You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by dj...@apache.org on 2006/08/15 23:19:29 UTC
svn commit: r431706 - in /geronimo/trunk/modules:
client/src/java/org/apache/geronimo/client/
connector/src/test/org/apache/geronimo/connector/outbound/
jetty-builder/src/java/org/apache/geronimo/jetty/deployment/
jetty/src/java/org/apache/geronimo/jet...
Author: djencks
Date: Tue Aug 15 14:19:27 2006
New Revision: 431706
URL: http://svn.apache.org/viewvc?rev=431706&view=rev
Log:
GERONIMO-2313 Track the caller and run-as identities in one place so they both always get set
Added:
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/Callers.java (with props)
Modified:
geronimo/trunk/modules/client/src/java/org/apache/geronimo/client/AppClientContainer.java
geronimo/trunk/modules/connector/src/test/org/apache/geronimo/connector/outbound/ConnectionManagerTestUtils.java
geronimo/trunk/modules/connector/src/test/org/apache/geronimo/connector/outbound/SubjectInterceptorTest.java
geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java
geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/InternalJAASJettyRealm.java
geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyPrincipal.java
geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainerImpl.java
geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyDefaultServletHolder.java
geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyEJBWebServiceContext.java
geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyServletHolder.java
geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java
geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebApplicationHandler.java
geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java
geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java
geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/ApplicationTest.java
geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/ContainerTest.java
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/ContextManager.java
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/ApplicationPolicyConfigurationManager.java
geronimo/trunk/modules/tomcat-builder/pom.xml
geronimo/trunk/modules/tomcat-builder/src/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilder.java
geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java
geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatWebAppContext.java
geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/interceptor/PolicyContextBeforeAfter.java
geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java
geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/valve/DefaultSubjectValve.java
geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java
geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/ApplicationTest.java
Modified: geronimo/trunk/modules/client/src/java/org/apache/geronimo/client/AppClientContainer.java
URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/client/src/java/org/apache/geronimo/client/AppClientContainer.java?rev=431706&r1=431705&r2=431706&view=diff
==============================================================================
--- geronimo/trunk/modules/client/src/java/org/apache/geronimo/client/AppClientContainer.java (original)
+++ geronimo/trunk/modules/client/src/java/org/apache/geronimo/client/AppClientContainer.java Tue Aug 15 14:19:27 2006
@@ -32,6 +32,7 @@
import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
import org.apache.geronimo.kernel.Kernel;
import org.apache.geronimo.security.ContextManager;
+import org.apache.geronimo.security.Callers;
import org.apache.geronimo.security.deploy.DefaultPrincipal;
import org.apache.geronimo.security.util.ConfigurationUtil;
@@ -107,7 +108,7 @@
Thread thread = Thread.currentThread();
ClassLoader oldClassLoader = thread.getContextClassLoader();
- Subject oldCurrentCaller = ContextManager.getCurrentCaller();
+ Callers oldCallers = ContextManager.getCallers();
Subject clientSubject = defaultSubject;
LoginContext loginContext = null;
try {
@@ -130,7 +131,7 @@
}
clientSubject = loginContext.getSubject();
}
- ContextManager.setCurrentCaller(clientSubject);
+ ContextManager.setCallers(clientSubject, clientSubject);
jndiContext.startClient(appClientModuleName, kernel, classLoader);
if (clientSubject == null) {
mainMethod.invoke(null, new Object[]{args});
@@ -163,7 +164,7 @@
jndiContext.stopClient(appClientModuleName);
thread.setContextClassLoader(oldClassLoader);
- ContextManager.setCurrentCaller(oldCurrentCaller);
+ ContextManager.popCallers(oldCallers);
}
}
Modified: geronimo/trunk/modules/connector/src/test/org/apache/geronimo/connector/outbound/ConnectionManagerTestUtils.java
URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/connector/src/test/org/apache/geronimo/connector/outbound/ConnectionManagerTestUtils.java?rev=431706&r1=431705&r2=431706&view=diff
==============================================================================
--- geronimo/trunk/modules/connector/src/test/org/apache/geronimo/connector/outbound/ConnectionManagerTestUtils.java (original)
