-
Notifications
You must be signed in to change notification settings - Fork 44
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #73 from arjantijms/main
JETUT-131 Add example for remember-me applied to custom authentication
- Loading branch information
Showing
10 changed files
with
404 additions
and
0 deletions.
There are no files selected for viewing
3 changes: 3 additions & 0 deletions
3
focused/security/restCustomAuthCustomStoreRememberMe/README.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| # A RESTful custom authentication mechanism with custom identity store and remember-me example | ||
|
|
||
| This example demonstrates how to use Jakarta Security to secure a REST endpoint with a custom (user provided) authentication mechanism a custom identity store and remember-me. |
37 changes: 37 additions & 0 deletions
37
focused/security/restCustomAuthCustomStoreRememberMe/pom.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,37 @@ | ||
| <?xml version="1.0" encoding="UTF-8"?> | ||
| <!-- | ||
| Permission to use, copy, modify, and/or distribute this software for any | ||
| purpose with or without fee is hereby granted. | ||
| THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR(S) DISCLAIMS ALL WARRANTIES | ||
| WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
| MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY | ||
| SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER | ||
| RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, | ||
| NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE | ||
| USE OR PERFORMANCE OF THIS SOFTWARE. | ||
| --> | ||
| <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> | ||
| <modelVersion>4.0.0</modelVersion> | ||
|
|
||
| <parent> | ||
| <groupId>jakarta.examples.focused.eesecurity</groupId> | ||
| <artifactId>project</artifactId> | ||
| <version>10-SNAPSHOT</version> | ||
| </parent> | ||
|
|
||
| <artifactId>restCustomAuthCustomStoreRememberMe</artifactId> | ||
| <packaging>war</packaging> | ||
|
|
||
| <name>A Jakarta Security RESTful custom authentication mechanism with custom identity store and remember-me example</name> | ||
|
|
||
| <dependencies> | ||
| <dependency> | ||
| <groupId>jakarta.platform</groupId> | ||
| <artifactId>jakarta.jakartaee-web-api</artifactId> | ||
| <scope>provided</scope> | ||
| </dependency> | ||
| </dependencies> | ||
| </project> |
23 changes: 23 additions & 0 deletions
23
...taee/examples/focused/security/restcustomauthcustomstorerememberme/ApplicationConfig.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,23 @@ | ||
| /* | ||
| * Permission to use, copy, modify, and/or distribute this software for any | ||
| * purpose with or without fee is hereby granted. | ||
| * | ||
| * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR(S) DISCLAIMS ALL WARRANTIES | ||
| * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
| * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY | ||
| * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER | ||
| * RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, | ||
| * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE | ||
| * USE OR PERFORMANCE OF THIS SOFTWARE. | ||
| */ | ||
| package jakartaee.examples.focused.security.restcustomauthcustomstorerememberme; | ||
|
|
||
| import jakarta.enterprise.context.ApplicationScoped; | ||
| import jakarta.ws.rs.ApplicationPath; | ||
| import jakarta.ws.rs.core.Application; | ||
|
|
||
| @ApplicationScoped | ||
| @ApplicationPath("/rest") | ||
| public class ApplicationConfig extends Application { | ||
|
|
||
| } |
63 changes: 63 additions & 0 deletions
63
...s/focused/security/restcustomauthcustomstorerememberme/CustomAuthenticationMechanism.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,63 @@ | ||
| /* | ||
| * Permission to use, copy, modify, and/or distribute this software for any | ||
| * purpose with or without fee is hereby granted. | ||
| * | ||
| * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR(S) DISCLAIMS ALL WARRANTIES | ||
| * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
| * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY | ||
| * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER | ||
| * RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, | ||
| * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE | ||
| * USE OR PERFORMANCE OF THIS SOFTWARE. | ||
| */ | ||
|
|
||
| package jakartaee.examples.focused.security.restcustomauthcustomstorerememberme; | ||
|
|
||
|
|
||
| import static jakarta.security.enterprise.identitystore.CredentialValidationResult.Status.VALID; | ||
|
|
||
| import jakarta.enterprise.context.ApplicationScoped; | ||
| import jakarta.inject.Inject; | ||
| import jakarta.security.enterprise.AuthenticationException; | ||
| import jakarta.security.enterprise.AuthenticationStatus; | ||
| import jakarta.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism; | ||
| import jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContext; | ||
| import jakarta.security.enterprise.authentication.mechanism.http.RememberMe; | ||
| import jakarta.security.enterprise.credential.UsernamePasswordCredential; | ||
| import jakarta.security.enterprise.identitystore.IdentityStoreHandler; | ||
