[SOLVED] CDI injection in JASPIC ServerAuthModule doesn't work

CDI injection in JASPIC ServerAuthModule doesn't work

Using Wildfly 11 Final on Java 10.

I have JASPIC implementation that by itself works as it should. I need to hook it to a DB so i can do authentication in public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {...} . However @Resource(mappedName="java:jboss/datasources/someDB") javax.sql.DataSource db; is always null for db.

CDI works as expected for an arbitrary Servlet class in the same WAR archive - if i put that exact line in a Servlet class, it gives a DataSource object.

I work around this with manual lookup via private static InitialContext ic; But i need CDI for other global things. Has anyone faced such problem? WEB-INF/beans.xml has a bean-discovery-mode="all" attribute in the beans element.

public class SrvAuthModuleImpl implements ServerAuthModule {

@Resource(mappedName="java:jboss/datasources/someDB") javax.sql.DataSource db; //always null
private static InitialContext ic; //workaround via manual lookup

private CallbackHandler handler;
private Class<?>[] supportedMessageTypes = new Class[] {HttpServletRequest.class, HttpServletResponse.class};

@Override
public void initialize(MessagePolicy requestPolicy, MessagePolicy responsePolicy, CallbackHandler handler, @SuppressWarnings("rawtypes") java.util.Map options) throws AuthException {
    this.handler = handler;
}

@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {

    try (
        Connection c = getDb().getConnection(); //works
        // Connection c = db.getConnection(); //db is null, exception thrown
    ) {

    } catch (SQLException ex) {

    }

    return AuthStatus.SUCCESS;
}

@Override
public Class<?>[] getSupportedMessageTypes() {return supportedMessageTypes;}
@Override
public AuthStatus secureResponse(MessageInfo messageInfo, Subject serviceSubject) throws AuthException {return AuthStatus.SEND_SUCCESS;}
@Override
public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException {}

private static javax.sql.DataSource getDb() {
    try {
        if (ic == null) {
            synchronized(TestServerAuthModule.class) {
                if (ic == null) {
                    ic = new javax.naming.InitialContext();
                }
            }
        }
        return (javax.sql.DataSource)ic.lookup("java:jboss/datasources/someDB");
    } catch (Exception ex) {
        return null;
    }
}
}

Solution

That's expected. JASPIC is older than Resource Injection or CDI and does not support either.

In Java EE 7, you can use something like

CDI.current().select(MyBean.class).get()

to get hold of CDI beans in unmanaged contexts.

Another option is Soteria, the reference implementation of the Java EE 8 Security API, which also works on WildFly 11.