Merge pull request #1091 from wagnert/master

Refactor StandardSecurityManager to make configuration of security co…

CHANGELOG.md

@@ -1,3 +1,13 @@
+Version 1.1.5-beta9
+
+## Bugfixes
+
+* None
+
+## Features
+
+* Refactor StandardSecurityManager to make configuration of security constraints simpler
+
 Version 1.1.5-beta8
 
 ## Bugfixes

build.default.properties

@@ -8,7 +8,7 @@
 ;--------------------------------------------------------------------------------
 
 ; ---- Module Release Settings --------------------------------------------------
-release.version = 1.1.5-beta8
+release.version = 1.1.5-beta9
 release.name = Iron Knight
 
 ; ---- PHPCPD Settings ----------------------------------------------------------

src/AppserverIo/Appserver/ServletEngine/Security/Realm.php

@@ -32,7 +32,6 @@
 use AppserverIo\Psr\Security\Auth\Callback\CallbackHandlerInterface;
 use AppserverIo\Appserver\Naming\Utils\NamingDirectoryKeys;
 use AppserverIo\Appserver\ServletEngine\Security\Utils\Util;
-use AppserverIo\Appserver\Core\Api\Node\SecurityDomainNodeInterface;
 use AppserverIo\Appserver\ServletEngine\Security\Auth\Callback\SecurityAssociationHandler;
 use AppserverIo\Psr\Security\Auth\Login\SecurityDomainConfigurationInterface;
 

src/AppserverIo/Appserver/ServletEngine/Security/StandardAuthenticationManager.php

@@ -216,7 +216,7 @@ public function handleRequest(HttpServletRequestInterface $servletRequest, HttpS
                     // this resource has to be omitted
                     $authenticated = false;
 
-                } elseif (in_array($servletRequest->getMethod(), $mapping->getHttpMethods())) {
+                } elseif (in_array($servletRequest->getMethod(), $mapping->getHttpMethods()) || sizeof($mapping->getHttpMethods()) === 0) {
                     // load the authentication method and authenticate the request
                     $authenticator = $this->getAuthenticator($mapping);
 
@@ -244,19 +244,18 @@ public function handleRequest(HttpServletRequestInterface $servletRequest, HttpS
                             throw new SecurityException(sprintf('User doesn\'t have necessary privileges for resource %s', $servletRequest->getUri()), 403);
                         }
                     }
+                }
 
-                } else {
-                    // load the session
-                    if ($session = $servletRequest->getSession(true)) {
-                        //  start it, if not already done
-                        if ($session->isStarted() === false) {
-                            $session->start();
-                        }
+                // load the session
+                if ($session = $servletRequest->getSession(true)) {
+                    //  start it, if not already done
+                    if ($session->isStarted() === false) {
+                        $session->start();
+                    }
 
-                        // and query whether or not the session contains a user principal
-                        if ($session->hasKey(Constants::PRINCIPAL)) {
-                            $servletRequest->setUserPrincipal($session->getData(Constants::PRINCIPAL));
-                        }
+                    // and query whether or not the session contains a user principal
+                    if ($session->hasKey(Constants::PRINCIPAL)) {
+                        $servletRequest->setUserPrincipal($session->getData(Constants::PRINCIPAL));
                     }
                 }