Upgrade to Undertow 1.0.0.Beta8

clustering/web/undertow/src/main/java/org/wildfly/clustering/web/undertow/session/SessionManagerAdapter.java

@@ -170,11 +170,6 @@ public void setDefaultSessionTimeout(int timeout) {
         this.manager.setDefaultMaxInactiveInterval(timeout, TimeUnit.SECONDS);
     }
 
-    @Override
-    public int activeSessions() {
-        return this.manager.getActiveSessions().size();
-    }
-
     @Override
     public Set<String> getTransientSessions() {
         // We are a distributed session manager, so none of our sessions are transient

clustering/web/undertow/src/test/java/org/wildfly/clustering/web/undertow/session/SessionManagerFacadeTestCase.java

@@ -250,7 +250,7 @@ public void getSessionNotExists() {
     public void activeSessions() {
         when(this.manager.getActiveSessions()).thenReturn(Collections.singleton("expected"));
 
-        int result = this.adapter.activeSessions();
+        int result = this.adapter.getActiveSessions().size();
 
         assertEquals(1, result);
     }

pom.xml

@@ -101,7 +101,7 @@
         <version.dom4j>1.6.1</version.dom4j>
         <version.gnu.getopt>1.0.13</version.gnu.getopt>
         <version.io.netty>3.6.6.Final</version.io.netty>
-        <version.io.undertow>1.0.0.Beta7</version.io.undertow>
+        <version.io.undertow>1.0.0.Beta8</version.io.undertow>
         <version.io.undertow.jastow>1.0.0.Beta1</version.io.undertow.jastow>
         <version.javax.activation>1.1.1</version.javax.activation>
         <version.javax.enterprise>1.1</version.javax.enterprise>

undertow/src/main/java/org/wildfly/extension/undertow/deployment/UndertowDeploymentInfoService.java

@@ -324,7 +324,7 @@ public synchronized DeploymentInfo getValue() throws IllegalStateException, Ille
     private void handleIdentityManager(final DeploymentInfo deploymentInfo) {
 
         SecurityDomainContext sdc = securityDomainContextValue.getValue();
-        deploymentInfo.setIdentityManager(new JAASIdentityManagerImpl(sdc, mergedMetaData.getPrincipalVersusRolesMap()));
+        deploymentInfo.setIdentityManager(new JAASIdentityManagerImpl(sdc));
         AuditManager auditManager = sdc.getAuditManager();
         if (auditManager != null && !mergedMetaData.isDisableAudit()) {
             deploymentInfo.addNotificationReceiver(new AuditNotificationReceiver(auditManager));
@@ -680,7 +680,14 @@ private DeploymentInfo createServletConfig() throws StartException {
 
 
             d.addOuterHandlerChainWrapper(SecurityContextCreationHandler.wrapper(securityDomain));
-            d.addInnerHandlerChainWrapper(SecurityContextAssociationHandler.wrapper(mergedMetaData.getPrincipalVersusRolesMap(), mergedMetaData.getRunAsIdentity(), securityContextId));
+            d.addInnerHandlerChainWrapper(SecurityContextAssociationHandler.wrapper(securityDomainContextValue.getValue(), mergedMetaData.getPrincipalVersusRolesMap(), mergedMetaData.getRunAsIdentity(), securityContextId));
+
+            Map<String, Set<String>> principalVersusRolesMap = mergedMetaData.getPrincipalVersusRolesMap();
+            if (principalVersusRolesMap != null) {
+                for (Map.Entry<String, Set<String>> entry : principalVersusRolesMap.entrySet()) {
+                    d.addPrincipalVsRoleMappings(entry.getKey(), entry.getValue());
+                }
+            }
 
             // Setup an deployer configured ServletContext attributes
             for (ServletContextAttribute attribute : attributes) {

undertow/src/main/java/org/wildfly/extension/undertow/security/JAASIdentityManagerImpl.java

@@ -22,17 +22,6 @@
 
 package org.wildfly.extension.undertow.security;
 
