You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by dj...@apache.org on 2004/12/09 21:15:15 UTC
svn commit: r111428 - in geronimo/trunk/modules: jetty-builder/src/java/org/apache/geronimo/jetty/deployment jetty/src/java/org/apache/geronimo/jetty jetty/src/test/org/apache/geronimo/jetty
Author: djencks
Date: Thu Dec 9 12:15:14 2004
New Revision: 111428
URL: http://svn.apache.org/viewcvs?view=rev&rev=111428
Log:
merged in correct changes from 111365:111381 on jetty-deployer1 branch
Modified:
geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java
geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java
geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java
geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java
geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java
Modified: geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java?view=diff&rev=111428&p1=geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java&r1=111427&p2=geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java&r2=111428
==============================================================================
--- geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java (original)
+++ geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java Thu Dec 9 12:15:14 2004
@@ -24,6 +24,8 @@
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
+import java.security.PermissionCollection;
+import java.security.Permissions;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
@@ -44,6 +46,13 @@
import javax.security.jacc.WebUserDataPermission;
import javax.transaction.UserTransaction;
+import org.apache.xmlbeans.XmlException;
+import org.apache.xmlbeans.XmlObject;
+import org.mortbay.http.BasicAuthenticator;
+import org.mortbay.http.ClientCertAuthenticator;
+import org.mortbay.http.DigestAuthenticator;
+import org.mortbay.jetty.servlet.FormAuthenticator;
+
import org.apache.geronimo.common.DeploymentException;
import org.apache.geronimo.deployment.service.GBeanHelper;
import org.apache.geronimo.deployment.util.DeploymentUtil;
@@ -102,13 +111,6 @@
import org.apache.geronimo.xbeans.j2ee.WebAppType;
import org.apache.geronimo.xbeans.j2ee.WebResourceCollectionType;
import org.apache.geronimo.xbeans.j2ee.WelcomeFileListType;
-import org.apache.xmlbeans.XmlException;
-import org.apache.xmlbeans.XmlObject;
-import org.mortbay.http.BasicAuthenticator;
-import org.mortbay.http.ClientCertAuthenticator;
-import org.mortbay.http.DigestAuthenticator;
-import org.mortbay.http.SecurityConstraint;
-import org.mortbay.jetty.servlet.FormAuthenticator;
/**
@@ -384,8 +386,6 @@
}
webModuleData.setAttribute("policyContextID", policyContextID);
buildSpecSecurityConfig(webApp, webModuleData, securityRoles);
- //TODO figure out if we can avoid this.
- buildLegacySecurityConstraints(webApp, webModuleData);
} else {
webModuleData = new GBeanData(webModuleName, JettyWebAppContext.GBEAN_INFO);
@@ -839,8 +839,8 @@
}
}
- Set excludedPermissions = new HashSet();
- Set uncheckedPermissions = new HashSet();
+ PermissionCollection excludedPermissions = new Permissions();
+ PermissionCollection uncheckedPermissions = new Permissions();
Map rolePermissions = new HashMap();
Iterator iter = excludedPatterns.keySet().iterator();
@@ -934,71 +934,6 @@
webModuleData.setAttribute("excludedPermissions", excludedPermissions);
webModuleData.setAttribute("uncheckedPermissions", uncheckedPermissions);
webModuleData.setAttribute("rolePermissions", rolePermissions);
- }
-
- private void buildLegacySecurityConstraints(WebAppType webApp, GBeanData webModuleData) throws DeploymentException {
- //this is basically what jetty's XMLConfiguration does. I would hope we could come up with a better way.
- Map urlToSecurityConstraintListMap = new HashMap();
- SecurityConstraintType[] securityConstraintArray = webApp.getSecurityConstraintArray();
- for (int i = 0; i < securityConstraintArray.length; i++) {
- SecurityConstraintType securityConstraintType = securityConstraintArray[i];
-
- SecurityConstraint scBase = new SecurityConstraint();
- if (securityConstraintType.isSetAuthConstraint()) {
- scBase.setAuthenticate(true);
- RoleNameType[] roleNameArray = securityConstraintType.getAuthConstraint().getRoleNameArray();
- for (int j = 0; j < roleNameArray.length; j++) {
- RoleNameType roleNameType = roleNameArray[j];
- scBase.addRole(roleNameType.getStringValue().trim());
- }
- }
- if (securityConstraintType.isSetUserDataConstraint()) {
- String guarantee = securityConstraintType.getUserDataConstraint().getTransportGuarantee().getStringValue().trim();
- if (guarantee == null || guarantee.length() == 0 || "NONE".equals(guarantee))
- scBase.setDataConstraint(SecurityConstraint.DC_NONE);
- else if ("INTEGRAL".equals(guarantee))
- scBase.setDataConstraint(SecurityConstraint.DC_INTEGRAL);
- else if ("CONFIDENTIAL".equals(guarantee))
- scBase.setDataConstraint(SecurityConstraint.DC_CONFIDENTIAL);
- else {
- //ToDO what do we do here?
