Removed EJB

Added web-fragment.xml

impl/pom.xml

@@ -16,14 +16,14 @@
     SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
 
 -->
-
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
 
     <parent>
-       <groupId>org.glassfish.soteria</groupId>
+       <groupId>com.given2.soteria</groupId>
        <artifactId>parent</artifactId>
        <version>2.0.2-SNAPSHOT</version>
+       <relativePath>../pom.xml</relativePath>
     </parent>
 
     <artifactId>jakarta.security.enterprise</artifactId>
@@ -87,7 +87,7 @@
                     <archive>
                         <manifestFile>${project.build.outputDirectory}/META-INF/MANIFEST.MF</manifestFile>
                         <manifestEntries>
-                            <Automatic-Module-Name>org.glassfish.soteria</Automatic-Module-Name>
+                            <Automatic-Module-Name>com.given2.soteria</Automatic-Module-Name>
                         </manifestEntries>
                     </archive>
                 </configuration>

impl/src/main/java/org/glassfish/soteria/authorization/EJB.java

@@ -1,62 +1,62 @@
-/*
- * Copyright (c) 2015, 2020 Oracle and/or its affiliates. All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v. 2.0, which is available at
- * http://www.eclipse.org/legal/epl-2.0.
- *
- * This Source Code may also be made available under the following Secondary
- * Licenses when the conditions for such availability set forth in the
- * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
- * version 2 with the GNU Classpath Exception, which is available at
- * https://www.gnu.org/software/classpath/license.html.
- *
- * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
- */
-
-package org.glassfish.soteria.authorization;
-
-import static org.glassfish.soteria.Utils.getELProcessor;
-
-import jakarta.ejb.EJBContext;
-import javax.naming.InitialContext;
-import javax.naming.NamingException; 
-
-public final class EJB {
-    
-    private EJB() {
-        // no instances
-    }
-    
-    public static EJBContext getEJBContext() {
-        try {
-            return (EJBContext) new InitialContext().lookup("java:comp/EJBContext");
-        } catch (NamingException ex) {
-            return null;
-        }
-    }
-    
-    public static String getCurrentEJBName(EJBContext ejbContext) {
-        try {
-            switch (ejbContext.getClass().getName()) {
-                case "com.sun.ejb.containers.SessionContextImpl":
-                case "com.sun.ejb.containers.SingletonContextImpl":
-                    String toString = ejbContext.toString();
-                    int firstIndex = toString.indexOf(";");
-                    if (firstIndex != -1) {
-                        return toString.substring(0, firstIndex);
-                    }
-                    break;
-                case "org.jboss.as.ejb3.context.SessionContextImpl":
-                    return getELProcessor("ejbContext", ejbContext)
-                            .eval("ejbContext.component.componentName")
-                            .toString();
-            }
-        } catch (Exception e) {
-            // Ignore
-        }
-                
-        return null;
-    }
-
-}
+///*
+// * Copyright (c) 2015, 2020 Oracle and/or its affiliates. All rights reserved.
+// *
+// * This program and the accompanying materials are made available under the
+// * terms of the Eclipse Public License v. 2.0, which is available at
+// * http://www.eclipse.org/legal/epl-2.0.
+// *
+// * This Source Code may also be made available under the following Secondary
+// * Licenses when the conditions for such availability set forth in the
+// * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+// * version 2 with the GNU Classpath Exception, which is available at
+// * https://www.gnu.org/software/classpath/license.html.
+// *
+// * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+// */
+//
+//package org.glassfish.soteria.authorization;
+//
+//import static org.glassfish.soteria.Utils.getELProcessor;
+//
+//import jakarta.ejb.EJBContext;
+//import javax.naming.InitialContext;
+//import javax.naming.NamingException;
+//
+//public final class EJB {
+//
+//    private EJB() {
+//        // no instances
+//    }
+//
+//    public static EJBContext getEJBContext() {
+//        try {
+//            return (EJBContext) new InitialContext().lookup("java:comp/EJBContext");
+//        } catch (NamingException ex) {
+//            return null;
+//        }
+//    }
+//
+//    public static String getCurrentEJBName(EJBContext ejbContext) {
+//        try {
+//            switch (ejbContext.getClass().getName()) {
+//                case "com.sun.ejb.containers.SessionContextImpl":
+//                case "com.sun.ejb.containers.SingletonContextImpl":
+//                    String toString = ejbContext.toString();
+//                    int firstIndex = toString.indexOf(";");
+//                    if (firstIndex != -1) {
+//                        return toString.substring(0, firstIndex);
+//                    }
+//                    break;
+//                case "org.jboss.as.ejb3.context.SessionContextImpl":
+//                    return getELProcessor("ejbContext", ejbContext)
+//                            .eval("ejbContext.component.componentName")
+//                            .toString();
+//            }
+//        } catch (Exception e) {
+//            // Ignore
+//        }
+//
+//        return null;
+//    }
+//
+//}

