use JsonFriendlyRequest in LoginToContinueMechanism

tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/LoginToContinueInterceptor.java

@@ -16,10 +16,9 @@
  */
 package org.apache.tomee.security.cdi;
 
+import org.apache.tomee.security.http.JsonFriendlyRequest;
 import org.apache.tomee.security.http.LoginToContinueMechanism;
 import org.apache.tomee.security.http.SavedAuthentication;
-import org.apache.tomee.security.http.SavedHttpServletRequest;
-import org.apache.tomee.security.http.SavedRequest;
 
 import jakarta.annotation.Priority;
 import jakarta.interceptor.AroundInvoke;
@@ -155,8 +154,8 @@ private AuthenticationStatus processContainerInitiatedAuthentication(
                                    httpMessageContext.getCallerPrincipal(),
                                    httpMessageContext.getGroups());
 
-                final SavedRequest savedRequest = getRequest(httpMessageContext.getRequest());
-                return httpMessageContext.redirect(savedRequest.getRequestURLWithQueryString());
+                final JsonFriendlyRequest savedRequest = getRequest(httpMessageContext.getRequest());
+                return httpMessageContext.redirect(savedRequest.getUrlWithQueryString());
 
             } else if (authenticationStatus.equals(SEND_FAILURE)) {
                 final LoginToContinue loginToContinue = getLoginToContinue(invocationContext);
@@ -173,15 +172,12 @@ private AuthenticationStatus processContainerInitiatedAuthentication(
         }
 
         if (isOnOriginalURLAfterAuthenticate(httpMessageContext)) {
-            final SavedRequest savedRequest = getRequest(httpMessageContext.getRequest());
+            final JsonFriendlyRequest savedRequest = getRequest(httpMessageContext.getRequest());
             final SavedAuthentication savedAuthentication = getAuthentication(httpMessageContext.getRequest());
 
             clearRequestAndAuthentication(httpMessageContext.getRequest());
 
-            final SavedHttpServletRequest savedHttpServletRequest =
-                    new SavedHttpServletRequest(httpMessageContext.getRequest(), savedRequest);
-
-            return httpMessageContext.withRequest(savedHttpServletRequest)
+            return httpMessageContext.withRequest(savedRequest.mask(httpMessageContext.getRequest()))
                                      .notifyContainerAboutLogin(savedAuthentication.getPrincipal(),
                                                                 savedAuthentication.getGroups());
         }

tomee/tomee-security/src/main/java/org/apache/tomee/security/http/JsonFriendlyRequest.java

@@ -23,6 +23,7 @@
 import jakarta.json.bind.Jsonb;
 import jakarta.json.bind.JsonbBuilder;
 import jakarta.json.bind.JsonbConfig;
+import jakarta.json.bind.annotation.JsonbTransient;
 import jakarta.json.bind.serializer.DeserializationContext;
 import jakarta.json.bind.serializer.JsonbDeserializer;
 import jakarta.json.bind.serializer.JsonbSerializer;
@@ -32,6 +33,7 @@
 import jakarta.servlet.http.Cookie;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletRequestWrapper;
+import java.io.Serializable;
 import java.lang.reflect.Type;
 import java.util.Collections;
 import java.util.Enumeration;
@@ -41,8 +43,7 @@
 
 // JSON-B friendly class that stores the request data required for #
 // both @LoginToContinue and @OpenIdAuthenticationMechanismDefinition(redirectToOriginalResource=true)
-
-public class JsonFriendlyRequest {
+public class JsonFriendlyRequest implements Serializable {
     private static final Logger LOGGER = Logger.getInstance(LogCategory.TOMEE_SECURITY, JsonFriendlyRequest.class);
 
     private static final CookieDeSerializer COOKIE_DE_SERIALIZER = new CookieDeSerializer();
@@ -53,6 +54,7 @@ public class JsonFriendlyRequest {
     private Cookie[] cookies;
     private Map<String, List<String>> headers;
     private String method;
+    private String url;
     private String queryString;
 
     public static JsonFriendlyRequest fromRequest(HttpServletRequest request) {
@@ -71,6 +73,7 @@ public static JsonFriendlyRequest fromRequest(HttpServletRequest request) {
         result.setCookies(cookies);
         result.setHeaders(headers);
         result.setMethod(method);
+        result.setUrl(request.getRequestURL().toString());
         result.setQueryString(queryString);
 
         return result;
@@ -112,6 +115,11 @@ public String getMethod() {
                 return method;
             }
 