-// log.warn("Unknown user-data-constraint:" + guarantee);
- scBase.setDataConstraint(SecurityConstraint.DC_CONFIDENTIAL);
- }
- }
- WebResourceCollectionType[] webResourceCollectionArray = securityConstraintType.getWebResourceCollectionArray();
- for (int j = 0; j < webResourceCollectionArray.length; j++) {
- WebResourceCollectionType webResourceCollectionType = webResourceCollectionArray[j];
-
- String name = webResourceCollectionType.getWebResourceName().getStringValue().trim();
- SecurityConstraint sc = null;
- try {
- sc = (SecurityConstraint) scBase.clone();
- } catch (CloneNotSupportedException e) {
- throw new DeploymentException("this should not have happened", e);
- }
- sc.setName(name);
- HttpMethodType[] httpMethodArray = webResourceCollectionType.getHttpMethodArray();
- for (int k = 0; k < httpMethodArray.length; k++) {
- HttpMethodType httpMethodType = httpMethodArray[k];
- sc.addMethod(httpMethodType.getStringValue().trim());
- }
- UrlPatternType[] urlPatternArray = webResourceCollectionType.getUrlPatternArray();
- for (int k = 0; k < urlPatternArray.length; k++) {
- UrlPatternType urlPatternType = urlPatternArray[k];
- String urlPattern = urlPatternType.getStringValue();
- List securityConstraints = (List) urlToSecurityConstraintListMap.get(urlPattern);
- if (securityConstraints == null) {
- securityConstraints = new ArrayList();
- urlToSecurityConstraintListMap.put(urlPattern, securityConstraints);
- }
- securityConstraints.add(sc);
- }
- }
- }
-
- webModuleData.setAttribute("legacySecurityConstraintMap", urlToSecurityConstraintListMap);
-
}
private static Set collectRoleNames(WebAppType webApp) {
Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java?view=diff&rev=111428&p1=geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java&r1=111427&p2=geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java&r2=111428
==============================================================================
--- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java (original)
+++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java Thu Dec 9 12:15:14 2004
@@ -198,7 +198,6 @@
setWAR(webAppRoot.toString());
-
jettyContainer.addContext(this);
Object context = enterContextScope(null, null);
Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java?view=diff&rev=111428&p1=geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java&r1=111427&p2=geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java&r2=111428
==============================================================================
--- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java (original)
+++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java Thu Dec 9 12:15:14 2004
@@ -18,18 +18,20 @@
package org.apache.geronimo.jetty;
import java.io.IOException;
-import java.net.MalformedURLException;
import java.net.URI;
import java.net.URL;
import java.security.AccessControlContext;
import java.security.AccessControlException;
import java.security.Permission;
+import java.security.PermissionCollection;
+import java.security.Permissions;
import java.security.Principal;
import java.util.Collection;
+import java.util.HashSet;
import java.util.Iterator;
-import java.util.List;
import java.util.Map;
import java.util.Set;
+import java.util.Enumeration;
import javax.management.MalformedObjectNameException;
import javax.management.ObjectName;
import javax.security.auth.Subject;
@@ -42,6 +44,16 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.mortbay.http.Authenticator;
+import org.mortbay.http.HttpException;
+import org.mortbay.http.HttpRequest;
+import org.mortbay.http.HttpResponse;
+import org.mortbay.http.SecurityConstraint;
+import org.mortbay.http.UserRealm;
+import org.mortbay.jetty.servlet.FormAuthenticator;
+import org.mortbay.jetty.servlet.ServletHolder;
+import org.mortbay.jetty.servlet.ServletHttpRequest;
+
import org.apache.geronimo.common.GeronimoSecurityException;
import org.apache.geronimo.gbean.GBeanInfo;
