Merge pull request #8792 from eclipse/jetty-10.0.x-OpenIdSessionSerialization
Issue #8330 - fix IllegalStateException from using OpenID with SessionDatastore
This commit is contained in:
commit
4f633e945c
|
@ -13,6 +13,7 @@
|
|||
|
||||
package org.eclipse.jetty.security.openid;
|
||||
|
||||
import java.io.File;
|
||||
import java.io.IOException;
|
||||
import java.security.Principal;
|
||||
import java.util.Map;
|
||||
|
@ -28,7 +29,10 @@ import org.eclipse.jetty.security.ConstraintMapping;
|
|||
import org.eclipse.jetty.security.ConstraintSecurityHandler;
|
||||
import org.eclipse.jetty.server.Server;
|
||||
import org.eclipse.jetty.server.ServerConnector;
|
||||
import org.eclipse.jetty.server.session.FileSessionDataStoreFactory;
|
||||
import org.eclipse.jetty.servlet.ServletContextHandler;
|
||||
import org.eclipse.jetty.toolchain.test.MavenTestingUtils;
|
||||
import org.eclipse.jetty.util.IO;
|
||||
import org.eclipse.jetty.util.security.Constraint;
|
||||
import org.junit.jupiter.api.AfterEach;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
|
@ -107,6 +111,12 @@ public class OpenIdAuthenticationTest
|
|||
securityHandler.setInitParameter(OpenIdAuthenticator.LOGOUT_REDIRECT_PATH, "/");
|
||||
context.setSecurityHandler(securityHandler);
|
||||
|
||||
File datastoreDir = MavenTestingUtils.getTargetTestingDir("datastore");
|
||||
IO.delete(datastoreDir);
|
||||
FileSessionDataStoreFactory fileSessionDataStoreFactory = new FileSessionDataStoreFactory();
|
||||
fileSessionDataStoreFactory.setStoreDir(datastoreDir);
|
||||
server.addBean(fileSessionDataStoreFactory);
|
||||
|
||||
server.start();
|
||||
String redirectUri = "http://localhost:" + connector.getLocalPort() + "/redirect_path";
|
||||
openIdProvider.addRedirectUri(redirectUri);
|
||||
|
@ -153,6 +163,19 @@ public class OpenIdAuthenticationTest
|
|||
response = client.GET(appUriString + "/admin");
|
||||
assertThat(response.getStatus(), is(HttpStatus.FORBIDDEN_403));
|
||||
|
||||
// We can restart the server and still be logged in as we have persistent session datastore.
|
||||
server.stop();
|
||||
server.start();
|
||||
appUriString = "http://localhost:" + connector.getLocalPort();
|
||||
|
||||
// After restarting server the authentication is saved as a session authentication.
|
||||
response = client.GET(appUriString + "/");
|
||||
assertThat(response.getStatus(), is(HttpStatus.OK_200));
|
||||
content = response.getContentAsString();
|
||||
assertThat(content, containsString("userId: 123456789"));
|
||||
assertThat(content, containsString("name: Alice"));
|
||||
assertThat(content, containsString("email: Alice@example.com"));
|
||||
|
||||
// We are no longer authenticated after logging out
|
||||
response = client.GET(appUriString + "/logout");
|
||||
assertThat(response.getStatus(), is(HttpStatus.OK_200));
|
||||
|
|
|
@ -22,6 +22,7 @@ import javax.servlet.http.HttpSessionBindingListener;
|
|||
import javax.servlet.http.HttpSessionEvent;
|
||||
|
||||
import org.eclipse.jetty.security.AbstractUserAuthentication;
|
||||
import org.eclipse.jetty.security.Authenticator;
|
||||
import org.eclipse.jetty.security.LoginService;
|
||||
import org.eclipse.jetty.security.SecurityHandler;
|
||||
import org.eclipse.jetty.server.UserIdentity;
|
||||
|
@ -76,7 +77,13 @@ public class SessionAuthentication extends AbstractUserAuthentication
|
|||
return;
|
||||
}
|
||||
|
||||
LoginService loginService = security.getLoginService();
|
||||
LoginService loginService;
|
||||
Authenticator authenticator = security.getAuthenticator();
|
||||
if (authenticator instanceof LoginAuthenticator)
|
||||
loginService = ((LoginAuthenticator)authenticator).getLoginService();
|
||||
else
|
||||
loginService = security.getLoginService();
|
||||
|
||||
if (loginService == null)
|
||||
{
|
||||
if (LOG.isDebugEnabled())
|
||||
|
|
Loading…
Reference in New Issue