Separated User, Role, Group so it is possible to easily distinguish them

- original code caused weird behavior on some places, avoided by hacks
- some hacks were not removed yet, but they are not conflicting with this change
- separated Principal and PrincipalDescriptor
- PrincipalImpl was deleted, replaced by UserNameAndPassword
- fixed devtests using Principal.toString instead of getName

Signed-off-by: David Matějček <david.matejcek@omnifish.ee>

appserver/connectors/connectors-internal-api/src/main/java/org/glassfish/connectors/config/PrincipalMap.java

@@ -1,4 +1,5 @@
 /*
+ * Copyright (c) 2022 Contributors to the Eclipse Foundation
  * Copyright (c) 1997, 2020 Oracle and/or its affiliates. All rights reserved.
  *
  * This program and the accompanying materials are made available under the
@@ -16,13 +17,14 @@
 
 package org.glassfish.connectors.config;
 
-import org.jvnet.hk2.config.Configured;
-import org.jvnet.hk2.config.ConfigBeanProxy;
-import org.jvnet.hk2.config.Attribute;
-
 import jakarta.validation.constraints.NotNull;
+
 import java.beans.PropertyVetoException;
 
+import org.jvnet.hk2.config.Attribute;
+import org.jvnet.hk2.config.ConfigBeanProxy;
+import org.jvnet.hk2.config.Configured;
+
 @Configured
 public interface PrincipalMap extends ConfigBeanProxy {
 
@@ -31,41 +33,37 @@ public interface PrincipalMap extends ConfigBeanProxy {
      * security domain that is being mapped to a Principal in the
      * application server's security domain.
      *
-     * @return possible object is
-     *         {@link String }
+     * @return possible object is {@link String }
      */
-    @Attribute(key=true)
+    @Attribute(key = true)
     @NotNull
-    public String getEisPrincipal();
+    String getEisPrincipal();
 
     /**
      * Sets the value of the EISPrincipal - a Principal in the EIS
      * security domain that is being mapped to a Principal in the
      * application server's security domain.
      *
-     * @param value allowed object is
-     *              {@link String }
+     * @param value allowed object is {@link String }
      */
-    public void setEisPrincipal(String value) throws PropertyVetoException;
+    void setEisPrincipal(String value) throws PropertyVetoException;
 
     /**
      * Gets the value of the Mapped Principal - A Principal that is
      * valid in the application server's security domain
      *
-     * @return possible object is
-     *         {@link String }
+     * @return possible object is {@link String }
      */
     @Attribute
     @NotNull
-    public String getMappedPrincipal();
+    String getMappedPrincipal();
 
     /**
      * Sets the value of the Mapped Principal - A Principal that is
      * valid in the application server's security domain
      *
-     * @param value allowed object is
-     *              {@link String }
+     * @param value allowed object is {@link String }
      */
-    public void setMappedPrincipal(String value) throws PropertyVetoException;
+    void setMappedPrincipal(String value) throws PropertyVetoException;
 
 }

appserver/connectors/connectors-runtime/src/main/java/com/sun/enterprise/connectors/ConnectionManagerImpl.java

@@ -1,6 +1,6 @@
 /*
- * Copyright (c) 1997, 2020 Oracle and/or its affiliates. All rights reserved.
  * Copyright (c) 2021, 2022 Contributors to the Eclipse Foundation
+ * Copyright (c) 1997, 2020 Oracle and/or its affiliates. All rights reserved.
  *
  * This program and the accompanying materials are made available under the
  * terms of the Eclipse Public License v. 2.0, which is available at
@@ -27,7 +27,7 @@
 import com.sun.enterprise.connectors.util.ConnectionPoolObjectsUtils;
 import com.sun.enterprise.connectors.util.ResourcesUtil;
 import com.sun.enterprise.deployment.ConnectorDescriptor;
-import com.sun.enterprise.deployment.ResourcePrincipal;
+import com.sun.enterprise.deployment.ResourcePrincipalDescriptor;
 import com.sun.enterprise.deployment.ResourceReferenceDescriptor;
 import com.sun.enterprise.resource.ClientSecurityInfo;
 import com.sun.enterprise.resource.ResourceSpec;
@@ -40,6 +40,7 @@
 import com.sun.enterprise.util.i18n.StringManager;
 import com.sun.logging.LogDomains;
 import org.glassfish.resourcebase.resources.api.PoolInfo;
+import org.glassfish.resourcebase.resources.api.ResourceConstants;
 import org.glassfish.resourcebase.resources.api.ResourceInfo;
 
 import jakarta.resource.ResourceException;
@@ -73,7 +74,7 @@ public class ConnectionManagerImpl implements ConnectionManager, Serializable {
 
     private transient BindableResource resourceConfiguration;
 
