Skip to content

Commit

Permalink
Use a multimodule maven organisation for 2.x
Browse files Browse the repository at this point in the history
 - Bump to pac4j 2.3.0
 - Users should depend on jersey-pac4j or resteasy-pac4j
 - Users can still depend on jax-rs-pac4j for backward compatibility
 - Add saveInSession parameter for callback endpoints
  • Loading branch information
victornoel committed Mar 21, 2018
1 parent 58a9f29 commit 3e846c3
Show file tree
Hide file tree
Showing 63 changed files with 354 additions and 189 deletions.
18 changes: 11 additions & 7 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,10 @@
<img src="https://pac4j.github.io/pac4j/img/logo-jaxrs.png" width="300" />
</p>

[![Build Status](https://travis-ci.org/pac4j/jax-rs-pac4j.png?branch=master)](https://travis-ci.org/pac4j/jax-rs-pac4j)
[![Build Status](https://travis-ci.org/pac4j/jax-rs-pac4j.png?branch=2.x)](https://travis-ci.org/pac4j/jax-rs-pac4j)
[![Maven Central](https://img.shields.io/maven-central/v/org.pac4j/jax-rs-pac4j.svg)](http://search.maven.org/#search%7Cga%7C1%7Cg%3A%22org.pac4j%22%20AND%20a%3A%22jax-rs-pac4j%22)
[![Maven Central](https://img.shields.io/maven-central/v/org.pac4j/jersey-pac4j.svg)](http://search.maven.org/#search%7Cga%7C1%7Cg%3A%22org.pac4j%22%20AND%20a%3A%22jersey-pac4j%22)
[![Maven Central](https://img.shields.io/maven-central/v/org.pac4j/resteasy-pac4j.svg)](http://search.maven.org/#search%7Cga%7C1%7Cg%3A%22org.pac4j%22%20AND%20a%3A%22resteasy-pac4j%22)

The `jax-rs-pac4j` project is an **easy and powerful security library for JAX-RS** web applications which supports authentication and authorization, but also application logout and advanced features like session fixation and CSRF protection.
It's based on Java 8, servlet 3 (when present), JAX-RS 2 and on the **[pac4j security engine](https://github.com/pac4j/pac4j)**. It's available under the Apache 2 license.
Expand Down Expand Up @@ -47,8 +49,10 @@ See also [dropwizard-pac4j](https://github.com/pac4j/dropwizard-pac4j) for even

You need to add a dependency on:

- the `jax-rs-pac4j` library (<em>groupId</em>: **org.pac4j**, *version*: **2.1.0**)
- the appropriate `pac4j` [submodules](http://www.pac4j.org/docs/clients.html) (<em>groupId</em>: **org.pac4j**, *version*: **2.1.0**): `pac4j-oauth` for OAuth support (Facebook, Twitter...), `pac4j-cas` for CAS support, `pac4j-ldap` for LDAP authentication, etc.
- jax-rs-pac4j
1. for Jersey (<2.26) : the `jersey-pac4j` library (<em>groupId</em>: **org.pac4j**, *version*: **2.2.0**)
2. for Resteasy : the `resteasy-pac4j` library (<em>groupId</em>: **org.pac4j**, *version*: **2.2.0**)
- the appropriate `pac4j` [submodules](http://www.pac4j.org/docs/clients.html) (<em>groupId</em>: **org.pac4j**, *version*: **2.3.0**): `pac4j-oauth` for OAuth support (Facebook, Twitter...), `pac4j-cas` for CAS support, `pac4j-ldap` for LDAP authentication, etc.

All released artifacts are available in the [Maven central repository](http://search.maven.org/#search%7Cga%7C1%7Cpac4j).