impl/src/main/java/org/glassfish/soteria/authorization/JACC.java

@@ -16,32 +16,16 @@
 
 package org.glassfish.soteria.authorization;
 
-import static java.security.Policy.getPolicy;
-import static java.util.Collections.list;
-import static org.glassfish.soteria.authorization.EJB.getCurrentEJBName;
-import static org.glassfish.soteria.authorization.EJB.getEJBContext;
-
-import java.security.AccessController;
-import java.security.CodeSource;
-import java.security.Permission;
-import java.security.PermissionCollection;
-import java.security.Policy;
-import java.security.Principal;
-import java.security.PrivilegedAction;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
-import java.security.ProtectionDomain;
+import jakarta.security.jacc.*;
+
+import javax.security.auth.Subject;
+import java.security.*;
 import java.security.cert.Certificate;
 import java.util.HashSet;
 import java.util.Set;
 
-import jakarta.ejb.EJBContext;
-import javax.security.auth.Subject;
-import jakarta.security.jacc.EJBRoleRefPermission;
-import jakarta.security.jacc.PolicyContext;
-import jakarta.security.jacc.PolicyContextException;
-import jakarta.security.jacc.WebResourcePermission;
-import jakarta.security.jacc.WebRoleRefPermission;
+import static java.security.Policy.getPolicy;
+import static java.util.Collections.list;
 
 public class JACC {
 
@@ -59,24 +43,24 @@ public static boolean isCallerInRole(String role) {
             return true;
         }
 
-        EJBContext ejbContext = getEJBContext();
-        
-        if (ejbContext != null) {
-            
-            // We're called from an EJB
-            
-            // To ask for the permission, get the EJB name first.
-            // Unlike the Servlet container there's no automatic mapping
-            // to a global ("") name.
-            String ejbName = getCurrentEJBName(ejbContext);
-            if (ejbName != null) {
-                return hasPermission(subject, new EJBRoleRefPermission(ejbName, role));
-            }
-            
-            // EJB name not supported for current container, fallback to going fully through
-            // ejbContext
-            return ejbContext.isCallerInRole(role);
-        }
+//        EJBContext ejbContext = getEJBContext();
+//
+//        if (ejbContext != null) {
+//
+//            // We're called from an EJB
+//
+//            // To ask for the permission, get the EJB name first.
+//            // Unlike the Servlet container there's no automatic mapping
+//            // to a global ("") name.
+//            String ejbName = getCurrentEJBName(ejbContext);
+//            if (ejbName != null) {
+//                return hasPermission(subject, new EJBRoleRefPermission(ejbName, role));
+//            }
+//
+//            // EJB name not supported for current container, fallback to going fully through
+//            // ejbContext
+//            return ejbContext.isCallerInRole(role);
+//        }
 
         return false;
     }

impl/src/main/java/org/glassfish/soteria/authorization/spi/impl/SubjectParser.java