import org.apache.geronimo.gbean.GBeanInfoBuilder;
@@ -63,17 +75,6 @@
import org.apache.geronimo.transaction.OnlineUserTransaction;
import org.apache.geronimo.transaction.TrackedConnectionAssociator;
import org.apache.geronimo.transaction.context.TransactionContextManager;
-import org.mortbay.http.Authenticator;
-import org.mortbay.http.HttpException;
-import org.mortbay.http.HttpRequest;
-import org.mortbay.http.HttpResponse;
-import org.mortbay.http.PathMap;
-import org.mortbay.http.SecurityConstraint;
-import org.mortbay.http.UserRealm;
-import org.mortbay.jetty.servlet.FormAuthenticator;
-import org.mortbay.jetty.servlet.ServletHolder;
-import org.mortbay.jetty.servlet.ServletHttpRequest;
-import org.mortbay.util.LazyList;
/**
@@ -95,15 +96,15 @@
private PolicyConfigurationFactory factory;
private PolicyConfiguration policyConfiguration;
- private final PathMap constraintMap = new PathMap();
-
private String formLoginPath;
private final Set securityRoles;
- private final Set excludedPermissions;
- private final Set uncheckedPermissions;
+ private final PermissionCollection excludedPermissions;
+ private final PermissionCollection uncheckedPermissions;
private final Map rolePermissions;
+ PermissionCollection checked = new Permissions();
+
private final SecurityContextBeforeAfter securityInterceptor;
@@ -148,13 +149,10 @@
Security securityConfig,
//from jettyxmlconfig
Set securityRoles,
- Set uncheckedPermissions,
- Set excludedPermissions,
+ PermissionCollection uncheckedPermissions,
+ PermissionCollection excludedPermissions,
Map rolePermissions,
- //TODO remove
- Map legacySecurityConstraintMap,
-
TransactionContextManager transactionContextManager,
TrackedConnectionAssociator trackedConnectionAssociator,
JettyContainer jettyContainer,
@@ -209,16 +207,18 @@
contextLength = index;
chain = securityInterceptor;
- //TODO remove
- for (Iterator entries = legacySecurityConstraintMap.entrySet().iterator(); entries.hasNext();) {
- Map.Entry entry = (Map.Entry) entries.next();
- String urlPattern = (String) entry.getKey();
- List securityConstraints = (List) entry.getValue();
- for (Iterator constraints = securityConstraints.iterator(); constraints.hasNext();) {
- SecurityConstraint securityConstraint = (SecurityConstraint) constraints.next();
- addSecurityConstraint(urlPattern, securityConstraint);
+ Set p = new HashSet();
+ for (Iterator iterator = rolePermissions.entrySet().iterator(); iterator.hasNext();) {
+ Map.Entry entry = (Map.Entry) iterator.next();
+ Set permissions = (Set) entry.getValue();
+ for (Iterator iterator1 = permissions.iterator(); iterator1.hasNext();) {
+ Permission permission = (Permission) iterator1.next();
+ p.add(permission);
}
-
+ }
+ for (Iterator iterator = p.iterator(); iterator.hasNext();) {
+ Permission permission = (Permission) iterator.next();
+ checked.add(permission);
}
}
@@ -236,31 +236,6 @@
policyConfiguration.commit();
}
-
- /**
- * Keep our own copy of security constraints.<p/>
- * <p/>
- * We keep our own copy of security constraints because Jetty's copy is
- * private. We use these constraints not for any authorization descitions
- * but, to decide whether we should attempt to authenticate the request.
- *
- * @param pathSpec The path spec to which the secuiryt cosntraint applies
- * @param sc the security constraint
- * TODO Jetty to provide access to this map so we can remove this method
- * @see org.mortbay.http.HttpContext#addSecurityConstraint(java.lang.String, org.mortbay.http.SecurityConstraint)
- */
- public void addSecurityConstraint(String pathSpec, SecurityConstraint sc) {
- super.addSecurityConstraint(pathSpec, sc);
-
- Object scs = constraintMap.get(pathSpec);
- scs = LazyList.add(scs, sc);
- constraintMap.put(pathSpec, scs);
-
- if (log.isDebugEnabled()) {
- log.debug("added " + sc + " at " + pathSpec);
- }
- }
-
/**
* Check the security constraints using JACC.
*
@@ -328,49 +303,11 @@
* e.g. login page.
