ||
102 | - result = true; | ||
103 | } | 99 | } |
104 | 100 | ||
105 | } catch (LoginException cause) { | 101 | } catch (LoginException cause) { |
106 | - getLogger().info(cause.getMessage()); | 102 | + throw new AuthenticationException(cause); |
107 | } | 103 | } |
108 | - | ||
109 | - return result; | ||
110 | } | 104 | } |
111 | 105 | ||
112 | @Override | 106 | @Override |
@@ -114,52 +108,46 @@ public class JAASAuthenticator implements Authenticator { | @@ -114,52 +108,46 @@ public class JAASAuthenticator implements Authenticator { | ||
114 | this.user = null; | 108 | this.user = null; |
115 | } | 109 | } |
116 | 110 | ||
117 | - private User createUser(final String username) { | ||
118 | - return new User() { | 111 | + private Principal createUser(final String username) { |
112 | + return new Principal() { | ||
119 | 113 | ||
120 | - private static final long serialVersionUID = 1L; | 114 | + // TODO Tornar esta classe serializável |
115 | + // private static final long serialVersionUID = 1L; | ||
121 | 116 | ||
122 | @Override | 117 | @Override |
123 | - public String getId() { | 118 | + public String getName() { |
124 | return username; | 119 | return username; |
125 | } | 120 | } |
126 | - | ||
127 | - @Override | ||
128 | - public Object getAttribute(Object key) { | ||
129 | - return null; | ||
130 | - } | ||
131 | - | ||
132 | - @Override | ||
133 | - public void setAttribute(Object key, Object value) { | ||
134 | - } | ||
135 | }; | 121 | }; |
136 | } | 122 | } |
137 | 123 | ||
138 | @Override | 124 | @Override |
139 | - public User getUser() { | 125 | + public Principal getUser() { |
140 | try { | 126 | try { |
141 | - | ||
142 | -// LoginContext | ||
143 | - | ||
144 | -// AbstractSecurityContext. | ||
145 | - | ||
146 | -// Object securityContext = System.getSecurityManager().getSecurityContext(); | ||
147 | - | ||
148 | -// System.out.println(securityContext.toString()); | ||
149 | - | 127 | + |
128 | + // LoginContext | ||
129 | + | ||
130 | + // AbstractSecurityContext. | ||
131 | + | ||
132 | + // Object securityContext = System.getSecurityManager().getSecurityContext(); | ||
133 | + | ||
134 | + // System.out.println(securityContext.toString()); | ||
135 | + | ||
150 | String name = config.getLoginModuleName(); | 136 | String name = config.getLoginModuleName(); |
151 | LoginContext loginContext = new LoginContext(name, this.subject); | 137 | LoginContext loginContext = new LoginContext(name, this.subject); |
152 | loginContext.login(); | 138 | loginContext.login(); |
153 | - | 139 | + |
154 | Subject subject2 = loginContext.getSubject(); | 140 | Subject subject2 = loginContext.getSubject(); |
155 | 141 | ||
156 | - System.out.println(subject2.toString()); | ||
157 | - | 142 | + //subject2.get |
143 | + | ||
144 | + //System.out.println(subject2.toString()); | ||
145 | + | ||
158 | } catch (LoginException e) { | 146 | } catch (LoginException e) { |
159 | // TODO Auto-generated catch block | 147 | // TODO Auto-generated catch block |
160 | e.printStackTrace(); | 148 | e.printStackTrace(); |
161 | } | 149 | } |
162 | - | 150 | + |
163 | return this.user; | 151 | return this.user; |
164 | } | 152 | } |
165 | 153 |
impl/extension/servlet/src/main/java/br/gov/frameworkdemoiselle/security/ServletAuthenticator.java
@@ -43,11 +43,7 @@ import java.security.Principal; | @@ -43,11 +43,7 @@ import java.security.Principal; | ||
43 | import javax.servlet.ServletException; | 43 | import javax.servlet.ServletException; |
44 | import javax.servlet.http.HttpServletRequest; | 44 | import javax.servlet.http.HttpServletRequest; |
45 | 45 | ||
46 | -import org.slf4j.Logger; | ||
47 | - | ||
48 | import br.gov.frameworkdemoiselle.annotation.Priority; | 46 | import br.gov.frameworkdemoiselle.annotation.Priority; |
49 | -import br.gov.frameworkdemoiselle.internal.interceptor.TransactionalInterceptor; | ||
50 | -import br.gov.frameworkdemoiselle.internal.producer.LoggerProducer; | ||
51 | import br.gov.frameworkdemoiselle.internal.producer.ResourceBundleProducer; | 47 | import br.gov.frameworkdemoiselle.internal.producer.ResourceBundleProducer; |
52 | import br.gov.frameworkdemoiselle.util.Beans; | 48 | import br.gov.frameworkdemoiselle.util.Beans; |
53 | import br.gov.frameworkdemoiselle.util.ResourceBundle; | 49 | import br.gov.frameworkdemoiselle.util.ResourceBundle; |