-    protected ResourcePrincipal defaultPrin = null;
+    protected ResourcePrincipalDescriptor defaultPrin;
 
     public ConnectionManagerImpl(PoolInfo poolInfo, ResourceInfo resourceInfo) {
         this.poolInfo = poolInfo;
@@ -84,6 +85,7 @@ public void setJndiName(String jndiName) {
         this.jndiName = jndiName;
     }
 
+    @Override
     public String getJndiName() {
         return jndiName;
     }
@@ -117,6 +119,7 @@ public void setPoolInfo(PoolInfo poolInfo) {
      * If one were to create a resource with a jndiName ending with __nontx
      * the same functionality might be achieved.
      */
+    @Override
     public Object allocateNonTxConnection(ManagedConnectionFactory mcf,
                                           ConnectionRequestInfo cxRequestInfo) throws ResourceException {
         String localJndiName = jndiName;
@@ -138,6 +141,7 @@ public Object allocateNonTxConnection(ManagedConnectionFactory mcf,
         return allocateConnection(mcf, cxRequestInfo, localJndiName);
     }
 
+    @Override
     public Object allocateConnection(ManagedConnectionFactory mcf, ConnectionRequestInfo cxRequestInfo)
             throws ResourceException {
         return this.allocateConnection(mcf, cxRequestInfo, jndiName);
@@ -160,18 +164,17 @@ public Object allocateConnection(ManagedConnectionFactory mcf,
         if (ref != null) {
             String shareableStr = ref.getSharingScope();
 
-            if (shareableStr.equals(ref.RESOURCE_UNSHAREABLE)) {
+            if (shareableStr.equals(ResourceReferenceDescriptor.RESOURCE_UNSHAREABLE)) {
                 resourceShareable = false;
             }
         }
 
         //TODO V3 refactor all the 3 cases viz, no res-ref, app-auth, cont-auth.
         if (ref == null) {
-            if(getLogger().isLoggable(Level.FINE)) {
+            if (getLogger().isLoggable(Level.FINE)) {
                 getLogger().log(Level.FINE, "poolmgr.no_resource_reference", jndiNameToUse);
             }
-            return internalGetConnection(mcf, defaultPrin, cxRequestInfo,
-                    resourceShareable, jndiNameToUse, conn, true);
+            return internalGetConnection(mcf, defaultPrin, cxRequestInfo, resourceShareable, jndiNameToUse, conn, true);
         }
         String auth = ref.getAuthorization();
 
@@ -182,47 +185,40 @@ public Object allocateConnection(ManagedConnectionFactory mcf,
                 throw new ResourceException(msg);
             }
             ConnectorRuntime.getRuntime().switchOnMatching(rarName, poolInfo);
-            return internalGetConnection(mcf, null, cxRequestInfo,
-                    resourceShareable, jndiNameToUse, conn, false);
-        } else {
-            ResourcePrincipal prin = null;
-            Set principalSet = null;
-            Principal callerPrincipal = null;
-            SecurityContext securityContext = null;
-            ConnectorRuntime connectorRuntime = ConnectorRuntime.getRuntime();
-            //TODO V3 is SecurityContext.getCurrent() the right way ? Does it need to be injected ?
-            if (connectorRuntime.isServer() &&
-                    (securityContext = SecurityContext.getCurrent()) != null &&
-                    (callerPrincipal = securityContext.getCallerPrincipal()) != null &&
-                    (principalSet = securityContext.getPrincipalSet()) != null) {
-                AuthenticationService authService =
-                        connectorRuntime.getAuthenticationService(rarName, poolInfo);
-                if (authService != null) {
-                    prin = (ResourcePrincipal) authService.mapPrincipal(
-                            callerPrincipal, principalSet);
-                }
+            return internalGetConnection(mcf, null, cxRequestInfo, resourceShareable, jndiNameToUse, conn, false);
+        }
+        ResourcePrincipalDescriptor prin = null;
+        Set<Principal> principalSet = null;
+        Principal callerPrincipal = null;
+        SecurityContext securityContext = null;
+        ConnectorRuntime connectorRuntime = ConnectorRuntime.getRuntime();
+        // TODO V3 is SecurityContext.getCurrent() the right way ? Does it need to be injected ?
+        if (connectorRuntime.isServer() && (securityContext = SecurityContext.getCurrent()) != null
+            && (callerPrincipal = securityContext.getCallerPrincipal()) != null
+            && (principalSet = securityContext.getPrincipalSet()) != null) {
+            AuthenticationService authService = connectorRuntime.getAuthenticationService(rarName, poolInfo);
+            if (authService != null) {
+                prin = authService.mapPrincipal(callerPrincipal, principalSet);
             }
+        }
 