*/
public Principal obtainUser(String pathInContext, HttpRequest request, HttpResponse response) throws HttpException, IOException {
- List scss = constraintMap.getMatches(pathInContext);
- String pattern = null;
- boolean unauthenticated = false;
- boolean forbidden = false;
-
- if (scss != null && scss.size() > 0) {
-
- // for each path match
- // Add only constraints that have the correct method
- // break if the matching pattern changes. This allows only
- // constraints with matching pattern and method to be combined.
- loop:
- for (int m = 0; m < scss.size(); m++) {
- Map.Entry entry = (Map.Entry) scss.get(m);
- Object scs = entry.getValue();
- String p = (String) entry.getKey();
- for (int c = 0; c < LazyList.size(scs); c++) {
- SecurityConstraint sc = (SecurityConstraint) LazyList.get(scs, c);
- if (!sc.forMethod(request.getMethod())) continue;
-
- if (pattern != null && !pattern.equals(p)) break loop;
- pattern = p;
-
- // Check the method applies
- if (!sc.forMethod(request.getMethod())) continue;
-
- // Combine auth constraints.
- if (sc.getAuthenticate()) {
- if (!sc.isAnyRole()) {
- List scr = sc.getRoles();
- if (scr == null || scr.size() == 0) {
- forbidden = true;
- break loop;
- }
- }
- } else {
- unauthenticated = true;
- }
- }
- }
- } else {
- unauthenticated = true;
- }
+ ServletHttpRequest servletHttpRequest = (ServletHttpRequest) request.getWrapper();
+ WebResourcePermission resourcePermission = new WebResourcePermission(servletHttpRequest);
+ WebUserDataPermission dataPermission = new WebUserDataPermission(servletHttpRequest);
+ boolean unauthenticated = !(checked.implies(resourcePermission) || checked.implies(dataPermission));
+ boolean forbidden = excludedPermissions.implies(resourcePermission) || excludedPermissions.implies(dataPermission);
UserRealm realm = getRealm();
Authenticator authenticator = getAuthenticator();
@@ -414,7 +351,7 @@
/**
* Generate the default principal from the security config.
*
- * @param securityConfig The Geronimo security configuration.
+ * @param securityConfig The Geronimo security configuration.
* @param loginDomainName
* @return the default principal
*/
@@ -553,21 +490,15 @@
private void configure() throws GeronimoSecurityException {
try {
- for (Iterator iterator = excludedPermissions.iterator(); iterator.hasNext();) {
- Permission permission = (Permission) iterator.next();
- policyConfiguration.addToExcludedPolicy(permission);
- }
- for (Iterator iterator = uncheckedPermissions.iterator(); iterator.hasNext();) {
- Permission permission = (Permission) iterator.next();
- policyConfiguration.addToUncheckedPolicy(permission);
- }
+ policyConfiguration.addToExcludedPolicy(excludedPermissions);
+ policyConfiguration.addToUncheckedPolicy(uncheckedPermissions);
for (Iterator iterator = rolePermissions.entrySet().iterator(); iterator.hasNext();) {
Map.Entry entry = (Map.Entry) iterator.next();
String roleName = (String) entry.getKey();
Set permissions = (Set) entry.getValue();
for (Iterator iterator1 = permissions.iterator(); iterator1.hasNext();) {
Permission permission = (Permission) iterator1.next();
- policyConfiguration.addToRole(roleName, permission);
+ policyConfiguration.addToRole(roleName, permission);
}
}
} catch (PolicyContextException e) {
@@ -587,11 +518,9 @@
infoBuilder.addAttribute("securityConfig", Security.class, true);
infoBuilder.addAttribute("securityRoles", Set.class, true);
- infoBuilder.addAttribute("uncheckedPermissions", Set.class, true);
- infoBuilder.addAttribute("excludedPermissions", Set.class, true);
+ infoBuilder.addAttribute("uncheckedPermissions", PermissionCollection.class, true);
+ infoBuilder.addAttribute("excludedPermissions", PermissionCollection.class, true);
infoBuilder.addAttribute("rolePermissions", Map.class, true);
- //TODO remove
- infoBuilder.addAttribute("legacySecurityConstraintMap", Map.class, true);