| import jakarta.servlet.http.HttpServletRequest; | ||
| import jakarta.servlet.http.HttpServletResponse; | ||
|
|
||
| @RememberMe | ||
| @ApplicationScoped | ||
| public class CustomAuthenticationMechanism implements HttpAuthenticationMechanism { | ||
|
|
||
| @Inject | ||
| private IdentityStoreHandler identityStoreHandler; | ||
|
|
||
| @Override | ||
| public AuthenticationStatus validateRequest( | ||
| HttpServletRequest request, | ||
| HttpServletResponse response, | ||
| HttpMessageContext httpMessageContext) throws AuthenticationException { | ||
|
|
||
| var callerName = request.getHeader("callername"); | ||
| var password = request.getHeader("callerpassword"); | ||
|
|
||
| if (callerName == null || password == null) { | ||
| return httpMessageContext.doNothing(); | ||
| } | ||
|
|
||
| var result = identityStoreHandler.validate( | ||
| new UsernamePasswordCredential(callerName, password)); | ||
|
|
||
| if (result.getStatus() != VALID) { | ||
| return httpMessageContext.responseUnauthorized(); | ||
| } | ||
|
|
||
| return httpMessageContext.notifyContainerAboutLogin( | ||
| result.getCallerPrincipal(), | ||
| result.getCallerGroups()); | ||
| } | ||
|
|
||
| } |
44 changes: 44 additions & 0 deletions
44
...ee/examples/focused/security/restcustomauthcustomstorerememberme/CustomIdentityStore.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,44 @@ | ||
| /* | ||
| * Permission to use, copy, modify, and/or distribute this software for any | ||
| * purpose with or without fee is hereby granted. | ||
| * | ||
| * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR(S) DISCLAIMS ALL WARRANTIES | ||
| * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
| * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY | ||
| * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER | ||
| * RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, | ||
| * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE | ||
| * USE OR PERFORMANCE OF THIS SOFTWARE. | ||
| */ | ||
| package jakartaee.examples.focused.security.restcustomauthcustomstorerememberme; | ||
|
|
||
| import static jakarta.security.enterprise.identitystore.CredentialValidationResult.INVALID_RESULT; | ||
|
|
||
| import java.util.Set; | ||
|
|
||
| import jakarta.enterprise.context.ApplicationScoped; | ||
| import jakarta.security.enterprise.credential.UsernamePasswordCredential; | ||
| import jakarta.security.enterprise.identitystore.CredentialValidationResult; | ||
| import jakarta.security.enterprise.identitystore.IdentityStore; | ||
|
|
||
| /** | ||
| * A custom identity store that will be picked up automatically by Jakarta Security. | ||
| * | ||
| * <p> | ||
| * Jakarta Security picks up any enabled CDI bean that implements <code>IdentityStore</code>. | ||
| * | ||
| * @author Arjan Tijms | ||
| * | ||
| */ | ||
| @ApplicationScoped | ||
| public class CustomIdentityStore implements IdentityStore { | ||
|
|
||
| public CredentialValidationResult validate(UsernamePasswordCredential usernamePasswordCredential) { | ||
| if (usernamePasswordCredential.compareTo("john", "secret1")) { | ||
| return new CredentialValidationResult("john", Set.of("user", "caller")); | ||
| } | ||
|
|
||
| return INVALID_RESULT; | ||
| } | ||
|
|
||
| } |
67 changes: 67 additions & 0 deletions
67
...s/focused/security/restcustomauthcustomstorerememberme/CustomRememberMeIdentityStore.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,67 @@ | ||
| /* | ||
| * Permission to use, copy, modify, and/or distribute this software for any | ||
| * purpose with or without fee is hereby granted. | ||
| * | ||
| * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR(S) DISCLAIMS ALL WARRANTIES | ||
| * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
| * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY | ||
| * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER | ||
| * RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, | ||
| * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE | ||
| * USE OR PERFORMANCE OF THIS SOFTWARE. | ||
| */ | ||
|
|
||
| package jakartaee.examples.focused.security.restcustomauthcustomstorerememberme; | ||
|
|
||
|
|
||
| import java.util.Map; | ||
| import java.util.Set; | ||
| import java.util.UUID; | ||
| import java.util.concurrent.ConcurrentHashMap; | ||
|
|
||
| import jakarta.enterprise.context.ApplicationScoped; | ||
| import jakarta.security.enterprise.CallerPrincipal; | ||
| import jakarta.security.enterprise.credential.RememberMeCredential; | ||
| import jakarta.security.enterprise.identitystore.CredentialValidationResult; | ||
| import jakarta.security.enterprise.identitystore.RememberMeIdentityStore; | ||
|
|
||
| import static jakarta.security.enterprise.identitystore.CredentialValidationResult.INVALID_RESULT; | ||
|
|
||
| /** | ||
| * A custom remember-me identity store that will be picked up automatically by Jakarta Security. | ||
| * | ||
| * <p> | ||
| * Jakarta Security picks up any enabled CDI bean that implements <code>RememberMeIdentityStore</code>. | ||
| * | ||
| * @author Arjan Tijms | ||
| * | ||
| */ | ||
| @ApplicationScoped | ||
