@RunAs not honoured (#4743)
* Issue #4739 Fix @RunAs Signed-off-by: Jan Bartel <janb@webtide.com>
This commit is contained in:
parent
4b2842265a
commit
8eb4bb98a4
|
@ -21,7 +21,6 @@ package org.eclipse.jetty.annotations;
|
|||
import javax.servlet.Servlet;
|
||||
|
||||
import org.eclipse.jetty.annotations.AnnotationIntrospector.AbstractIntrospectableAnnotationHandler;
|
||||
import org.eclipse.jetty.plus.annotation.RunAsCollection;
|
||||
import org.eclipse.jetty.servlet.ServletHolder;
|
||||
import org.eclipse.jetty.util.log.Log;
|
||||
import org.eclipse.jetty.util.log.Logger;
|
||||
|
@ -64,14 +63,7 @@ public class RunAsAnnotationHandler extends AbstractIntrospectableAnnotationHand
|
|||
if (d == null)
|
||||
{
|
||||
metaData.setOrigin(holder.getName() + ".servlet.run-as", runAs, clazz);
|
||||
org.eclipse.jetty.plus.annotation.RunAs ra = new org.eclipse.jetty.plus.annotation.RunAs(clazz.getName(), role);
|
||||
RunAsCollection raCollection = (RunAsCollection)_context.getAttribute(RunAsCollection.RUNAS_COLLECTION);
|
||||
if (raCollection == null)
|
||||
{
|
||||
raCollection = new RunAsCollection();
|
||||
_context.setAttribute(RunAsCollection.RUNAS_COLLECTION, raCollection);
|
||||
}
|
||||
raCollection.add(ra);
|
||||
holder.setRunAsRole(role);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -0,0 +1,60 @@
|
|||
//
|
||||
// ========================================================================
|
||||
// Copyright (c) 1995-2020 Mort Bay Consulting Pty Ltd and others.
|
||||
// ------------------------------------------------------------------------
|
||||
// All rights reserved. This program and the accompanying materials
|
||||
// are made available under the terms of the Eclipse Public License v1.0
|
||||
// and Apache License v2.0 which accompanies this distribution.
|
||||
//
|
||||
// The Eclipse Public License is available at
|
||||
// http://www.eclipse.org/legal/epl-v10.html
|
||||
//
|
||||
// The Apache License v2.0 is available at
|
||||
// http://www.opensource.org/licenses/apache2.0.php
|
||||
//
|
||||
// You may elect to redistribute this code under either of these licenses.
|
||||
// ========================================================================
|
||||
//
|
||||
|
||||
package org.eclipse.jetty.annotations;
|
||||
|
||||
import org.eclipse.jetty.servlet.ServletHolder;
|
||||
import org.eclipse.jetty.webapp.WebAppContext;
|
||||
import org.eclipse.jetty.webapp.WebDescriptor;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
|
||||
public class TestRunAsAnnotation
|
||||
{
|
||||
@Test
|
||||
public void testRunAsAnnotation() throws Exception
|
||||
{
|
||||
WebAppContext wac = new WebAppContext();
|
||||
|
||||
//pre-add a servlet but not by descriptor
|
||||
ServletHolder holder = new ServletHolder();
|
||||
holder.setName("foo1");
|
||||
holder.setHeldClass(ServletC.class);
|
||||
holder.setInitOrder(1); //load on startup
|
||||
wac.getServletHandler().addServletWithMapping(holder, "/foo/*");
|
||||
|
||||
//add another servlet of the same class, but as if by descriptor
|
||||
ServletHolder holder2 = new ServletHolder();
|
||||
holder2.setName("foo2");
|
||||
holder2.setHeldClass(ServletC.class);
|
||||
holder2.setInitOrder(1);
|
||||
wac.getServletHandler().addServletWithMapping(holder2, "/foo2/*");
|
||||
wac.getMetaData().setOrigin(holder2.getName() + ".servlet.run-as", new WebDescriptor(null));
|
||||
|
||||
AnnotationIntrospector parser = new AnnotationIntrospector();
|
||||
RunAsAnnotationHandler handler = new RunAsAnnotationHandler(wac);
|
||||
parser.registerHandler(handler);
|
||||
parser.introspect(ServletC.class);
|
||||
|
||||
assertEquals("admin", holder.getRunAsRole());
|
||||
assertEquals(null, holder2.getRunAsRole());
|
||||
|
||||
|
||||
}
|
||||
}
|
|
@ -26,7 +26,9 @@ import org.eclipse.jetty.servlet.ServletHolder;
|
|||
* RunAs
|
||||
* <p>
|
||||
* Represents a <code><run-as></code> element in web.xml, or a <code>@RunAs</code> annotation.