@@ -40,10 +40,8 @@
 
 import javax.security.auth.Subject;
 
-import org.glassfish.soteria.authorization.EJB;
 import org.glassfish.soteria.authorization.JACC;
 
-import jakarta.ejb.EJBContext;
 import jakarta.security.enterprise.CallerPrincipal;
 import jakarta.security.jacc.PolicyContext;
 import jakarta.security.jacc.PolicyContextException;
@@ -441,11 +439,12 @@ private Principal doGetCallerPrincipalFromPrincipals(Iterable<Principal> princip
         }
 
         // Check for EJB
-        EJBContext ejbContext = EJB.getEJBContext();
-        if (ejbContext != null) {
-            // The EJB returned value must be verified for its "unauthenticated name" since it's vendor specific
-            return getVendorCallerPrincipal(ejbContext.getCallerPrincipal(), true);
-        }
+        // Removed
+//        EJBContext ejbContext = EJB.getEJBContext();
+//        if (ejbContext != null) {
+//            // The EJB returned value must be verified for its "unauthenticated name" since it's vendor specific
+//            return getVendorCallerPrincipal(ejbContext.getCallerPrincipal(), true);
+//        }
 
         for (Principal principal : principals) {
             // Do some checks to determine it from vendor specific data

impl/src/main/java/org/glassfish/soteria/mechanisms/jaspic/Jaspic.java

@@ -49,7 +49,7 @@
  * @author Arjan Tijms
  *
  */
-public final class Jaspic {
+public enum Jaspic { INSTANCE;
 
 	public static final String IS_AUTHENTICATION = "org.glassfish.soteria.security.message.request.authentication";
 	public static final String IS_AUTHENTICATION_FROM_FILTER = "org.glassfish.soteria.security.message.request.authenticationFromFilter";
@@ -71,8 +71,7 @@ public final class Jaspic {
 	private static final String IS_MANDATORY = "jakarta.security.auth.message.MessagePolicy.isMandatory";
 	private static final String REGISTER_SESSION = "jakarta.servlet.http.registerSession";
 
-	private Jaspic() {}
-
+
 	public static boolean authenticate(HttpServletRequest request, HttpServletResponse response, AuthenticationParameters authParameters) {
 		try {
 		    // JASPIC 1.1 does not have any way to distinguish between a
@@ -119,12 +118,10 @@ public static void logout(HttpServletRequest request, HttpServletResponse respon
 
 	public static void cleanSubject(Subject subject) {
 	    if (subject != null) {
-	        AccessController.doPrivileged(new PrivilegedAction<Void>() {
-	            public Void run() {
-	                subject.getPrincipals().clear();
-	                return null;
-	            }
-	        });
+	        AccessController.doPrivileged((PrivilegedAction<Void>) () -> {
+				subject.getPrincipals().clear();
+				return null;
+			});
 	    }
 	}
 
@@ -245,15 +242,12 @@ public static String getAppContextID(ServletContext context) {
 	public static String registerServerAuthModule(ServerAuthModule serverAuthModule, ServletContext servletContext) {
 
 	    // Register the factory-factory-factory for the SAM
-	    String registrationId = AccessController.doPrivileged(new PrivilegedAction<String>() {
-	        public String run() {
-	            return AuthConfigFactory.getFactory().registerConfigProvider(
-	                    new DefaultAuthConfigProvider(serverAuthModule),
-	                    "HttpServlet", 
-	                    getAppContextID(servletContext), 
-	                    "Default single SAM authentication config provider");
-	        }
-	    });
+	    String registrationId = AccessController.doPrivileged( (PrivilegedAction<String>) () -> AuthConfigFactory.getFactory().registerConfigProvider(
+				new DefaultAuthConfigProvider(serverAuthModule),
+				"HttpServlet",
+				getAppContextID(servletContext),
+				"Default single SAM authentication config provider")
+		);
 