+++ geronimo/trunk/modules/connector/src/test/org/apache/geronimo/connector/outbound/ConnectionManagerTestUtils.java Tue Aug 15 14:19:27 2006
@@ -98,7 +98,7 @@
mockManagedConnectionFactory = new MockManagedConnectionFactory();
subject = new Subject();
- ContextManager.setCurrentCaller(subject);
+ ContextManager.setCallers(subject, subject);
connectionManagerDeployment = new GenericConnectionManager(
transactionSupport,
poolingSupport,
Modified: geronimo/trunk/modules/connector/src/test/org/apache/geronimo/connector/outbound/SubjectInterceptorTest.java
URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/connector/src/test/org/apache/geronimo/connector/outbound/SubjectInterceptorTest.java?rev=431706&r1=431705&r2=431706&view=diff
==============================================================================
--- geronimo/trunk/modules/connector/src/test/org/apache/geronimo/connector/outbound/SubjectInterceptorTest.java (original)
+++ geronimo/trunk/modules/connector/src/test/org/apache/geronimo/connector/outbound/SubjectInterceptorTest.java Tue Aug 15 14:19:27 2006
@@ -44,7 +44,7 @@
public void testGetConnection() throws Exception {
subject = new Subject();
- ContextManager.setCurrentCaller(subject);
+ ContextManager.setCallers(subject, subject);
ConnectionInfo connectionInfo = makeConnectionInfo();
ManagedConnectionInfo managedConnectionInfo = connectionInfo.getManagedConnectionInfo();
subjectInterceptor.getConnection(connectionInfo);
@@ -73,14 +73,14 @@
public void testEnterWithChangedSubject() throws Exception {
makeSubject("foo");
- ContextManager.setCurrentCaller(subject);
+ ContextManager.setCallers(subject, subject);
ConnectionInfo connectionInfo = makeConnectionInfo();
managedConnection = new TestPlainManagedConnection();
subjectInterceptor.getConnection(connectionInfo);
//reset our test indicator
obtainedConnectionInfo = null;
makeSubject("bar");
- ContextManager.setCurrentCaller(subject);
+ ContextManager.setCallers(subject, subject);
subjectInterceptor.getConnection(connectionInfo);
//expect re-association
assertTrue("Expected connection asked for", obtainedConnectionInfo != null);
@@ -103,7 +103,7 @@
public void testUnshareablePreventsReAssociation() throws Exception {
makeSubject("foo");
- ContextManager.setCurrentCaller(subject);
+ ContextManager.setCallers(subject, subject);
ConnectionInfo connectionInfo = makeConnectionInfo();
connectionInfo.setUnshareable(true);
managedConnection = new TestPlainManagedConnection();
@@ -111,7 +111,7 @@
//reset our test indicator
obtainedConnectionInfo = null;
makeSubject("bar");
- ContextManager.setCurrentCaller(subject);
+ ContextManager.setCallers(subject, subject);
try {
subjectInterceptor.getConnection(connectionInfo);
fail("Reassociating should fail on an unshareable connection");
Modified: geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java
URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java?rev=431706&r1=431705&r2=431706&view=diff
==============================================================================
--- geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java (original)
+++ geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java Tue Aug 15 14:19:27 2006
@@ -728,8 +728,6 @@
earContext.addSecurityContext(policyContextID, componentPermissions);
DefaultPrincipal defaultPrincipal = earContext.getSecurityConfiguration().getDefaultPrincipal();
webModuleData.setAttribute("defaultPrincipal", defaultPrincipal);
-
- webModuleData.setReferencePattern("RoleDesignateSource", earContext.getJaccManagerName());
}
if (!module.isStandAlone()) {
ConfigurationData moduleConfigurationData = moduleContext.getConfigurationData();
Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/InternalJAASJettyRealm.java
URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/InternalJAASJettyRealm.java?rev=431706&r1=431705&r2=431706&view=diff
==============================================================================
--- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/InternalJAASJettyRealm.java (original)
+++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/InternalJAASJettyRealm.java Tue Aug 15 14:19:27 2006
@@ -93,7 +93,8 @@
callbackHandler.clear();
Subject subject = ContextManager.getServerSideSubject(loginContext.getSubject());
- ContextManager.setCurrentCaller(subject);
+ //TODO use the run-as subject as nextCaller
+ ContextManager.setCallers(subject, subject);
//login success
userPrincipal = new JAASJettyPrincipal(username);
@@ -124,7 +125,8 @@
public boolean reauthenticate(Principal user) {
// TODO This is not correct if auth can expire! We need to
- ContextManager.setCurrentCaller(((JAASJettyPrincipal) user).getSubject());
+ Subject subject = ((JAASJettyPrincipal) user).getSubject();
+ ContextManager.setCallers(subject, subject);
// get the user out of the cache
return (userMap.get(user.getName()) != null);
@@ -154,13 +156,11 @@
}
public Principal pushRole(Principal user, String role) {
