Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The secureResponse can return just SEND_* states (based on javadoc) #24855

Merged
merged 1 commit into from Mar 13, 2024
Merged

The secureResponse can return just SEND_* states (based on javadoc) #24855

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
23 changes: 12 additions & 11 deletions appserver/security/webintegration/src/main/java/com/sun/web/security/RealmAdapter.java
View file
Open in desktop
Expand Up @@ -42,13 +42,8 @@
import com.sun.enterprise.security.ee.web.integration.WebSecurityManager;
import com.sun.enterprise.security.ee.web.integration.WebSecurityManagerFactory;
import com.sun.enterprise.security.integration.RealmInitializer;
import org.glassfish.epicyro.config.helper.Caller;
import org.glassfish.epicyro.config.helper.CallerPrincipal;
import org.glassfish.epicyro.config.helper.HttpServletConstants;
import org.glassfish.epicyro.config.helper.PriviledgedAccessController;
import org.glassfish.epicyro.services.BaseAuthenticationService;
import org.glassfish.epicyro.services.DefaultAuthenticationService;
import com.sun.enterprise.util.net.NetUtils;

import jakarta.inject.Inject;
import jakarta.inject.Named;
import jakarta.inject.Provider;
Expand Down Expand Up @@ -105,6 +100,12 @@
import org.apache.catalina.realm.RealmBase;
import org.glassfish.api.admin.ServerEnvironment;
import org.glassfish.api.invocation.ComponentInvocation;
import org.glassfish.epicyro.config.helper.Caller;
import org.glassfish.epicyro.config.helper.CallerPrincipal;
import org.glassfish.epicyro.config.helper.HttpServletConstants;
import org.glassfish.epicyro.config.helper.PriviledgedAccessController;
import org.glassfish.epicyro.services.BaseAuthenticationService;
import org.glassfish.epicyro.services.DefaultAuthenticationService;
import org.glassfish.grizzly.config.dom.NetworkConfig;
import org.glassfish.grizzly.config.dom.NetworkListener;
import org.glassfish.grizzly.config.dom.NetworkListeners;
Expand All @@ -124,6 +125,10 @@
import static com.sun.enterprise.util.Utility.isAnyNull;
import static com.sun.enterprise.util.Utility.isEmpty;
import static com.sun.web.security.WebSecurityResourceBundle.BUNDLE_NAME;
import static com.sun.web.security.WebSecurityResourceBundle.MSG_FORBIDDEN;
import static com.sun.web.security.WebSecurityResourceBundle.MSG_INVALID_REQUEST;
import static com.sun.web.security.WebSecurityResourceBundle.MSG_MISSING_HOST_HEADER;
import static com.sun.web.security.WebSecurityResourceBundle.MSG_NO_WEB_SECURITY_MGR;
import static jakarta.servlet.http.HttpServletResponse.SC_BAD_REQUEST;
import static jakarta.servlet.http.HttpServletResponse.SC_FORBIDDEN;
import static jakarta.servlet.http.HttpServletResponse.SC_INTERNAL_SERVER_ERROR;
Expand All @@ -144,10 +149,6 @@
import static org.apache.catalina.Globals.WRAPPED_RESPONSE;
import static org.glassfish.epicyro.config.helper.HttpServletConstants.POLICY_CONTEXT;
import static org.glassfish.epicyro.config.helper.HttpServletConstants.REGISTER_SESSION;
import static com.sun.web.security.WebSecurityResourceBundle.MSG_FORBIDDEN;
import static com.sun.web.security.WebSecurityResourceBundle.MSG_INVALID_REQUEST;
import static com.sun.web.security.WebSecurityResourceBundle.MSG_MISSING_HOST_HEADER;
import static com.sun.web.security.WebSecurityResourceBundle.MSG_NO_WEB_SECURITY_MGR;

/**
* This is the realm adapter used to authenticate users and authorize access to web resources. The authenticate method
Expand Down Expand Up @@ -657,7 +658,7 @@ public boolean invokePostAuthenticateDelegate(HttpRequest request, HttpResponse
try {
context.fireContainerEvent(BEFORE_POST_AUTHENTICATION, null);
AuthStatus authStatus = serverAuthContext.secureResponse(messageInfo, null); // null serviceSubject
result = AuthStatus.SUCCESS.equals(authStatus);
result = AuthStatus.SEND_SUCCESS.equals(authStatus);
} finally {
context.fireContainerEvent(AFTER_POST_AUTHENTICATION, null);
}
Expand Down
2 changes: 1 addition & 1 deletion ...on/src/main/java/org/glassfish/main/test/app/security/jmac/https/HttpsTestAuthModule.java
View file
Open in desktop
Expand Up @@ -99,7 +99,7 @@ public AuthStatus validateRequest(final MessageInfo messageInfo, final Subject c

@Override
public AuthStatus secureResponse(final MessageInfo messageInfo, final Subject serviceSubject) throws AuthException {
return AuthStatus.SUCCESS;
return AuthStatus.SEND_SUCCESS;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That one doesn't need to be overriden, it's already the default:

default AuthStatus secureResponse(MessageInfo messageInfo, Subject serviceSubject) throws AuthException {
return AuthStatus.SEND_SUCCESS;
}

}


Expand Down