| public class CustomRememberMeIdentityStore implements RememberMeIdentityStore { | ||
|
|
||
| private final Map<String, CredentialValidationResult> tokenToIdentityMap = new ConcurrentHashMap<>(); | ||
|
|
||
| @Override | ||
| public CredentialValidationResult validate(RememberMeCredential credential) { | ||
| if (tokenToIdentityMap.containsKey(credential.getToken())) { | ||
| return tokenToIdentityMap.get(credential.getToken()); | ||
| } | ||
|
|
||
| return INVALID_RESULT; | ||
| } | ||
|
|
||
| @Override | ||
| public String generateLoginToken(CallerPrincipal callerPrincipal, Set<String> groups) { | ||
| var token = UUID.randomUUID().toString(); | ||
|
|
||
| tokenToIdentityMap.put(token, new CredentialValidationResult(callerPrincipal, groups)); | ||
|
|
||
| return token; | ||
| } | ||
|
|
||
| @Override | ||
| public void removeLoginToken(String token) { | ||
| tokenToIdentityMap.remove(token); | ||
| } | ||
|
|
||
| } |
39 changes: 39 additions & 0 deletions
39
...ava/jakartaee/examples/focused/security/restcustomauthcustomstorerememberme/Resource.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
| /* | ||
| * Permission to use, copy, modify, and/or distribute this software for any | ||
| * purpose with or without fee is hereby granted. | ||
| * | ||
| * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR(S) DISCLAIMS ALL WARRANTIES | ||
| * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
| * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY | ||
| * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER | ||
| * RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, | ||
| * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE | ||
| * USE OR PERFORMANCE OF THIS SOFTWARE. | ||
| */ | ||
| package jakartaee.examples.focused.security.restcustomauthcustomstorerememberme; | ||
|
|
||
| import static jakarta.ws.rs.core.MediaType.TEXT_PLAIN; | ||
|
|
||
| import jakarta.enterprise.context.RequestScoped; | ||
| import jakarta.inject.Inject; | ||
| import jakarta.security.enterprise.SecurityContext; | ||
| import jakarta.ws.rs.GET; | ||
| import jakarta.ws.rs.Path; | ||
| import jakarta.ws.rs.Produces; | ||
|
|
||
| @Path("/resource") | ||
| @RequestScoped | ||
| public class Resource { | ||
|
|
||
| @Inject | ||
| private SecurityContext securityContext; | ||
|
|
||
| @GET | ||
| @Produces(TEXT_PLAIN) | ||
| public String getCallerAndRole() { | ||
| return | ||
| securityContext.getCallerPrincipal().getName() + " : " + | ||
| securityContext.isCallerInRole("user"); | ||
| } | ||
|
|
||
| } |
21 changes: 21 additions & 0 deletions
21
focused/security/restCustomAuthCustomStoreRememberMe/src/main/webapp/WEB-INF/beans.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,21 @@ | ||
| <?xml version="1.0" encoding="UTF-8"?> | ||
| <!-- | ||
| Permission to use, copy, modify, and/or distribute this software for any | ||
| purpose with or without fee is hereby granted. | ||
| THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR(S) DISCLAIMS ALL WARRANTIES | ||
| WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
| MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY | ||
| SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER | ||
| RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, | ||
| NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE | ||
| USE OR PERFORMANCE OF THIS SOFTWARE. | ||
| --> | ||
| <beans xmlns="https://jakarta.ee/xml/ns/jakartaee" | ||
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||
| xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee https://jakarta.ee/xml/ns/jakartaee/beans_4_0.xsd" | ||
| bean-discovery-mode="all" | ||
| version="4.0"> | ||
| </beans> |
34 changes: 34 additions & 0 deletions
34
focused/security/restCustomAuthCustomStoreRememberMe/src/main/webapp/WEB-INF/web.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,34 @@ | ||
| <?xml version="1.0" encoding="UTF-8"?> | ||
| <!-- | ||
| Permission to use, copy, modify, and/or distribute this software for any | ||
| purpose with or without fee is hereby granted. | ||
| THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR(S) DISCLAIMS ALL WARRANTIES | ||
| WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
| MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY | ||
| SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER | ||
| RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, | ||
| NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE | ||
| USE OR PERFORMANCE OF THIS SOFTWARE. | ||
| --> | ||
| <web-app xmlns="https://jakarta.ee/xml/ns/jakartaee" | ||
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||
| xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee https://jakarta.ee/xml/ns/jakartaee/web-app_6_0.xsd" | ||
| version="6.0"> | ||
|
|
||
| <security-constraint> | ||
| <web-resource-collection> | ||
| <web-resource-name>protected</web-resource-name> | ||
| <url-pattern>/rest/*</url-pattern> | ||
| </web-resource-collection> | ||
| <auth-constraint> | ||
| <role-name>user</role-name> | ||
| </auth-constraint> | ||
| </security-constraint> | ||
| <security-role> | ||
| <role-name>user</role-name> | ||
| </security-role> | ||
|
|
||
| </web-app> |
Oops, something went wrong.