 		// Remember the registration ID returned by the factory, so we can unregister the JASPIC module when the web module
 		// is undeployed. JASPIC being the low level API that it is won't do this automatically.
@@ -270,13 +264,9 @@ public String run() {
 	 */
 	public static void deregisterServerAuthModule(ServletContext servletContext) {
 		String registrationId = (String) servletContext.getAttribute(CONTEXT_REGISTRATION_ID);
-		if (!isEmpty(registrationId)) {
-			AccessController.doPrivileged(new PrivilegedAction<Boolean>() {
-			    public Boolean run() {
-			        return AuthConfigFactory.getFactory().removeRegistration(registrationId);
-			    }
-			});
-		}
+		if (!isEmpty(registrationId)) AccessController.doPrivileged(
+				(PrivilegedAction<Boolean>) () -> AuthConfigFactory.getFactory().removeRegistration(registrationId)
+		);
 	}
 
 

impl/src/main/java/org/glassfish/soteria/servlet/SamRegistrationInstaller.java

@@ -16,27 +16,30 @@
 
 package org.glassfish.soteria.servlet;
 
+import static java.util.logging.Level.FINEST;
+import static java.util.logging.Level.INFO;
+import static org.glassfish.soteria.Utils.isEmpty;
+import static org.glassfish.soteria.mechanisms.jaspic.Jaspic.deregisterServerAuthModule;
+import static org.glassfish.soteria.mechanisms.jaspic.Jaspic.registerServerAuthModule;
+
+import java.util.Set;
+import java.util.logging.Logger;
+
 import jakarta.enterprise.inject.spi.BeanManager;
 import jakarta.enterprise.inject.spi.CDI;
 import jakarta.servlet.ServletContainerInitializer;
 import jakarta.servlet.ServletContext;
 import jakarta.servlet.ServletContextEvent;
 import jakarta.servlet.ServletContextListener;
+import jakarta.servlet.ServletException;
+
 import org.glassfish.soteria.cdi.CdiExtension;
+import org.glassfish.soteria.cdi.CdiUtils;
 import org.glassfish.soteria.cdi.spi.CDIPerRequestInitializer;
 import org.glassfish.soteria.cdi.spi.impl.LibertyCDIPerRequestInitializer;
 import org.glassfish.soteria.mechanisms.jaspic.HttpBridgeServerAuthModule;
 import org.glassfish.soteria.mechanisms.jaspic.Jaspic;
 
-import java.util.Set;
-import java.util.logging.Logger;
-
-import static java.util.logging.Level.FINEST;
-import static java.util.logging.Level.INFO;
-import static org.glassfish.soteria.Utils.isEmpty;
-import static org.glassfish.soteria.mechanisms.jaspic.Jaspic.deregisterServerAuthModule;
-import static org.glassfish.soteria.mechanisms.jaspic.Jaspic.registerServerAuthModule;
-
 /**
  * If an HttpAuthenticationMechanism implementation has been found on the classpath, this 
  * initializer installs a bridge SAM that delegates the validateRequest, secureResponse and
@@ -62,7 +65,7 @@ public void onStartup(Set<Class<?>> c, ServletContext ctx) {
         // there's an enabled bean
 
         try {
-            CDI.current().getBeanManager();
+            CDI.current().getBeanManager(); //CdiUtils.getBeanManager();
 
             if (logger.isLoggable(INFO)) {
                 String version = getClass().getPackage().getImplementationVersion();
@@ -110,13 +113,11 @@ public void onStartup(Set<Class<?>> c, ServletContext ctx) {
     @Override
     public void contextInitialized(ServletContextEvent sce) {
         // noop
-        logger.info("contextInitialized");
     }
 
     @Override
     public void contextDestroyed(ServletContextEvent sce) {
         deregisterServerAuthModule(sce.getServletContext());
-        logger.info("contextDestroyed");
     }
 
 }