Merge pull request #42 from darranl/ELYEE-50

[ELYEE-50] Upgrade Jakarta Authentication to version 3.1.0

authentication/pom.xml

@@ -83,7 +83,7 @@
                         </goals>
                     </execution>
                 </executions>
-           </plugin>        
+           </plugin>
         </plugins>
     </build>
 
@@ -100,19 +100,11 @@
             <groupId>org.wildfly.security</groupId>
             <artifactId>wildfly-elytron-credential</artifactId>
         </dependency>
-        <dependency>
-            <groupId>org.wildfly.security</groupId>
-            <artifactId>wildfly-elytron-permission</artifactId>
-        </dependency>
         <dependency>
             <groupId>org.wildfly.security</groupId>
             <artifactId>wildfly-elytron-realm</artifactId>
         </dependency>
-        <dependency>
-            <groupId>org.wildfly.security</groupId>
-            <artifactId>wildfly-elytron-security-manager-action</artifactId>
-        </dependency>
-
+
         <dependency>
             <groupId>org.jboss.logging</groupId>
             <artifactId>jboss-logging-annotations</artifactId>
@@ -139,7 +131,7 @@
             <artifactId>jakarta.servlet-api</artifactId>
             <scope>provided</scope>
         </dependency>
-        
+
         <dependency>
             <groupId>org.wildfly.common</groupId>
             <artifactId>wildfly-common</artifactId>
@@ -157,5 +149,5 @@
             <scope>test</scope>
         </dependency>
     </dependencies>
-    
+
 </project>

authentication/src/main/java/org/wildfly/security/auth/jaspi/ElytronAuthConfigFactory.java

@@ -16,14 +16,11 @@
 
 package org.wildfly.security.auth.jaspi;
 
-import static java.lang.System.getSecurityManager;
 import static org.wildfly.common.Assert.checkNotNullParam;
 import static org.wildfly.security.auth.jaspi._private.ElytronMessages.log;
 import static org.wildfly.security.auth.jaspi._private.ElytronEEMessages.eeLog;
 
 import java.lang.reflect.Constructor;
-import java.security.AccessController;
-import java.security.SecurityPermission;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.HashMap;
@@ -35,7 +32,6 @@
 
 import org.wildfly.security.auth.jaspi.impl.AuthenticationModuleDefinition;
 import org.wildfly.security.auth.jaspi.impl.ElytronAuthConfigProvider;
-import org.wildfly.security.manager.action.GetContextClassLoaderAction;
 
 import jakarta.security.auth.message.config.AuthConfigFactory;
 import jakarta.security.auth.message.config.AuthConfigProvider;
@@ -142,8 +138,6 @@ boolean matchesRegistration(final String layer, final String appContext) {
      */
     @Override
     public String registerConfigProvider(AuthConfigProvider provider, String layer, String appContext, String description) {
-        checkPermission(providerRegistrationSecurityPermission);
-
         return registerConfigProvider(provider, layer, appContext, description, false);
     }
 
@@ -153,8 +147,6 @@ public String registerConfigProvider(AuthConfigProvider provider, String layer,
     @Override
     public String registerConfigProvider(String className, Map<String, String> properties, String layer, String appContext, String description) {
         // TODO [ELY-1548] We should support persisting to configuration changes made by calling this method.
-        checkPermission(providerRegistrationSecurityPermission);
-
         AuthConfigProvider authConfigProvider = null;
         if (className != null) {
             ClassLoader classLoader = identifyClassLoader();
@@ -234,8 +226,6 @@ public void removeServerAuthModule(Object context) {
      */
     @Override
     public boolean removeRegistration(String registrationId) {
-        checkPermission(providerRegistrationSecurityPermission);
-
         String layer = null;
         String appContext = null;
         boolean removed = false;
@@ -271,7 +261,6 @@ public boolean removeRegistration(String registrationId) {
     @Override
     public String[] detachListener(RegistrationListener listener, String layer, String appContext) {
         checkNotNullParam("listener", listener);
-        checkPermission(providerRegistrationSecurityPermission);
         List<String> registrationIDs = new ArrayList<>();
         synchronized (layerContextRegistration) {
             for (Registration current : layerContextRegistration.values()) {
@@ -335,23 +324,10 @@ public String[] getRegistrationIDs(AuthConfigProvider provider) {
     @Override
     public void refresh() {
         // [ELY-1538] Dynamic loading not presently supported, once supported refresh will reload the configuration.
-        checkPermission(providerRegistrationSecurityPermission);
-    }
-
-
-
-
-    private static void checkPermission(final SecurityPermission securityPermission) {
-        SecurityManager securityManager = getSecurityManager();
-        if (securityManager != null) {
-            securityManager.checkPermission(securityPermission);
-        }
     }
 
     private static ClassLoader identifyClassLoader() {
-        ClassLoader classLoader = getSecurityManager() != null
-                ? AccessController.doPrivileged(GetContextClassLoaderAction.getInstance())
-                : GetContextClassLoaderAction.getInstance().run();
+        ClassLoader classLoader = Thread.currentThread().getContextClassLoader();
 
         return classLoader != null ? classLoader : ClassLoader.getSystemClassLoader();
     }

authentication/src/main/java/org/wildfly/security/auth/jaspi/impl/JaspiAuthenticationContext.java

@@ -18,13 +18,10 @@
 
 import static org.wildfly.common.Assert.checkNotNullParam;
 import static org.wildfly.security.auth.jaspi._private.ElytronMessages.log;
-import static org.wildfly.security.auth.jaspi.impl.SecurityActions.doPrivileged;
 
 import java.io.IOException;
 import java.security.Principal;
-import java.security.PrivilegedAction;
 import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
 import java.util.Arrays;
 import java.util.HashSet;
 import java.util.Iterator;
@@ -134,10 +131,7 @@ private CallbackHandler createCommonCallbackHandler(final boolean integrated) {
             @Override
             public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
                 try {
-                    doPrivileged((PrivilegedExceptionAction<Void>) () -> {
-                        handleOne(callbacks, 0);
-                        return null;
-                    });
+                    handleOne(callbacks, 0);
                 } catch (Exception e) {
                     if (e instanceof PrivilegedActionException) {
                         if (e.getCause() instanceof UnsupportedCallbackException) {
@@ -299,7 +293,7 @@ public SecurityIdentity getAuthorizedIdentity() throws IllegalStateException {
             Roles roles = Roles.fromSet(this.roles);
             RoleMapper roleMapper = RoleMapper.constant(roles);
             SecurityIdentity temp = securityIdentity;
-            securityIdentity = doPrivileged((PrivilegedAction<SecurityIdentity>) (() -> temp.withDefaultRoleMapper(roleMapper)));
+            securityIdentity = temp.withDefaultRoleMapper(roleMapper);
         } else {
             log.trace("No roles request of CallbackHandler.");
         }

pom.xml

@@ -59,7 +59,7 @@
         <maven.compiler.source>17</maven.compiler.source>
         <maven.compiler.target>17</maven.compiler.target>
 
-        <version.jakarta.authentication>3.0.0</version.jakarta.authentication>
+        <version.jakarta.authentication>3.1.0</version.jakarta.authentication>
         <version.jakarta.authorization>2.1.0</version.jakarta.authorization>
         <version.jakarta.cdi>4.0.1</version.jakarta.cdi>
         <version.jakarta.jaxrs>3.1.0</version.jakarta.jaxrs>