- ((JAASJettyPrincipal) user).push(ContextManager.getCurrentCaller());
- ContextManager.setCurrentCaller(SecurityContextBeforeAfter.getCurrentRoleDesignate(role));
+ //handled by JettyServletHolder and its runAsSubject
return user;
}
public Principal popRole(Principal user) {
- ContextManager.setCurrentCaller(((JAASJettyPrincipal) user).pop());
return user;
}
Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyPrincipal.java
URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyPrincipal.java?rev=431706&r1=431705&r2=431706&view=diff
==============================================================================
--- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyPrincipal.java (original)
+++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyPrincipal.java Tue Aug 15 14:19:27 2006
@@ -27,7 +27,6 @@
public class JAASJettyPrincipal implements Principal {
private final String name;
private Subject subject;
- private final Stack stack = new Stack();
public JAASJettyPrincipal(String name) {
this.name = name;
@@ -44,12 +43,5 @@
public void setSubject(Subject subject) {
this.subject = subject;
}
-
- void push(Subject roleDesignate) {
- stack.push(roleDesignate);
- }
-
- Subject pop() {
- return (Subject) stack.pop();
- }
+
}
Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainerImpl.java
URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainerImpl.java?rev=431706&r1=431705&r2=431706&view=diff
==============================================================================
--- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainerImpl.java (original)
+++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainerImpl.java Tue Aug 15 14:19:27 2006
@@ -185,7 +185,7 @@
addContext(webServiceContext);
webServiceContext.start();
webServices.put(contextPath, webServiceContext);
- }
+ }
public void removeWebService(String contextPath) {
JettyEJBWebServiceContext webServiceContext = (JettyEJBWebServiceContext) webServices.remove(contextPath);
Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyDefaultServletHolder.java
URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyDefaultServletHolder.java?rev=431706&r1=431705&r2=431706&view=diff
==============================================================================
--- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyDefaultServletHolder.java (original)
+++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyDefaultServletHolder.java Tue Aug 15 14:19:27 2006
@@ -20,6 +20,8 @@
import java.util.Map;
import java.util.Set;
+import javax.security.auth.Subject;
+
import org.apache.geronimo.gbean.GBeanInfo;
import org.apache.geronimo.gbean.GBeanInfoBuilder;
import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
@@ -33,8 +35,8 @@
public JettyDefaultServletHolder() {
}
- public JettyDefaultServletHolder(String objectName, String servletName, String servletClassName, String jspFile, Map initParams, Integer loadOnStartup, Set servletMappings, Map webRoleRefPermissions, String runAsRole, ServletHolder previous, JettyServletRegistration context) throws Exception {
- super(objectName, servletName, servletClassName, jspFile, initParams, loadOnStartup, servletMappings, webRoleRefPermissions, runAsRole, previous, context);
+ public JettyDefaultServletHolder(String objectName, String servletName, String servletClassName, String jspFile, Map initParams, Integer loadOnStartup, Set servletMappings, Subject runAsSubject, ServletHolder previous, JettyServletRegistration context) throws Exception {
+ super(objectName, servletName, servletClassName, jspFile, initParams, loadOnStartup, servletMappings, runAsSubject, previous, context);
}
public static final GBeanInfo GBEAN_INFO;
Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyEJBWebServiceContext.java
URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyEJBWebServiceContext.java?rev=431706&r1=431705&r2=431706&view=diff
==============================================================================
--- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyEJBWebServiceContext.java (original)
+++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyEJBWebServiceContext.java Tue Aug 15 14:19:27 2006
@@ -24,8 +24,6 @@
import java.util.HashMap;
import java.util.Map;
-import javax.security.auth.Subject;
-
import org.apache.geronimo.security.ContextManager;
import org.apache.geronimo.webservices.WebServiceContainer;
import org.mortbay.http.Authenticator;
@@ -154,7 +152,7 @@
ClassLoader oldClassLoader = currentThread.getContextClassLoader();
currentThread.setContextClassLoader(classLoader);
//hard to imagine this could be anything but null, but....
- Subject oldSubject = ContextManager.getCurrentCaller();
+// Subject oldSubject = ContextManager.getCurrentCaller();
try {
if (authenticator != null) {
String pathInContext = org.mortbay.util.URI.canonicalPath(req.getPath());
@@ -165,7 +163,7 @@
//EJB will figure out correct defaultSubject shortly
//TODO consider replacing the GenericEJBContainer.DefaultSubjectInterceptor with this line
//setting the defaultSubject.
