From 06cc7a60959f74807773546ee1cdc9b8011ffe8c Mon Sep 17 00:00:00 2001
From: arne <arne@apache.org>
Date: Tue, 24 Sep 2024 17:25:20 +0200
Subject: [PATCH] MEECROWAVE-339: Only use proxy when not within proxy

---
 .../MeecrowaveSecurityService.java            |  2 +-
 .../org/apache/meecrowave/PrincipalTest.java  | 37 +++++++++++++++++++
 .../org/apache/meecrowave/TestPrincipal.java  | 23 ++++++++++++
 .../openwebbeans/openwebbeans.properties      |  1 +
 4 files changed, 62 insertions(+), 1 deletion(-)
 create mode 100644 meecrowave-core/src/test/java/org/apache/meecrowave/TestPrincipal.java
 create mode 100644 meecrowave-core/src/test/resources/META-INF/openwebbeans/openwebbeans.properties

diff --git a/meecrowave-core/src/main/java/org/apache/meecrowave/openwebbeans/MeecrowaveSecurityService.java b/meecrowave-core/src/main/java/org/apache/meecrowave/openwebbeans/MeecrowaveSecurityService.java
index 960eea0e..b301ec72 100644
--- a/meecrowave-core/src/main/java/org/apache/meecrowave/openwebbeans/MeecrowaveSecurityService.java
+++ b/meecrowave-core/src/main/java/org/apache/meecrowave/openwebbeans/MeecrowaveSecurityService.java
@@ -57,7 +57,7 @@ public MeecrowaveSecurityService(final WebBeansContext context) {
         proxy = apiToProxy.length == 1 ? new MeecrowavePrincipal() : Principal.class.cast(
                 Proxy.newProxyInstance(loader, apiToProxy, (proxy, method, args) -> {
                     try {
-                        return method.invoke(getCurrentPrincipal(), args);
+                        return method.invoke(getUserPrincipal(), args);
                     } catch (final InvocationTargetException ite) {
                         throw ite.getTargetException();
                     }
diff --git a/meecrowave-core/src/test/java/org/apache/meecrowave/PrincipalTest.java b/meecrowave-core/src/test/java/org/apache/meecrowave/PrincipalTest.java
index 06e5e409..6dc368ea 100644
--- a/meecrowave-core/src/test/java/org/apache/meecrowave/PrincipalTest.java
+++ b/meecrowave-core/src/test/java/org/apache/meecrowave/PrincipalTest.java
@@ -62,6 +62,43 @@ protected Principal getPrincipal(final String username) {
         }
     }
 
+    @Test
+    public void runWithProxy() throws IOException {
+        String proxyApis = System.getProperty("org.apache.webbeans.component.PrincipalBean.proxyApis");
+        System.setProperty("org.apache.webbeans.component.PrincipalBean.proxyApis", "org.apache.meecrowave.TestPrincipal");
+        try (final Meecrowave container = new Meecrowave(new Meecrowave.Builder()
+                .randomHttpPort()
+                .includePackages("org.superbiz.app")
+                .realm(new RealmBase() {
+                    @Override
+                    protected String getPassword(final String username) {
+                        return "foo".equals(username) ? "pwd" : null;
+                    }
+
+                    @Override
+                    protected Principal getPrincipal(final String username) {
+                        return new MyPrincipal(username);
+                    }
+                }).loginConfig(new Meecrowave.LoginConfigBuilder()
+                        .basic()
+                        .realmName("basic realm"))
+                .securityConstraints(new Meecrowave.SecurityConstaintBuilder()
+                        .authConstraint(true)
+                        .addAuthRole("**")
+                        .addCollection("secured", "/*")))
+                .bake()) {
+            assertEquals(
+                    "org.apache.meecrowave.PrincipalTest$MyPrincipal_foo  org.apache.webbeans.custom.Principal_foo",
+                    slurp(new URL("http://localhost:" + container.getConfiguration().getHttpPort() + "/api/test/principal")));
+        } finally {
+            if (proxyApis != null) {
+                System.setProperty("org.apache.webbeans.component.PrincipalBean.proxyApis", proxyApis);
+            } else {
+                System.clearProperty("org.apache.webbeans.component.PrincipalBean.proxyApis");
+            }
+        }
+    }
+
     private String slurp(final URL url) throws IOException {
         final URLConnection is = HttpURLConnection.class.cast(url.openConnection());
         is.setRequestProperty("Authorization", "Basic " + Base64.getEncoder().encodeToString("foo:pwd".getBytes(StandardCharsets.UTF_8)));
diff --git a/meecrowave-core/src/test/java/org/apache/meecrowave/TestPrincipal.java b/meecrowave-core/src/test/java/org/apache/meecrowave/TestPrincipal.java
new file mode 100644
index 00000000..86587631
--- /dev/null
+++ b/meecrowave-core/src/test/java/org/apache/meecrowave/TestPrincipal.java
@@ -0,0 +1,23 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.meecrowave;
+
+public interface TestPrincipal {
+
+}
diff --git a/meecrowave-core/src/test/resources/META-INF/openwebbeans/openwebbeans.properties b/meecrowave-core/src/test/resources/META-INF/openwebbeans/openwebbeans.properties
new file mode 100644
index 00000000..cf9317ac
--- /dev/null
+++ b/meecrowave-core/src/test/resources/META-INF/openwebbeans/openwebbeans.properties
@@ -0,0 +1 @@
+org.apache.webbeans.component.PrincipalBean.proxyApis=