-import java.security.Principal;
-import java.security.acl.Group;
-import java.security.cert.X509Certificate;
-import java.util.Arrays;
-import java.util.Enumeration;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
-
-import javax.security.auth.Subject;
-
 import io.undertow.security.idm.Account;
 import io.undertow.security.idm.Credential;
 import io.undertow.security.idm.DigestCredential;
@@ -44,27 +33,30 @@
 import org.jboss.security.AuthorizationManager;
 import org.jboss.security.SecurityConstants;
 import org.jboss.security.SecurityContext;
-import org.jboss.security.SecurityRolesAssociation;
 import org.jboss.security.callbacks.SecurityContextCallbackHandler;
 import org.jboss.security.identity.Role;
 import org.jboss.security.identity.RoleGroup;
-import org.jboss.security.mapping.MappingContext;
-import org.jboss.security.mapping.MappingManager;
-import org.jboss.security.mapping.MappingType;
 import org.wildfly.extension.undertow.UndertowLogger;
 
+import javax.security.auth.Subject;
+import java.security.Principal;
+import java.security.acl.Group;
+import java.security.cert.X509Certificate;
+import java.util.Arrays;
+import java.util.Enumeration;
+import java.util.HashSet;
+import java.util.Set;
+
 /**
  * @author Stuart Douglas
  * @author <a href="mailto:darran.lofthouse@jboss.com">Darran Lofthouse</a>
  */
 public class JAASIdentityManagerImpl implements IdentityManager {
 
     private final SecurityDomainContext securityDomainContext;
-    private final Map<String, Set<String>> principalVersusRolesMap;
 
-    public JAASIdentityManagerImpl(final SecurityDomainContext securityDomainContext, final Map<String, Set<String>> principalVersusRolesMap) {
+    public JAASIdentityManagerImpl(final SecurityDomainContext securityDomainContext) {
         this.securityDomainContext = securityDomainContext;
-        this.principalVersusRolesMap = principalVersusRolesMap;
     }
 
     @Override
@@ -108,7 +100,6 @@ private Account getAccount(final String id) {
 
     private Account verifyCredential(final Account account, final Object credential) {
         final AuthenticationManager authenticationManager = securityDomainContext.getAuthenticationManager();
-        final MappingManager mappingManager = securityDomainContext.getMappingManager();
         final AuthorizationManager authorizationManager = securityDomainContext.getAuthorizationManager();
         final SecurityContext sc = SecurityActions.getSecurityContext();
         Principal incomingPrincipal = account.getPrincipal();
@@ -122,26 +113,12 @@ private Account verifyCredential(final Account account, final Object credential)
                 Principal userPrincipal = getPrincipal(subject);
                 sc.getUtil().createSubjectInfo(incomingPrincipal, credential, subject);
                 SecurityContextCallbackHandler scb = new SecurityContextCallbackHandler(sc);
-                if (mappingManager != null) {
-                    // if there are mapping modules let them handle the role mapping
-                    MappingContext<RoleGroup> mc = mappingManager.getMappingContext(MappingType.ROLE.name());
-                    if (mc != null && mc.hasModules()) {
-                        SecurityRolesAssociation.setSecurityRoles(principalVersusRolesMap);
-                    }
-                }
                 RoleGroup roles = authorizationManager.getSubjectRoles(subject, scb);
                 Set<String> roleSet = new HashSet<>();
                 for (Role role : roles.getRoles()) {
                     roleSet.add(role.getRoleName());
 
                 }
-                //TODO: is this correct? How should we actually be mapping these
-                if(principalVersusRolesMap != null) {
-                    Set<String> extra = principalVersusRolesMap.get(incomingPrincipal.getName());
-                    if (extra != null) {
-                        roleSet.addAll(extra);
-                    }
-                }
                 return new AccountImpl(userPrincipal, roleSet, credential);
             }
         } catch (Exception e) {

undertow/src/main/java/org/wildfly/extension/undertow/security/SecurityContextAssociationHandler.java