- ContextManager.setCurrentCaller(null);
+ ContextManager.popCallers(null);
}
try {
webServiceContainer.invoke(request, response);
@@ -176,7 +174,7 @@
throw (HttpException) new HttpException(500, "Could not process message!").initCause(e);
}
} finally {
- ContextManager.setCurrentCaller(oldSubject);
+// ContextManager.setCurrentCaller(oldSubject);
currentThread.setContextClassLoader(oldClassLoader);
}
}
Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyServletHolder.java
URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyServletHolder.java?rev=431706&r1=431705&r2=431706&view=diff
==============================================================================
--- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyServletHolder.java (original)
+++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyServletHolder.java Tue Aug 15 14:19:27 2006
@@ -19,15 +19,19 @@
import java.io.IOException;
import java.util.Map;
import java.util.Set;
+
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.UnavailableException;
+import javax.security.auth.Subject;
import org.apache.geronimo.gbean.GBeanInfo;
import org.apache.geronimo.gbean.GBeanInfoBuilder;
import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
import org.apache.geronimo.management.Servlet;
+import org.apache.geronimo.security.ContextManager;
+import org.apache.geronimo.security.Callers;
import org.mortbay.jetty.servlet.ServletHolder;
@@ -36,33 +40,34 @@
* This ServletHolder's sole purpose is to provide the thread's current
* ServletHolder for realms that are interested in the current servlet, e.g.
* current servlet name.
- *
+ * <p/>
* It is also being our servlet gbean for now. We could gbean-ize the superclass to avoid the thread local access.
*
* @version $Rev$ $Date$
- * @see org.apache.geronimo.jetty.JAASJettyRealm#isUserInRole(java.security.Principal, java.lang.String)
+ * @see JAASJettyRealm#isUserInRole(java.security.Principal, String)
*/
public class JettyServletHolder extends ServletHolder implements Servlet {
private static final ThreadLocal currentServletName = new ThreadLocal();
+ private final Subject runAsSubject;
private final String objectName;
//todo consider interface instead of this constructor for endpoint use.
public JettyServletHolder() {
this.objectName = null;
+ this.runAsSubject = null;
}
public JettyServletHolder(String objectName,
- String servletName,
- String servletClassName,
- String jspFile,
- Map initParams,
- Integer loadOnStartup,
- Set servletMappings,
- Map webRoleRefPermissions,
- String runAsRole,
- ServletHolder previous, //dependency for startup ordering
- JettyServletRegistration context) throws Exception {
- super(context == null? null: context.getServletHandler(), servletName, servletClassName, jspFile);
+ String servletName,
+ String servletClassName,
+ String jspFile,
+ Map initParams,
+ Integer loadOnStartup,
+ Set servletMappings,
+ Subject runAsSubject,
+ ServletHolder previous, //dependency for startup ordering
+ JettyServletRegistration context) throws Exception {
+ super(context == null ? null : context.getServletHandler(), servletName, servletClassName, jspFile);
//context will be null only for use as "default servlet info holder" in deployer.
if (context != null) {
@@ -74,7 +79,7 @@
//this now starts the servlet in the appropriate context
context.registerServletHolder(this, servletName, servletMappings, objectName);
}
- setRunAs(runAsRole);
+ this.runAsSubject = runAsSubject;
this.objectName = objectName;
}
@@ -85,6 +90,8 @@
return getName();
}
+ //TODO probably need to override init and destroy (?) to handle runAsSubject since we are not setting it in the superclass any more.
+
/**
* Service a request with this servlet. Set the ThreadLocal to hold the
* current JettyServletHolder.