infoBuilder.addAttribute("kernel", Kernel.class, false);
@@ -627,8 +556,6 @@
"uncheckedPermissions",
"excludedPermissions",
"rolePermissions",
- //TODO remove
- "legacySecurityConstraintMap",
"TransactionContextManager",
"TrackedConnectionAssociator",
Modified: geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java?view=diff&rev=111428&p1=geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java&r1=111427&p2=geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java&r2=111428
==============================================================================
--- geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java (original)
+++ geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java Thu Dec 9 12:15:14 2004
@@ -16,37 +16,39 @@
*/
package org.apache.geronimo.jetty;
-import java.util.Map;
-import java.util.HashMap;
+import java.io.File;
+import java.net.URI;
+import java.security.PermissionCollection;
import java.util.Collections;
-import java.util.Set;
+import java.util.HashMap;
import java.util.HashSet;
+import java.util.Map;
import java.util.Properties;
-import java.net.URI;
-import java.io.File;
-
+import java.util.Set;
import javax.management.ObjectName;
import junit.framework.TestCase;
+import org.apache.geronimo.connector.outbound.connectiontracking.ConnectionTrackingCoordinator;
import org.apache.geronimo.gbean.GBeanData;
-import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
import org.apache.geronimo.j2ee.j2eeobjectnames.J2eeContext;
import org.apache.geronimo.j2ee.j2eeobjectnames.J2eeContextImpl;
-import org.apache.geronimo.transaction.OnlineUserTransaction;
-import org.apache.geronimo.transaction.manager.TransactionManagerImpl;
-import org.apache.geronimo.transaction.context.TransactionContextManager;
-import org.apache.geronimo.kernel.management.State;
-import org.apache.geronimo.kernel.Kernel;
+import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
import org.apache.geronimo.jetty.connector.HTTPConnector;
-import org.apache.geronimo.connector.outbound.connectiontracking.ConnectionTrackingCoordinator;
+import org.apache.geronimo.kernel.Kernel;
+import org.apache.geronimo.kernel.management.State;
import org.apache.geronimo.security.SecurityServiceImpl;
import org.apache.geronimo.security.deploy.Security;
-import org.apache.geronimo.security.realm.GenericSecurityRealm;
+import org.apache.geronimo.security.jaas.GeronimoLoginConfiguration;
import org.apache.geronimo.security.jaas.JaasLoginService;
import org.apache.geronimo.security.jaas.LoginModuleGBean;
+import org.apache.geronimo.security.realm.GenericSecurityRealm;
import org.apache.geronimo.system.serverinfo.ServerInfo;
+import org.apache.geronimo.transaction.OnlineUserTransaction;
+import org.apache.geronimo.transaction.context.TransactionContextManager;
+import org.apache.geronimo.transaction.manager.TransactionManagerImpl;
import org.mortbay.jetty.servlet.FormAuthenticator;
+
/**
* @version $Rev: $ $Date: $
*/
@@ -65,6 +67,8 @@
private GBeanData tcm;
private ClassLoader cl;
private J2eeContext moduleContext = new J2eeContextImpl("jetty.test", "test", "null", "jettyTest", null, null);
+ private GBeanData loginConfigurationGBean;
+ protected ObjectName loginConfigurationName;
private GBeanData securityServiceGBean;
protected ObjectName securityServiceName;
private ObjectName loginServiceName;
@@ -76,8 +80,9 @@
private ObjectName serverInfoName;
private GBeanData serverInfoGBean;
- public void testDummy() throws Exception { }
-
+ public void testDummy() throws Exception {
+ }
+
protected void setUpStaticContentServlet() throws Exception {
GBeanData staticContentServletGBeanData = new GBeanData(JettyServletHolder.GBEAN_INFO);
staticContentServletGBeanData.setAttribute("servletName", "default");
@@ -106,10 +111,9 @@
OnlineUserTransaction userTransaction = new OnlineUserTransaction();
app.setAttribute("userTransaction", userTransaction);
//we have no classes or libs.