@@ -35,20 +35,27 @@
 
 import javax.security.jacc.PolicyContext;
 
+import org.jboss.as.security.plugins.SecurityDomainContext;
 import org.jboss.metadata.javaee.jboss.RunAsIdentityMetaData;
+import org.jboss.security.identity.RoleGroup;
+import org.jboss.security.mapping.MappingContext;
+import org.jboss.security.mapping.MappingManager;
+import org.jboss.security.mapping.MappingType;
 import org.wildfly.extension.undertow.UndertowLogger;
 import org.jboss.security.RunAsIdentity;
 import org.jboss.security.SecurityContext;
 import org.jboss.security.SecurityRolesAssociation;
 
 public class SecurityContextAssociationHandler implements HttpHandler {
 
+    private final SecurityDomainContext securityDomainContext;
     private final Map<String, Set<String>> principleVsRoleMap;
     private final Map<String, RunAsIdentityMetaData> runAsIdentityMetaDataMap;
     private final String contextId;
     private final HttpHandler next;
 
-    public SecurityContextAssociationHandler(final Map<String, Set<String>> principleVsRoleMap, final Map<String, RunAsIdentityMetaData> runAsIdentityMetaDataMap, final String contextId, final HttpHandler next) {
+    public SecurityContextAssociationHandler(SecurityDomainContext securityDomainContext, final Map<String, Set<String>> principleVsRoleMap, final Map<String, RunAsIdentityMetaData> runAsIdentityMetaDataMap, final String contextId, final HttpHandler next) {
+        this.securityDomainContext = securityDomainContext;
         this.principleVsRoleMap = principleVsRoleMap;
         this.runAsIdentityMetaDataMap = runAsIdentityMetaDataMap;
         this.contextId = contextId;
@@ -58,10 +65,19 @@ public SecurityContextAssociationHandler(final Map<String, Set<String>> principl
     @Override
     public void handleRequest(final HttpServerExchange exchange) throws Exception {
         SecurityContext sc = exchange.getAttachment(UndertowSecurityAttachments.SECURITY_CONTEXT_ATTACHMENT);
+        final MappingManager mappingManager = securityDomainContext.getMappingManager();
         String previousContextID = null;
         RunAsIdentityMetaData identity = null;
         try {
             SecurityActions.setSecurityContextOnAssociation(sc);
+
+            if (mappingManager != null) {
+                // if there are mapping modules let them handle the role mapping
+                MappingContext<RoleGroup> mc = mappingManager.getMappingContext(MappingType.ROLE.name());
+                if (mc != null && mc.hasModules()) {
+                    SecurityRolesAssociation.setSecurityRoles(principleVsRoleMap);
+                }
+            }
             ServletChain servlet = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY).getCurrentServlet();
             identity = runAsIdentityMetaDataMap.get(servlet.getManagedServlet().getServletInfo().getName());
             RunAsIdentity runAsIdentity = null;
@@ -108,11 +124,11 @@ private String setContextID(String contextID) {
     }
 
 
-    public static HandlerWrapper wrapper(final Map<String, Set<String>> principleVsRoleMap, final Map<String, RunAsIdentityMetaData> runAsIdentityMetaDataMap, final String contextId) {
+    public static HandlerWrapper wrapper(final SecurityDomainContext securityDomainContext, final Map<String, Set<String>> principleVsRoleMap, final Map<String, RunAsIdentityMetaData> runAsIdentityMetaDataMap, final String contextId) {
         return new HandlerWrapper() {
             @Override
             public HttpHandler wrap(final HttpHandler handler) {
-                return new SecurityContextAssociationHandler(principleVsRoleMap, runAsIdentityMetaDataMap, contextId, handler);
+                return new SecurityContextAssociationHandler(securityDomainContext, principleVsRoleMap, runAsIdentityMetaDataMap, contextId, handler);
             }
         };
     }