|
||||
* @deprecated unused as of 9.4.28 due for removal in 10.0.0
|
||||
*/
|
||||
@Deprecated
|
||||
public class RunAs
|
||||
{
|
||||
private String _className;
|
||||
|
|
|
@ -27,7 +27,9 @@ import org.eclipse.jetty.util.log.Logger;
|
|||
|
||||
/**
|
||||
* RunAsCollection
|
||||
* @deprecated class unused as of 9.4.28 due for removal in 10.0.0
|
||||
*/
|
||||
@Deprecated
|
||||
public class RunAsCollection
|
||||
{
|
||||
private static final Logger LOG = Log.getLogger(RunAsCollection.class);
|
||||
|
|
|
@ -20,7 +20,6 @@ package org.eclipse.jetty.plus.webapp;
|
|||
|
||||
import org.eclipse.jetty.plus.annotation.InjectionCollection;
|
||||
import org.eclipse.jetty.plus.annotation.LifeCycleCallbackCollection;
|
||||
import org.eclipse.jetty.plus.annotation.RunAsCollection;
|
||||
import org.eclipse.jetty.util.Decorator;
|
||||
import org.eclipse.jetty.util.log.Log;
|
||||
import org.eclipse.jetty.util.log.Logger;
|
||||
|
@ -43,11 +42,6 @@ public class PlusDecorator implements Decorator
|
|||
@Override
|
||||
public Object decorate(Object o)
|
||||
{
|
||||
|
||||
RunAsCollection runAses = (RunAsCollection)_context.getAttribute(RunAsCollection.RUNAS_COLLECTION);
|
||||
if (runAses != null)
|
||||
runAses.setRunAs(o);
|
||||
|
||||
InjectionCollection injections = (InjectionCollection)_context.getAttribute(InjectionCollection.INJECTION_COLLECTION);
|
||||
if (injections != null)
|
||||
injections.inject(o);
|
||||
|
|
|
@ -20,7 +20,6 @@ package org.eclipse.jetty.plus.webapp;
|
|||
|
||||
import java.util.Iterator;
|
||||
import java.util.Objects;
|
||||
|
||||
import javax.naming.Context;
|
||||
import javax.naming.InitialContext;
|
||||
import javax.naming.NameNotFoundException;
|
||||
|
@ -33,7 +32,6 @@ import org.eclipse.jetty.plus.annotation.LifeCycleCallback;
|
|||
import org.eclipse.jetty.plus.annotation.LifeCycleCallbackCollection;
|
||||
import org.eclipse.jetty.plus.annotation.PostConstructCallback;
|
||||
import org.eclipse.jetty.plus.annotation.PreDestroyCallback;
|
||||
import org.eclipse.jetty.plus.annotation.RunAsCollection;
|
||||
import org.eclipse.jetty.plus.jndi.EnvEntry;
|
||||
import org.eclipse.jetty.plus.jndi.Link;
|
||||
import org.eclipse.jetty.plus.jndi.NamingEntry;
|
||||
|
@ -93,13 +91,6 @@ public class PlusDescriptorProcessor extends IterativeDescriptorProcessor
|
|||
callbacks = new LifeCycleCallbackCollection();
|
||||
context.setAttribute(LifeCycleCallbackCollection.LIFECYCLE_CALLBACK_COLLECTION, callbacks);
|
||||
}
|
||||
|
||||
RunAsCollection runAsCollection = (RunAsCollection)context.getAttribute(RunAsCollection.RUNAS_COLLECTION);
|
||||
if (runAsCollection == null)
|
||||
{
|
||||
runAsCollection = new RunAsCollection();
|
||||
context.setAttribute(RunAsCollection.RUNAS_COLLECTION, runAsCollection);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -392,18 +392,6 @@ public class ServletHolder extends Holder<Servlet> implements UserIdentity.Scope
|
|||
//check if we need to forcibly set load-on-startup
|
||||
checkInitOnStartup();
|
||||
|
||||
if (_runAsRole == null)
|
||||
{
|
||||
_identityService = null;
|
||||
_runAsToken = null;
|
||||
}
|
||||
else
|
||||
{
|
||||
_identityService = getServletHandler().getIdentityService();
|
||||
if (_identityService != null)
|
||||
_runAsToken = _identityService.newRunAsToken(_runAsRole);
|
||||
}
|
||||
|
||||
_config = new Config();
|
||||
|
||||
synchronized (this)
|
||||
|
@ -577,10 +565,23 @@ public class ServletHolder extends Holder<Servlet> implements UserIdentity.Scope
|
|||
_servlet = newInstance();
|
||||
if (_config == null)
|
||||
_config = new Config();
|
||||
|
||||
//check run-as rolename and convert to token from IdentityService
|
||||
if (_runAsRole == null)
|
||||
{
|
||||
_identityService = null;
|
||||
_runAsToken = null;
|
||||
}
|
||||
else
|
||||
{
|
||||
_identityService = getServletHandler().getIdentityService();
|
||||
if (_identityService != null)
|
||||
{
|
||||
|
||||
// Handle run as
|
||||
if (_identityService != null && _runAsToken != null)
|
||||
_servlet = new RunAsServlet(_servlet, _identityService, _runAsToken);
|
||||
_runAsToken = _identityService.newRunAsToken(_runAsRole);
|
||||
_servlet = new RunAsServlet(_servlet, _identityService, _runAsToken);
|
||||
}
|
||||
}
|
||||
|
||||
if (!isAsyncSupported())
|
||||
_servlet = new NotAsyncServlet(_servlet);
|
||||
|
|
Loading…
Reference in New Issue