- app.setAttribute("webClassPath", new URI[] {});
+ app.setAttribute("webClassPath", new URI[]{});
app.setAttribute("contextPriorityClassLoader", Boolean.FALSE);
app.setAttribute("configurationBaseUrl", new File("src/test-resources/deployables/").toURL());
-// app.setAttribute("configurationBaseUrl", Thread.currentThread().getContextClassLoader().getResource("deployables/"));
app.setReferencePattern("TransactionContextManager", tcmName);
app.setReferencePattern("TrackedConnectionAssociator", ctcName);
app.setReferencePattern("JettyContainer", containerName);
@@ -119,15 +123,15 @@
start(app);
}
- protected void setUpSecureAppContext(Security securityConfig, Set uncheckedPermissions, Set excludedPermissions, Map rolePermissions, Set securityRoles, Map legacySecurityConstraintMap) throws Exception {
+ protected void setUpSecureAppContext(Security securityConfig, PermissionCollection uncheckedPermissions, PermissionCollection excludedPermissions, Map rolePermissions, Set securityRoles) throws Exception {
GBeanData app = new GBeanData(webModuleName, JettyWebAppJACCContext.GBEAN_INFO);
- app.setAttribute("loginDomainName", "jaasTest");
+ app.setAttribute("loginDomainName", "demo-properties-realm");
app.setAttribute("securityConfig", securityConfig);
app.setAttribute("uncheckedPermissions", uncheckedPermissions);
app.setAttribute("excludedPermissions", excludedPermissions);
app.setAttribute("rolePermissions", rolePermissions);
app.setAttribute("securityRoles", securityRoles);
- app.setAttribute("legacySecurityConstraintMap", legacySecurityConstraintMap);
+
FormAuthenticator formAuthenticator = new FormAuthenticator();
formAuthenticator.setLoginPage("/auth/logon.html?param=test");
formAuthenticator.setErrorPage("/auth/logonError.html?param=test");
@@ -136,10 +140,11 @@
app.setAttribute("policyContextID", "TEST");
app.setAttribute("uri", URI.create("war3/"));
app.setAttribute("componentContext", null);
+
OnlineUserTransaction userTransaction = new OnlineUserTransaction();
app.setAttribute("userTransaction", userTransaction);
//we have no classes or libs.
- app.setAttribute("webClassPath", new URI[] {});
+ app.setAttribute("webClassPath", new URI[]{});
app.setAttribute("contextPriorityClassLoader", Boolean.FALSE);
app.setAttribute("configurationBaseUrl", new File("src/test-resources/deployables/").toURL());
app.setReferencePattern("TransactionContextManager", tcmName);
@@ -152,6 +157,14 @@
}
protected void setUpSecurity() throws Exception {
+
+ loginConfigurationName = new ObjectName("geronimo.security:type=LoginConfiguration");
+ loginConfigurationGBean = new GBeanData(loginConfigurationName, GeronimoLoginConfiguration.getGBeanInfo());
+ Set configurations = new HashSet();
+ configurations.add(new ObjectName("geronimo.security:type=SecurityRealm,*"));
+ configurations.add(new ObjectName("geronimo.security:type=ConfigurationEntry,*"));
+ loginConfigurationGBean.setReferencePatterns("Configurations", configurations);
+
securityServiceName = new ObjectName("geronimo.security:type=SecurityService");
securityServiceGBean = new GBeanData(securityServiceName, SecurityServiceImpl.GBEAN_INFO);
securityServiceGBean.setReferencePatterns("Realms", Collections.singleton(new ObjectName("geronimo.security:type=SecurityRealm,*")));
@@ -166,17 +179,18 @@
loginServiceGBean.setAttribute("password", "secret");
serverInfoName = new ObjectName("geronimo.system:role=ServerInfo");
- serverInfoGBean = new GBeanData(serverInfoName, ServerInfo.GBEAN_INFO);
- serverInfoGBean.setAttribute("baseDirectory", ".");
+ serverInfoGBean = new GBeanData(serverInfoName, ServerInfo.GBEAN_INFO);
+ serverInfoGBean.setAttribute("baseDirectory", ".");
propertiesLMName = new ObjectName("geronimo.security:type=LoginModule,name=demo-properties-login");
propertiesLMGBean = new GBeanData(propertiesLMName, LoginModuleGBean.GBEAN_INFO);
propertiesLMGBean.setAttribute("loginModuleClass", "org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule");
propertiesLMGBean.setAttribute("serverSide", Boolean.TRUE);
Properties options = new Properties();
- options.setProperty("usersURI", new File(new File("."), "src/test-resources/data/users.properties").toString());
- options.setProperty("groupsURI", new File(new File("."), "src/test-resources/data/groups.properties").toString());
+ options.setProperty("usersURI", "src/test-resources/data/users.properties");
+ options.setProperty("groupsURI", "src/test-resources/data/groups.properties");
propertiesLMGBean.setAttribute("options", options);
+ propertiesLMGBean.setAttribute("loginDomainName", "demo-properties-realm");