@@ -93,8 +100,16 @@
throws ServletException, UnavailableException, IOException {
setCurrentServletName(getServletName());
-
- super.handle(request, response);
+ if (runAsSubject == null) {
+ super.handle(request, response);
+ } else {
+ Callers oldCallers = ContextManager.pushNextCaller(runAsSubject);
+ try {
+ super.handle(request, response);
+ } finally {
+ ContextManager.popCallers(oldCallers);
+ }
+ }
}
/**
@@ -140,25 +155,23 @@
infoBuilder.addAttribute("initParams", Map.class, true);
infoBuilder.addAttribute("loadOnStartup", Integer.class, true);
infoBuilder.addAttribute("servletMappings", Set.class, true);
- infoBuilder.addAttribute("webRoleRefPermissions", Map.class, true);
- infoBuilder.addAttribute("runAsRole", String.class, true);
+ infoBuilder.addAttribute("runAsSubject", Subject.class, true);
infoBuilder.addAttribute("objectName", String.class, false);
infoBuilder.addInterface(Servlet.class);
infoBuilder.addReference("Previous", ServletHolder.class, NameFactory.SERVLET);
infoBuilder.addReference("JettyServletRegistration", JettyServletRegistration.class, NameFactory.WEB_MODULE);
- infoBuilder.setConstructor(new String[] {"objectName",
- "servletName",
- "servletClass",
- "jspFile",
- "initParams",
- "loadOnStartup",
- "servletMappings",
- "webRoleRefPermissions",
- "runAsRole",
- "Previous",
- "JettyServletRegistration"});
+ infoBuilder.setConstructor(new String[]{"objectName",
+ "servletName",
+ "servletClass",
+ "jspFile",
+ "initParams",
+ "loadOnStartup",
+ "servletMappings",
+ "runAsSubject",
+ "Previous",
+ "JettyServletRegistration"});
GBEAN_INFO = infoBuilder.getBeanInfo();
}
Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java
URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java?rev=431706&r1=431705&r2=431706&view=diff
==============================================================================
--- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java (original)
+++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java Tue Aug 15 14:19:27 2006
@@ -197,7 +197,6 @@
TransactionManager transactionManager,
TrackedConnectionAssociator trackedConnectionAssociator,
JettyContainer jettyContainer,
- RoleDesignateSource roleDesignateSource,
J2EEServer server,
J2EEApplication application,
Kernel kernel) throws Exception, IllegalAccessException, InstantiationException, ClassNotFoundException {
@@ -262,15 +261,11 @@
//JACC
if (securityRealmName != null) {
- if (roleDesignateSource == null) {
- throw new IllegalArgumentException("RoleDesignateSource must be supplied for a secure web app");
- }
- Map roleDesignates = roleDesignateSource.getRoleDesignateMap();
InternalJAASJettyRealm internalJAASJettyRealm = jettyContainer.addRealm(securityRealmName);
//wrap jetty realm with something that knows the dumb realmName
JAASJettyRealm realm = new JAASJettyRealm(realmName, internalJAASJettyRealm);
setRealm(realm);
- this.securityInterceptor = new SecurityContextBeforeAfter(interceptor, index++, index++, policyContextID, defaultPrincipal, authenticator, checkedPermissions, excludedPermissions, roleDesignates, realm, classLoader);
+ this.securityInterceptor = new SecurityContextBeforeAfter(interceptor, index++, index++, policyContextID, defaultPrincipal, authenticator, checkedPermissions, excludedPermissions, realm, classLoader);
interceptor = this.securityInterceptor;
} else {
securityInterceptor = null;
@@ -629,7 +624,6 @@
infoBuilder.addReference("TransactionManager", TransactionManager.class, NameFactory.TRANSACTION_MANAGER);
infoBuilder.addReference("TrackedConnectionAssociator", TrackedConnectionAssociator.class, NameFactory.JCA_CONNECTION_TRACKER);
infoBuilder.addReference("JettyContainer", JettyContainer.class, NameFactory.GERONIMO_SERVICE);
- infoBuilder.addReference("RoleDesignateSource", RoleDesignateSource.class, NameFactory.JACC_MANAGER);
infoBuilder.addInterface(JettyServletRegistration.class);
@@ -686,7 +680,6 @@
"TransactionManager",
"TrackedConnectionAssociator",
"JettyContainer",
- "RoleDesignateSource",
"J2EEServer",
"J2EEApplication",
Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebApplicationHandler.java
URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebApplicationHandler.java?rev=431706&r1=431705&r2=431706&view=diff
==============================================================================
--- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebApplicationHandler.java (original)
+++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebApplicationHandler.java Tue Aug 15 14:19:27 2006
@@ -28,6 +28,7 @@
import org.mortbay.jetty.servlet.WebApplicationHandler;
import org.mortbay.jetty.servlet.ServletHolder;
import org.apache.geronimo.security.ContextManager;
+import org.apache.geronimo.security.Callers;
/**
* @version $Rev$ $Date$
@@ -53,11 +54,11 @@
int type)
throws ServletException, UnavailableException, IOException
{
- Subject currentCaller = ContextManager.getCurrentCaller();
+ Callers oldCallers = ContextManager.getCallers();
try {
super.dispatch(pathInContext, request, response, servletHolder, type);
} finally {
- ContextManager.setCurrentCaller(currentCaller);
+ ContextManager.popCallers(oldCallers);
}
}
Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java
URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java?rev=431706&r1=431705&r2=431706&view=diff
==============================================================================
--- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java (original)
+++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java Tue Aug 15 14:19:27 2006
@@ -16,31 +16,35 @@
*/
package org.apache.geronimo.jetty.interceptor;
+import java.io.IOException;
+import java.security.AccessControlContext;
+import java.security.AccessControlException;
+import java.security.PermissionCollection;
+import java.security.Principal;
+
+import javax.security.auth.Subject;
+import javax.security.jacc.PolicyContext;
+import javax.security.jacc.WebResourcePermission;
+import javax.security.jacc.WebUserDataPermission;
+
import org.apache.geronimo.common.DeploymentException;
import org.apache.geronimo.common.GeronimoSecurityException;
import org.apache.geronimo.jetty.JAASJettyPrincipal;
-import org.apache.geronimo.jetty.JettyContainer;
import org.apache.geronimo.jetty.JAASJettyRealm;
+import org.apache.geronimo.jetty.JettyContainer;
import org.apache.geronimo.security.ContextManager;
import org.apache.geronimo.security.IdentificationPrincipal;
import org.apache.geronimo.security.SubjectId;
import org.apache.geronimo.security.deploy.DefaultPrincipal;
import org.apache.geronimo.security.util.ConfigurationUtil;
-import org.mortbay.http.*;
+import org.mortbay.http.Authenticator;
+import org.mortbay.http.HttpException;
+import org.mortbay.http.HttpRequest;
+import org.mortbay.http.HttpResponse;
+import org.mortbay.http.SecurityConstraint;
import org.mortbay.jetty.servlet.FormAuthenticator;
import org.mortbay.jetty.servlet.ServletHttpRequest;
-import javax.security.auth.Subject;
-import javax.security.jacc.PolicyContext;
-import javax.security.jacc.WebResourcePermission;
-import javax.security.jacc.WebUserDataPermission;
-import java.io.IOException;
-import java.security.AccessControlContext;
-import java.security.AccessControlException;
-import java.security.PermissionCollection;
-import java.security.Principal;
-import java.util.Map;
-
/**
* @version $Rev$ $Date$
@@ -52,7 +56,6 @@
private final int webAppContextIndex;
private final String policyContextID;
private final static ThreadLocal currentWebAppContext = new ThreadLocal();
- private final Map roleDesignates;
private final JAASJettyPrincipal defaultPrincipal;
private final String formLoginPath;
@@ -71,7 +74,6 @@
Authenticator authenticator,
PermissionCollection checkedPermissions,
PermissionCollection excludedPermissions,
- Map roleDesignates,
JAASJettyRealm realm,
ClassLoader classLoader) {
assert realm != null;
@@ -83,7 +85,6 @@
this.policyContextID = policyContextID;
this.defaultPrincipal = generateDefaultPrincipal(defaultPrincipal, classLoader);
- this.roleDesignates = roleDesignates;
this.checked = checkedPermissions;
this.excludedPermissions = excludedPermissions;
@@ -153,14 +154,6 @@
return (SecurityContextBeforeAfter) currentWebAppContext.get();
}
- public static Subject getCurrentRoleDesignate(String role) {
- return getCurrentSecurityInterceptor().getRoleDesignate(role);
- }
-
- private Subject getRoleDesignate(String roleName) {
- return (Subject) roleDesignates.get(roleName);
- }
-
//security check methods, delegated from WebAppContext
/**
@@ -269,7 +262,8 @@
/**
* No authentication is required. Return the defaultPrincipal.