+        if (prin == null) {
+            prin = ref.getResourcePrincipal();
             if (prin == null) {
-                prin = ref.getResourcePrincipal();
-                if (prin == null) {
-                    if (getLogger().isLoggable(Level.FINE)) {
-                        getLogger().log(Level.FINE, "default-resource-principal not"
-                                + " specified for " + jndiNameToUse + ". Defaulting to"
-                                + " user/password specified in the pool");
-                    }
-                    prin = defaultPrin;
-                } else if (!prin.equals(defaultPrin)) {
-                    ConnectorRuntime.getRuntime().switchOnMatching(rarName, poolInfo);
+                if (getLogger().isLoggable(Level.FINE)) {
+                    getLogger().log(Level.FINE, "default-resource-principal not specified for " + jndiNameToUse
+                        + ". Defaulting to user/password specified in the pool");
                 }
+                prin = defaultPrin;
+            } else if (!prin.equals(defaultPrin)) {
+                ConnectorRuntime.getRuntime().switchOnMatching(rarName, poolInfo);
             }
-            return internalGetConnection(mcf, prin, cxRequestInfo,
-                    resourceShareable, jndiNameToUse, conn, false);
         }
+        return internalGetConnection(mcf, prin, cxRequestInfo, resourceShareable, jndiNameToUse, conn, false);
     }
 
     protected Object internalGetConnection(ManagedConnectionFactory mcf,
-                                           final ResourcePrincipal prin, ConnectionRequestInfo cxRequestInfo,
+                                           final ResourcePrincipalDescriptor prin, ConnectionRequestInfo cxRequestInfo,
                                            boolean shareable, String jndiNameToUse, Object conn, boolean isUnknownAuth)
             throws ResourceException {
         try {
@@ -322,7 +318,7 @@ private Object getResource(int txLevel, PoolManager poolmgr, ManagedConnectionFa
                 alloc = new LocalTxConnectorAllocator(poolmgr, mcf, spec, subject, cxRequestInfo, info, desc, shareable);
                 break;
             case ConnectorConstants.XA_TRANSACTION_INT:
-                if (rarName.equals(ConnectorRuntime.DEFAULT_JMS_ADAPTER)) {
+                if (rarName.equals(ConnectorConstants.DEFAULT_JMS_ADAPTER)) {
                     shareable = false;
                 }
                 spec.markAsXA();
@@ -393,7 +389,7 @@ private void validateResourceAndPool() throws ResourceException {
             }
 
             if ((runtime.isServer() || runtime.isEmbedded()) &&
-                    (!resourceInfo.getName().contains(ConnectorConstants.DATASOURCE_DEFINITION_JNDINAME_PREFIX) &&
+                    (!resourceInfo.getName().contains(ResourceConstants.DATASOURCE_DEFINITION_JNDINAME_PREFIX) &&
                             (!isDefaultResource) && (!isSunRAResource))) {
                 // performance optimization so that resource configuration is not retrieved from
                 // resources config bean each time.

appserver/connectors/connectors-runtime/src/main/java/com/sun/enterprise/connectors/ConnectorConnectionPool.java

@@ -1,4 +1,5 @@
 /*
+ * Copyright (c) 2022 Contributors to the Eclipse Foundation
  * Copyright (c) 1997, 2018 Oracle and/or its affiliates. All rights reserved.
  *
  * This program and the accompanying materials are made available under the
@@ -19,12 +20,13 @@
 import com.sun.enterprise.connectors.authentication.ConnectorSecurityMap;
 import com.sun.enterprise.deployment.ConnectorConfigProperty;
 import com.sun.logging.LogDomains;
-import org.glassfish.resourcebase.resources.api.PoolInfo;
 
 import java.io.Serializable;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
+import org.glassfish.resourcebase.resources.api.PoolInfo;
+
 /**
  * This class abstracts a connection connection pool. It contains
  * two parts
@@ -34,7 +36,6 @@
  *
  * @author Srikanth Padakandla
  */
-
 public class ConnectorConnectionPool implements Serializable {
 
     protected ConnectorDescriptorInfo connectorDescriptorInfo_;
@@ -99,7 +100,7 @@ public class ConnectorConnectionPool implements Serializable {
     public static final String DEFAULT_LEAK_TIMEOUT = "0";
 
     private static Logger _logger = LogDomains.getLogger(ConnectorConnectionPool.class, LogDomains.RSR_LOGGER);
-    private String name;
+    private final String name;
     private String applicationName;
     private String moduleName;
 