+            @Override
+            public StringBuffer getRequestURL() {
+                return new StringBuffer(url);
+            }
+
             @Override
             public String getQueryString() {
                 return queryString;
@@ -152,6 +160,14 @@ public void setMethod(String method) {
         this.method = method;
     }
 
+    public String getUrl() {
+        return url;
+    }
+
+    public void setUrl(String url) {
+        this.url = url;
+    }
+
     public String getQueryString() {
         return queryString;
     }
@@ -160,6 +176,11 @@ public void setQueryString(String queryString) {
         this.queryString = queryString;
     }
 
+    @JsonbTransient
+    public String getUrlWithQueryString() {
+        return queryString == null ? url : url + "?" + queryString;
+    }
+
     public static class CookieDeSerializer implements JsonbSerializer<Cookie>, JsonbDeserializer<Cookie> {
         @Override
         public Cookie deserialize(JsonParser parser, DeserializationContext ctx, Type rtType) {

tomee/tomee-security/src/main/java/org/apache/tomee/security/http/LoginToContinueMechanism.java

@@ -39,55 +39,8 @@ public interface LoginToContinueMechanism {
     LoginToContinue getLoginToContinue();
 
     static void saveRequest(final HttpServletRequest request) throws IOException {
-        SavedRequest saved = new SavedRequest();
-        Cookie[] cookies = request.getCookies();
-        if (cookies != null) {
-            for (int i = 0; i < cookies.length; i++) {
-                saved.addCookie(cookies[i]);
-            }
-        }
-        Enumeration<String> names = request.getHeaderNames();
-        while (names.hasMoreElements()) {
-            String name = names.nextElement();
-            Enumeration<String> values = request.getHeaders(name);
-            while (values.hasMoreElements()) {
-                String value = values.nextElement();
-                saved.addHeader(name, value);
-            }
-        }
-        Enumeration<Locale> locales = request.getLocales();
-        while (locales.hasMoreElements()) {
-            Locale locale = locales.nextElement();
-            saved.addLocale(locale);
-        }
-
-        int maxSavePostSize = MAX_SAVE_POST_SIZE;
-        if (maxSavePostSize != 0) {
-            ByteChunk body = new ByteChunk();
-            body.setLimit(maxSavePostSize);
-
-            byte[] buffer = new byte[4096];
-            int bytesRead;
-            InputStream is = request.getInputStream();
-
-            while ( (bytesRead = is.read(buffer) ) >= 0) {
-                body.append(buffer, 0, bytesRead);
-            }
-
-            // Only save the request body if there is something to save
-            if (body.getLength() > 0) {
-                saved.setContentType(request.getContentType());
-                saved.setBody(body);
-            }
-        }
-
-        saved.setMethod(request.getMethod());
-        saved.setQueryString(request.getQueryString());
-        saved.setRequestURI(request.getRequestURI());
-        saved.setRequestURL(request.getRequestURL().toString());
-
         // Stash the SavedRequest in our session for later use
-        request.getSession().setAttribute(ORIGINAL_REQUEST, saved);
+        request.getSession().setAttribute(ORIGINAL_REQUEST, JsonFriendlyRequest.fromRequest(request));
     }
 
     static boolean matchRequest(final HttpServletRequest request) {
@@ -98,7 +51,7 @@ static boolean matchRequest(final HttpServletRequest request) {
         }
 
         // Is there a saved request?
-        SavedRequest originalRequest = (SavedRequest) request.getSession().getAttribute(ORIGINAL_REQUEST);
+        JsonFriendlyRequest originalRequest = (JsonFriendlyRequest) request.getSession().getAttribute(ORIGINAL_REQUEST);
         if (originalRequest == null) {
             return false;
         }
@@ -112,15 +65,15 @@ static boolean matchRequest(final HttpServletRequest request) {
 
         // Does the request URI match?
         String requestURI = request.getRequestURI();
-        return requestURI != null && requestURI.equals(originalRequest.getRequestURI());
+        return requestURI != null && requestURI.equals(originalRequest.getUrlWithQueryString());
     }
 
     static boolean hasRequest(final HttpServletRequest request) {
         return request.getSession().getAttribute(ORIGINAL_REQUEST) != null;
     }
 
-    static SavedRequest getRequest(final HttpServletRequest request) {
-        return (SavedRequest) request.getSession().getAttribute(ORIGINAL_REQUEST);
+    static JsonFriendlyRequest getRequest(final HttpServletRequest request) {
+        return (JsonFriendlyRequest) request.getSession().getAttribute(ORIGINAL_REQUEST);
     }
 
     static void saveAuthentication(final HttpServletRequest request,