Expand Down Expand Up @@ -118,15 +122,15 @@ For a Jersey-based and Servlet-based (e.g., Jetty or Grizzly Servlet) environmen
resourceConfig
.register(new ServletJaxRsContextFactoryProvider(config))
.register(new Pac4JSecurityFeature(config))
.register(new Pac4JValueFactoryProvider.Binder()); // only with Jersey <2.26
.register(new Pac4JValueFactoryProvider.Binder());
```

For a Jersey-based and Grizzly-based environment without Servlet but session management and annotation support and method parameters injection:
```
resourceConfig
.register(new GrizzlyJaxRsContextFactoryProvider(config))
.register(new Pac4JSecurityFeature(config))
.register(new Pac4JValueFactoryProvider.Binder()); // only with Jersey <2.26
.register(new Pac4JValueFactoryProvider.Binder());
```

For a Resteasy-based and Servlet-based (e.g., Undertow) environment with session management and annotation support:
Expand Down Expand Up @@ -164,7 +168,7 @@ public class Pac4JFeature implements Feature {
context
.register(new JaxRsConfigProvider(config))
.register(new Pac4JSecurityFeature())
.register(new Pac4JValueFactoryProvider.Binder()) // only with Jersey <2.26
.register(new Pac4JValueFactoryProvider.Binder())
.register(new Pac4JProfileInjectorFactory()) // only with Resteasy
.register(new ServletJaxRsContextFactoryProvider());

Expand Down Expand Up @@ -301,7 +305,7 @@ For example:

### 5) Get the user profile (`CommonProfile` and `ProfileManager`)

When using Jersey (<2.26) or Resteasy as the JAX-RS runtime, it is possible to directly inject a pac4j profile or profile manager using method parameters injection.
When using Jersey or Resteasy as the JAX-RS runtime, it is possible to directly inject a pac4j profile or profile manager using method parameters injection.
When using another JAX-RS runtime, see below for workarounds.

#### Using method parameters injection
Expand Down
38 changes: 38 additions & 0 deletions core/pom.xml
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>

<parent>
<groupId>org.pac4j.jax-rs</groupId>
<artifactId>parent</artifactId>
<version>2.2.0-SNAPSHOT</version>
</parent>
<artifactId>core</artifactId>

<dependencies>
<dependency>
<groupId>javax.ws.rs</groupId>
<artifactId>javax.ws.rs-api</artifactId>
<version>2.0.1</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>javax.annotation</groupId>
<artifactId>javax.annotation-api</artifactId>
<version>1.2</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.pac4j</groupId>
<artifactId>pac4j-core</artifactId>
</dependency>
<!-- optional dependencies -->
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.0.1</version>
<scope>provided</scope>
<optional>true</optional>
</dependency>
</dependencies>
</project>
Original file line number Diff line number Diff line change
Expand Up @@ -57,4 +57,13 @@
* @return value for {@link CallbackFilter#setMultiProfile(Boolean)}
*/
boolean[] multiProfile() default {};

/**
* Note that this parameter only takes one value at most: empty array (default) is used to represent default pac4j
* setting, one boolean will be used by the filter, and more than one boolean will fail the resource method
* initialisation.
*
* @return value for {@link CallbackFilter#setSaveInSession(Boolean)}
*/
boolean[] saveInSession() default {};
}
Original file line number Diff line number Diff line change
Expand Up @@ -7,14 +7,12 @@
import java.lang.annotation.Target;

import org.pac4j.core.profile.ProfileManager;
import org.pac4j.jax.rs.jersey.features.Pac4JValueFactoryProvider;

/**
*
* Binds the value(s) of the current Pac4J {@link ProfileManager} to a resource method parameter, resource class field,
* or resource class bean property.
*
* @see Pac4JValueFactoryProvider.Binder
* @author Victor Noel - Linagora
* @since 1.0.0
*
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,11 @@ public void configure(ResourceInfo resourceInfo, FeatureContext context) {
"defaultUrl parameter in @Pac4JCallback is not expected to have more than one value");
}

if (cbAnn.saveInSession().length > 1) {
throw new IllegalArgumentException(
"saveInSession parameter in @Pac4JCallback is not expected to have more than one value");
}

if (cbAnn.multiProfile().length > 1) {
throw new IllegalArgumentException(
"multiProfile parameter in @Pac4JCallback is not expected to have more than one value");
Expand All @@ -117,6 +122,7 @@ public void configure(ResourceInfo resourceInfo, FeatureContext context) {

final CallbackFilter filter = new CallbackFilter(providers);

filter.setSaveInSession(cbAnn.saveInSession().length == 0 ? null : cbAnn.saveInSession()[0]);