propertiesRealmName = new ObjectName("geronimo.security:type=SecurityRealm,realm=demo-properties-realm");
propertiesRealmGBean = new GBeanData(propertiesRealmName, GenericSecurityRealm.GBEAN_INFO);
@@ -188,6 +202,7 @@
// propertiesRealmGBean.setAttribute("autoMapPrincipalClasses", "org.apache.geronimo.security.realm.providers.PropertiesFileGroupPrincipal");
propertiesRealmGBean.setAttribute("defaultPrincipal", "metro=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal");
+ start(loginConfigurationGBean);
start(securityServiceGBean);
start(loginServiceGBean);
start(serverInfoGBean);
@@ -202,12 +217,13 @@
stop(serverInfoName);
stop(loginServiceName);
stop(securityServiceName);
+ stop(loginConfigurationName);
}
private void start(GBeanData gbeanData) throws Exception {
kernel.loadGBean(gbeanData, cl);
kernel.startGBean(gbeanData.getName());
- if (((Integer)kernel.getAttribute(gbeanData.getName(), "state")).intValue() != State.RUNNING_INDEX ) {
+ if (((Integer) kernel.getAttribute(gbeanData.getName(), "state")).intValue() != State.RUNNING_INDEX) {
fail("gbean not started: " + gbeanData.getName());
}
}
Modified: geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java?view=diff&rev=111428&p1=geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java&r1=111427&p2=geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java&r2=111428
==============================================================================
--- geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java (original)
+++ geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java Thu Dec 9 12:15:14 2004
@@ -22,6 +22,8 @@
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;
+import java.security.PermissionCollection;
+import java.security.Permissions;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
@@ -50,7 +52,7 @@
*
* @throws Exception thrown if an error in the test occurs
*/
- public void xtestExplicitMapping() throws Exception {
+ public void testExplicitMapping() throws Exception {
Security securityConfig = new Security();
securityConfig.setUseContextHandler(false);
@@ -75,13 +77,24 @@
securityConfig.getRoleMappings().put(role.getRoleName(), role);
- Set uncheckedPermissions = new HashSet();
- Set excludedPermissions = new HashSet();
+ PermissionCollection uncheckedPermissions = new Permissions();
+
+ PermissionCollection excludedPermissions = new Permissions();
+ excludedPermissions.add(new WebResourcePermission("/auth/login.html", ""));
+ excludedPermissions.add(new WebUserDataPermission("/auth/login.html", ""));
+
Map rolePermissions = new HashMap();
+ Set permissions = new HashSet();
+ permissions.add(new WebUserDataPermission("/protected/*", ""));
+ permissions.add(new WebResourcePermission("/protected/*", ""));
+ rolePermissions.put("content-administrator", permissions);
+ rolePermissions.put("auto-administrator", permissions);
+
Set securityRoles = new HashSet();
- Map legacySecurityConstraintMap = new HashMap();
+ securityRoles.add("content-administrator");
+ securityRoles.add("auto-administrator");
- startWebApp(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions, securityRoles, legacySecurityConstraintMap);
+ startWebApp(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions, securityRoles);
HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:5678/test/protected/hello.txt").openConnection();
connection.setInstanceFollowRedirects(false);
@@ -153,7 +166,7 @@
*
* @throws Exception thrown if an error in the test occurs
*/
- public void xtestAutoMapping() throws Exception {
+ public void testAutoMapping() throws Exception {
Security securityConfig = new Security();
securityConfig.setUseContextHandler(false);
@@ -171,27 +184,24 @@
kernel.getProxyManager().destroyProxy(securityService);
}
- String actions = "GET,POST,PUT,DELETE,HEAD,OPTIONS,TRACE";
- Set uncheckedPermissions = new HashSet();
- uncheckedPermissions.add(new WebUserDataPermission("/protected/*", actions));
- uncheckedPermissions.add(new WebResourcePermission("/:/protected/*:/auth/logon.html", actions));
- uncheckedPermissions.add(new WebUserDataPermission("/:/protected/*:/auth/logon.html", actions));
- Set excludedPermissions = new HashSet();
- excludedPermissions.add(new WebResourcePermission("/auth/login.html", actions));
- excludedPermissions.add(new WebUserDataPermission("/auth/login.html", actions));
+ PermissionCollection uncheckedPermissions = new Permissions();
+
+ PermissionCollection excludedPermissions = new Permissions();
+ excludedPermissions.add(new WebResourcePermission("/auth/login.html", ""));