*/
- ContextManager.setCurrentCaller(defaultPrincipal.getSubject());
+ //TODO use run-as as nextCaller if present
+ ContextManager.setCallers(defaultPrincipal.getSubject(), defaultPrincipal.getSubject());
return defaultPrincipal;
}
Modified: geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java
URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java?rev=431706&r1=431705&r2=431706&view=diff
==============================================================================
--- geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java (original)
+++ geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java Tue Aug 15 14:19:27 2006
@@ -16,8 +16,18 @@
*/
package org.apache.geronimo.jetty;
-import junit.framework.TestCase;
+import java.io.File;
+import java.net.URL;
+import java.security.PermissionCollection;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Properties;
+import java.util.Set;
+
+import javax.transaction.TransactionManager;
+import junit.framework.TestCase;
import org.apache.geronimo.connector.outbound.connectiontracking.ConnectionTrackingCoordinator;
import org.apache.geronimo.connector.outbound.connectiontracking.GeronimoTransactionListener;
import org.apache.geronimo.jetty.connector.HTTPConnector;
@@ -29,9 +39,8 @@
import org.apache.geronimo.security.jaas.LoginModuleGBean;
import org.apache.geronimo.security.jaas.server.JaasLoginService;
import org.apache.geronimo.security.jacc.ApplicationPolicyConfigurationManager;
-import org.apache.geronimo.security.jacc.ComponentPermissions;
-import org.apache.geronimo.security.jacc.RoleDesignateSource;
import org.apache.geronimo.security.jacc.ApplicationPrincipalRoleConfigurationManager;
+import org.apache.geronimo.security.jacc.ComponentPermissions;
import org.apache.geronimo.security.jacc.PrincipalRoleMapper;
import org.apache.geronimo.security.realm.GenericSecurityRealm;
import org.apache.geronimo.system.serverinfo.BasicServerInfo;
@@ -40,22 +49,12 @@
import org.mortbay.http.Authenticator;
import org.mortbay.jetty.servlet.FormAuthenticator;
-import java.io.File;
-import java.net.URL;
-import java.security.PermissionCollection;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Properties;
-import java.util.Set;
-import javax.transaction.TransactionManager;
-
/**
* @version $Rev$ $Date$
*/
public class AbstractWebModuleTest extends TestCase {
- private File basedir = new File(System.getProperty("basedir"));
+ private File basedir = new File(System.getProperty("basedir", "."));
protected ClassLoader cl;
protected final static String securityRealmName = "demo-properties-realm";
@@ -84,12 +83,11 @@
Collections.singleton("/"),
null,
null,
- null,
webModule);
}
- protected JettyWebAppContext setUpAppContext(String realmName, String securityRealmName, Authenticator authenticator, String policyContextId, RoleDesignateSource roleDesignateSource, PermissionCollection excludedPermissions, DefaultPrincipal defaultPrincipal, PermissionCollection checkedPermissions, String uriString) throws Exception {
+ protected JettyWebAppContext setUpAppContext(String realmName, String securityRealmName, Authenticator authenticator, String policyContextId, PermissionCollection excludedPermissions, DefaultPrincipal defaultPrincipal, PermissionCollection checkedPermissions, String uriString) throws Exception {
JettyWebAppContext app = new JettyWebAppContext(null,
null,
@@ -120,7 +118,6 @@
transactionManager,
connectionTrackingCoordinator,
container,
- roleDesignateSource,
null,
null,
null);
@@ -144,7 +141,6 @@
"demo-properties-realm",
formAuthenticator,
policyContextId,
- jacc,
componentPermissions.getExcludedPermissions(),
defaultPrincipal,
checked, "war3/");
Modified: geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/ApplicationTest.java
URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/ApplicationTest.java?rev=431706&r1=431705&r2=431706&view=diff
==============================================================================
--- geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/ApplicationTest.java (original)
+++ geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/ApplicationTest.java Tue Aug 15 14:19:27 2006
@@ -28,7 +28,7 @@
public class ApplicationTest extends AbstractWebModuleTest {
public void testApplication() throws Exception {
- JettyWebAppContext app = setUpAppContext(null, null, null, null, null, null, null, null, "war1/");
+ JettyWebAppContext app = setUpAppContext(null, null, null, null, null, null, null, "war1/");
setUpStaticContentServlet(app);
Modified: geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/ContainerTest.java
URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/ContainerTest.java?rev=431706&r1=431705&r2=431706&view=diff
==============================================================================
--- geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/ContainerTest.java (original)
+++ geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/ContainerTest.java Tue Aug 15 14:19:27 2006
@@ -17,22 +17,12 @@
package org.apache.geronimo.jetty;
-import java.net.HttpURLConnection;
-import java.net.URL;
-import java.util.HashSet;
-import java.util.Set;
import java.io.BufferedReader;