filter.setMultiProfile(cbAnn.multiProfile().length == 0 ? null : cbAnn.multiProfile()[0]);
filter.setRenewSession(cbAnn.renewSession().length == 0 ? null : cbAnn.renewSession()[0]);
filter.setDefaultUrl(cbAnn.defaultUrl().length == 0 ? null : cbAnn.defaultUrl()[0]);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,8 @@ public class CallbackFilter extends AbstractFilter {

private String defaultUrl;

private Boolean saveInSession;

private Boolean multiProfile;

private Boolean renewSession;
Expand All @@ -37,7 +39,15 @@ public CallbackFilter(Providers providers) {
protected void filter(JaxRsContext context) throws IOException {
Config config = getConfig();

buildLogic(config).perform(context, config, adapter(config), context.getAbsolutePath(defaultUrl, false),
CallbackLogic<Object, JaxRsContext> logic = buildLogic(config);

// TODO remove the null check once pac4j 2.3.1 is released
// cf https://github.com/pac4j/pac4j/pull/1121
if (saveInSession != null && logic instanceof DefaultCallbackLogic) {
((DefaultCallbackLogic) logic).setSaveInSession(saveInSession);
}

logic.perform(context, config, adapter(config), context.getAbsolutePath(defaultUrl, false),
multiProfile, renewSession);
}

Expand Down Expand Up @@ -69,6 +79,14 @@ public void setDefaultUrl(String defaultUrl) {
this.defaultUrl = defaultUrl;
}

public boolean isSaveInSession() {
return saveInSession;
}

public void setSaveInSession(Boolean saveInSession) {
this.saveInSession = saveInSession;
}

public boolean isMultiProfile() {
return multiProfile;
}
Expand Down
25 changes: 25 additions & 0 deletions jax-rs-pac4j/pom.xml
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>

<parent>
<groupId>org.pac4j.jax-rs</groupId>
<artifactId>parent</artifactId>
<version>2.2.0-SNAPSHOT</version>
</parent>
<groupId>org.pac4j</groupId>
<artifactId>jax-rs-pac4j</artifactId>

<dependencies>
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>resteasy-pac4j</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>jersey-pac4j</artifactId>
<version>${project.version}</version>
</dependency>
</dependencies>
</project>
63 changes: 63 additions & 0 deletions jersey/pom.xml
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>

<parent>
<groupId>org.pac4j.jax-rs</groupId>
<artifactId>parent</artifactId>
<version>2.2.0-SNAPSHOT</version>
</parent>
<groupId>org.pac4j</groupId>
<artifactId>jersey-pac4j</artifactId>

<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.glassfish.jersey</groupId>
<artifactId>jersey-bom</artifactId>
<version>2.25.1</version>
<scope>import</scope>
<type>pom</type>
</dependency>
</dependencies>
</dependencyManagement>

<dependencies>
<dependency>
<groupId>${project.parent.groupId}</groupId>
<artifactId>core</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.glassfish.jersey.core</groupId>
<artifactId>jersey-server</artifactId>
<scope>provided</scope>
</dependency>
<!-- optional dependencies -->
<dependency>
<groupId>org.glassfish.grizzly</groupId>
<artifactId>grizzly-http-server</artifactId>
<!-- same version as in org.glassfish.jersey:project -->
<version>2.3.28</version>
<scope>provided</scope>
<optional>true</optional>
</dependency>
<!-- test dependencies -->
<dependency>
<groupId>${project.parent.groupId}</groupId>
<artifactId>testing</artifactId>
<version>${project.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.glassfish.jersey.test-framework.providers</groupId>
<artifactId>jersey-test-framework-provider-inmemory</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.glassfish.jersey.test-framework.providers</groupId>
<artifactId>jersey-test-framework-provider-grizzly2</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
</project>
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@
import javax.ws.rs.client.WebTarget;

import org.glassfish.grizzly.http.server.util.Globals;
import org.glassfish.jersey.client.JerseyClientBuilder;
import org.glassfish.jersey.server.ResourceConfig;
import org.glassfish.jersey.test.DeploymentContext;
import org.glassfish.jersey.test.JerseyTest;
Expand Down Expand Up @@ -52,9 +51,6 @@ protected ResourceConfig configureResourceConfig(ResourceConfig config) {
protected void before() throws Throwable {
// Used by Jersey Client to store cookies
CookieHandler.setDefault(new CookieManager());

// let's force use a JerseyClient!
setUpClientClassloader(JerseyClientBuilder.class);

jersey = new MyJerseyTest();
jersey.setUp();
Expand Down
Loading

0 comments on commit 3e846c3

Please sign in to comment.