@@ -59,23 +55,14 @@ public class ServletAuthenticator implements Authenticator { | @@ -59,23 +55,14 @@ public class ServletAuthenticator implements Authenticator { | ||
59 | 55 | ||
60 | private static ResourceBundle bundle; | 56 | private static ResourceBundle bundle; |
61 | 57 | ||
62 | - private static Logger logger; | ||
63 | - | ||
64 | @Override | 58 | @Override |
65 | - public boolean authenticate() { | ||
66 | - boolean result; | ||
67 | - | 59 | + public void authenticate() throws AuthenticationException { |
68 | try { | 60 | try { |
69 | getRequest().login(getCredentials().getUsername(), getCredentials().getPassword()); | 61 | getRequest().login(getCredentials().getUsername(), getCredentials().getPassword()); |
70 | - result = true; | ||
71 | 62 | ||
72 | } catch (ServletException cause) { | 63 | } catch (ServletException cause) { |
73 | - getLogger().debug(getBundle().getString("authentication-failed") + cause.getLocalizedMessage()); | ||
74 | - | ||
75 | - result = false; | 64 | + throw new AuthenticationException(getBundle().getString("authentication-failed"), cause); |
76 | } | 65 | } |
77 | - | ||
78 | - return result; | ||
79 | } | 66 | } |
80 | 67 | ||
81 | @Override | 68 | @Override |
@@ -85,32 +72,8 @@ public class ServletAuthenticator implements Authenticator { | @@ -85,32 +72,8 @@ public class ServletAuthenticator implements Authenticator { | ||
85 | } | 72 | } |
86 | 73 | ||
87 | @Override | 74 | @Override |
88 | - public User getUser() { | ||
89 | - User user = null; | ||
90 | - final Principal userPincipal = getRequest().getUserPrincipal(); | ||
91 | - | ||
92 | - if (userPincipal != null) { | ||
93 | - user = new User() { | ||
94 | - | ||
95 | - private static final long serialVersionUID = 1L; | ||
96 | - | ||
97 | - @Override | ||
98 | - public String getId() { | ||
99 | - return userPincipal.getName(); | ||
100 | - } | ||
101 | - | ||
102 | - @Override | ||
103 | - public void setAttribute(Object key, Object value) { | ||
104 | - } | ||
105 | - | ||
106 | - @Override | ||
107 | - public Object getAttribute(Object key) { | ||
108 | - return null; | ||
109 | - } | ||
110 | - }; | ||
111 | - } | ||
112 | - | ||
113 | - return user; | 75 | + public Principal getUser() { |
76 | + return getRequest().getUserPrincipal(); | ||
114 | } | 77 | } |
115 | 78 | ||
116 | protected Credentials getCredentials() { | 79 | protected Credentials getCredentials() { |
@@ -128,12 +91,4 @@ public class ServletAuthenticator implements Authenticator { | @@ -128,12 +91,4 @@ public class ServletAuthenticator implements Authenticator { | ||
128 | 91 | ||
129 | return bundle; | 92 | return bundle; |
130 | } | 93 | } |
131 | - | ||
132 | - private static Logger getLogger() { | ||
133 | - if (logger == null) { | ||
134 | - logger = LoggerProducer.create(TransactionalInterceptor.class); | ||
135 | - } | ||
136 | - | ||
137 | - return logger; | ||
138 | - } | ||
139 | } | 94 | } |
impl/extension/servlet/src/main/resources/demoiselle-servlet-bundle.properties
@@ -34,4 +34,4 @@ | @@ -34,4 +34,4 @@ | ||
34 | # 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA. | 34 | # 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA. |
35 | 35 | ||
36 | has-permission-not-supported=N\u00E3o \u00E9 poss\u00EDvel utilizar @{0}, pois esta funcionalidade n\u00E3o \u00E9 suportada pelo JAAS. | 36 | has-permission-not-supported=N\u00E3o \u00E9 poss\u00EDvel utilizar @{0}, pois esta funcionalidade n\u00E3o \u00E9 suportada pelo JAAS. |
37 | -authentication-failed=Falha na autentica\u00E7\u00E3o \: | 37 | +authentication-failed=Falha no processo de autentica\u00E7\u00E3o. |
pom.xml
@@ -49,7 +49,7 @@ | @@ -49,7 +49,7 @@ | ||
49 | <relativePath>../internal/parent/build/demoiselle</relativePath> | 49 | <relativePath>../internal/parent/build/demoiselle</relativePath> |
50 | </parent> | 50 | </parent> |
51 | 51 | ||
52 | - <name>Demoiselle Framework Build Aggregator</name> | 52 | + <name>Demoiselle Framework</name> |
53 | <description> | 53 | <description> |
54 | A liberação de versões do framework deve ser feita a partir deste build, que fará automaticamente o build | 54 | A liberação de versões do framework deve ser feita a partir deste build, que fará automaticamente o build |
55 | de todos os artefatos com versionamento sincronizado. Jamais gere uma versão do framework sem utilizar este build. | 55 | de todos os artefatos com versionamento sincronizado. Jamais gere uma versão do framework sem utilizar este build. |