+ excludedPermissions.add(new WebUserDataPermission("/auth/login.html", ""));
+
Map rolePermissions = new HashMap();
- WebResourcePermission permission = new WebResourcePermission("/protected/*", actions);
- Set permissionSet = new HashSet();
- permissionSet.add(permission);
- rolePermissions.put("content-administrator", permissionSet);
- rolePermissions.put("auto-administrator", permissionSet);
+ Set permissions = new HashSet();
+ permissions.add(new WebUserDataPermission("/protected/*", ""));
+ permissions.add(new WebResourcePermission("/protected/*", ""));
+ rolePermissions.put("content-administrator", permissions);
+ rolePermissions.put("auto-administrator", permissions);
+
Set securityRoles = new HashSet();
securityRoles.add("content-administrator");
securityRoles.add("auto-administrator");
- Map legacySecurityConstraintMap = new HashMap();
-
- startWebApp(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions, securityRoles, legacySecurityConstraintMap);
+ startWebApp(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions, securityRoles);
HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:5678/test/protected/hello.txt").openConnection();
connection.setInstanceFollowRedirects(false);
@@ -264,7 +274,7 @@
*
* @throws Exception thrown if an error in the test occurs
*/
- public void xtestMixedMapping() throws Exception {
+ public void testMixedMapping() throws Exception {
Security securityConfig = new Security();
securityConfig.setUseContextHandler(false);
@@ -303,13 +313,24 @@
securityConfig.append(role);
- Set uncheckedPermissions = new HashSet();
- Set excludedPermissions = new HashSet();
+ PermissionCollection uncheckedPermissions = new Permissions();
+
+ PermissionCollection excludedPermissions = new Permissions();
+ excludedPermissions.add(new WebResourcePermission("/auth/login.html", ""));
+ excludedPermissions.add(new WebUserDataPermission("/auth/login.html", ""));
+
Map rolePermissions = new HashMap();
+ Set permissions = new HashSet();
+ permissions.add(new WebUserDataPermission("/protected/*", ""));
+ permissions.add(new WebResourcePermission("/protected/*", ""));
+ rolePermissions.put("content-administrator", permissions);
+ rolePermissions.put("auto-administrator", permissions);
+
Set securityRoles = new HashSet();
- Map legacySecurityConstraintMap = new HashMap();
+ securityRoles.add("content-administrator");
+ securityRoles.add("auto-administrator");
- startWebApp(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions, securityRoles, legacySecurityConstraintMap);
+ startWebApp(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions, securityRoles);
HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:5678/test/protected/hello.txt").openConnection();
connection.setInstanceFollowRedirects(false);
@@ -373,30 +394,9 @@
stopWebApp();
}
- protected void startWebApp(Security securityConfig, Set uncheckedPermissions, Set excludedPermissions, Map rolePermissions, Set securityRoles, Map legacySecurityConstraintMap) throws Exception {
- setUpSecureAppContext(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions, securityRoles, legacySecurityConstraintMap);
+ protected void startWebApp(Security securityConfig, PermissionCollection uncheckedPermissions, PermissionCollection excludedPermissions, Map rolePermissions, Set securityRoles) throws Exception {
+ setUpSecureAppContext(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions, securityRoles);
setUpStaticContentServlet();
-// GBeanMBean app = new GBeanMBean(JettyWebAppJACCContext.GBEAN_INFO);
-//
-// app.setAttribute("userRealmName", "Test JAAS Realm");
-// app.setAttribute("securityRealmName", "jaasTest");
-// app.setAttribute("uri", URI.create("war3/"));
-// app.setAttribute("componentContext", null);
-// OnlineUserTransaction userTransaction = new OnlineUserTransaction();
-// app.setAttribute("userTransaction", userTransaction);
-// app.setAttribute("webClassPath", new URI[0]);
-// app.setAttribute("contextPriorityClassLoader", Boolean.FALSE);
-// app.setAttribute("configurationBaseUrl", Thread.currentThread().getContextClassLoader().getResource("deployables/"));
-// app.setAttribute("securityConfig", securityConfig);
-// app.setReferencePattern("SecurityService", securityServiceName);
-// app.setAttribute("policyContextID", "TEST");
-//
-// app.setAttribute("contextPath", "/test");
-//
-// app.setReferencePattern("TransactionContextManager", tcmName);
-// app.setReferencePattern("TrackedConnectionAssociator", tcaName);
-// app.setReferencePatterns("JettyContainer", containerPatterns);
-//
// start(appName, app);
}