@@ -221,10 +222,8 @@ protected ConnectorConnectionPool doClone(String name) {
         clone.setMaxConnectionUsage(getMaxConnectionUsage());
         clone.setValidateAtmostOncePeriod(getValidateAtmostOncePeriod());
 
-        clone.setConnectionLeakTracingTimeout(
-                getConnectionLeakTracingTimeout());
-        clone.setConCreationRetryInterval
-                (getConCreationRetryInterval());
+        clone.setConnectionLeakTracingTimeout(getConnectionLeakTracingTimeout());
+        clone.setConCreationRetryInterval(getConCreationRetryInterval());
         clone.setConCreationRetryAttempts(getConCreationRetryAttempts());
         clone.setPreferValidateOverRecreate(isPreferValidateOverRecreate());
         clone.setPooling(isPoolingOn());
@@ -706,6 +705,7 @@ public void setConnectionReclaim(boolean connectionReclaim) {
      *
      * @return String representation of pool
      */
+    @Override
     public String toString() {
         String returnVal = "";
         StringBuffer sb = new StringBuffer("ConnectorConnectionPool :: ");

appserver/connectors/connectors-runtime/src/main/java/com/sun/enterprise/connectors/PoolMetaData.java

@@ -17,7 +17,7 @@
 package com.sun.enterprise.connectors;
 
 import com.sun.enterprise.connectors.authentication.RuntimeSecurityMap;
-import com.sun.enterprise.deployment.ResourcePrincipal;
+import com.sun.enterprise.deployment.ResourcePrincipalDescriptor;
 import org.glassfish.resourcebase.resources.api.PoolInfo;
 
 import jakarta.resource.spi.ManagedConnectionFactory;
@@ -43,7 +43,7 @@ public class PoolMetaData {
     private ManagedConnectionFactory mcf = null;
     private PoolInfo poolInfo = null;
     private Subject subj = null;
-    private ResourcePrincipal prin_;
+    private ResourcePrincipalDescriptor prin_;
     private int txSupport_;
     private boolean isPM_ = false;
     private boolean isNonTx_ = false;
@@ -53,7 +53,7 @@ public class PoolMetaData {
     private boolean isAuthCredentialsDefinedInPool_ = true;
 
     public PoolMetaData(PoolInfo poolInfo, ManagedConnectionFactory mcf,
-                        Subject s, int txSupport, ResourcePrincipal prin,
+                        Subject s, int txSupport, ResourcePrincipalDescriptor prin,
                         boolean isPM, boolean isNonTx, boolean lazyEnlistable,
                         RuntimeSecurityMap runtimeSecurityMap, boolean lazyAssoc) {
         this.poolInfo = poolInfo;
@@ -80,7 +80,7 @@ public int getTransactionSupport() {
         return txSupport_;
     }
 
-    public ResourcePrincipal getResourcePrincipal() {
+    public ResourcePrincipalDescriptor getResourcePrincipal() {
         return prin_;
     }
 

appserver/connectors/connectors-runtime/src/main/java/com/sun/enterprise/connectors/authentication/AuthenticationService.java

@@ -1,4 +1,5 @@
 /*
+ * Copyright (c) 2022 Contributors to the Eclipse Foundation
  * Copyright (c) 1997, 2018 Oracle and/or its affiliates. All rights reserved.
  *
  * This program and the accompanying materials are made available under the
@@ -16,23 +17,28 @@
 
 package com.sun.enterprise.connectors.authentication;
 
+import com.sun.enterprise.deployment.ResourcePrincipalDescriptor;
+
 import java.security.Principal;
 import java.util.Set;
 
 
 /**
-  * Interface class consisting of methods for securityMap functionality.
-  * For a given principal/userGrooup, a mapping is done to a backendPrincipal
-  * which is actually used to authenticate/get connection to the backend.
-  * @author    Srikanth P
-  */
+ * Interface class consisting of methods for securityMap functionality.
+ * For a given principal/userGrooup, a mapping is done to a backendPrincipal
+ * which is actually used to authenticate/get connection to the backend.
+ *
+ * @author Srikanth P
+ */
 public interface AuthenticationService {
 
-    /** Maps the principal name to the backendPrincipal.
-     *  @param principal Name of the principal
-     *  @param principalSet principalSet
-     *  @return mapped backendPrincipal.
+    /**
+     * Maps the principal name to the backendPrincipal.
+     *
+     * @param principal Name of the principal
+     * @param principalSet principalSet
+     * @return mapped backendPrincipal.
      */
-    public Principal mapPrincipal(Principal principal, Set principalSet);
+    ResourcePrincipalDescriptor mapPrincipal(Principal principal, Set<Principal> principalSet);
 
 }