import java.io.InputStreamReader;
-import javax.management.ObjectName;
+import java.net.HttpURLConnection;
+import java.net.URL;
-import junit.framework.TestCase;
-import org.apache.geronimo.gbean.GBeanData;
-import org.apache.geronimo.jetty.connector.HTTPConnector;
import org.apache.geronimo.jetty.app.MockWebServiceContainer;
-import org.apache.geronimo.kernel.KernelFactory;
-import org.apache.geronimo.kernel.Kernel;
-import org.apache.geronimo.kernel.management.State;
-import org.apache.geronimo.webservices.WebServiceContainer;
/**
* @version $Rev$ $Date$
Added: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/Callers.java
URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/Callers.java?rev=431706&view=auto
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/Callers.java (added)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/Callers.java Tue Aug 15 14:19:27 2006
@@ -0,0 +1,42 @@
+/**
+ *
+ * Copyright 2006 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.geronimo.security;
+
+import javax.security.auth.Subject;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public class Callers {
+
+ private final Subject currentCaller;
+ private final Subject nextCaller;
+
+ public Callers(Subject currentCaller, Subject nextCaller) {
+ this.currentCaller = currentCaller;
+ this.nextCaller = nextCaller;
+ }
+
+ public Subject getCurrentCaller() {
+ return currentCaller;
+ }
+
+ public Subject getNextCaller() {
+ return nextCaller;
+ }
+}
Propchange: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/Callers.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/Callers.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/Callers.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/ContextManager.java
URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/ContextManager.java?rev=431706&r1=431705&r2=431706&view=diff
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/ContextManager.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/ContextManager.java Tue Aug 15 14:19:27 2006
@@ -43,8 +43,7 @@
*/
public class ContextManager {
private static ThreadLocal currentCallerId = new ThreadLocal();
- private static ThreadLocal currentCaller = new ThreadLocal();
- private static ThreadLocal nextCaller = new ThreadLocal();
+ private static final ThreadLocal callers = new ThreadLocal();
private static Map subjectContexts = new IdentityHashMap();
private static Map subjectIds = new Hashtable();
private static long nextSubjectId = System.currentTimeMillis();
@@ -90,39 +89,65 @@
return (Serializable) currentCallerId.get();
}
- public static void setNextCaller(Subject subject) {
+ public static void setCallers(Subject currentCaller, Subject nextCaller) {
SecurityManager sm = System.getSecurityManager();
if (sm != null) sm.checkPermission(SET_CONTEXT);
+ assert currentCaller != null;
+ assert nextCaller != null;
+ Callers newCallers = new Callers(currentCaller, nextCaller);
+ callers.set(newCallers);
+ }
- nextCaller.set(subject);
+ public static void clearCallers() {
+ callers.set(null);
}
- public static Subject getNextCaller() {
+ public static Callers getCallers() {
SecurityManager sm = System.getSecurityManager();
if (sm != null) sm.checkPermission(GET_CONTEXT);
+ return (Callers) callers.get();
+ }
- return (Subject) nextCaller.get();
+ public static Callers setNextCaller(Subject nextCaller) {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null) sm.checkPermission(SET_CONTEXT);
+ assert nextCaller != null;
+ Callers oldCallers = (Callers) callers.get();
+ Callers newCallers = new Callers(oldCallers.getNextCaller(), nextCaller);
+ callers.set(newCallers);
+ return oldCallers;
}
- public static void setCurrentCaller(Subject subject) {
+ public static Callers pushNextCaller(Subject nextCaller) {
SecurityManager sm = System.getSecurityManager();
if (sm != null) sm.checkPermission(SET_CONTEXT);
+ Callers oldCallers = (Callers) callers.get();
+ Subject oldNextCaller = oldCallers == null? null: oldCallers.getNextCaller();
+ Subject newNextCaller = nextCaller == null? oldNextCaller : nextCaller;
+ Callers newCallers = new Callers(oldNextCaller, newNextCaller);
+ callers.set(newCallers);
+ return oldCallers;
+ }
- currentCaller.set(subject);
+ public static void popCallers(Callers oldCallers) {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null) sm.checkPermission(SET_CONTEXT);
+ callers.set(oldCallers);
}
public static Subject getCurrentCaller() {
SecurityManager sm = System.getSecurityManager();
if (sm != null) sm.checkPermission(GET_CONTEXT);
- return (Subject) currentCaller.get();
+ Callers callers = (Callers) ContextManager.callers.get();
+ return callers == null? null: callers.getCurrentCaller();
}
public static AccessControlContext getCurrentContext() {
SecurityManager sm = System.getSecurityManager();
if (sm != null) sm.checkPermission(GET_CONTEXT);
- Subject currentSubject = (Subject) currentCaller.get();
+ Subject currentSubject = ((Callers) callers.get()).getCurrentCaller();
assert currentSubject != null : "No current caller";
Context context = (Context) subjectContexts.get(currentSubject);
@@ -153,7 +178,8 @@
SecurityManager sm = System.getSecurityManager();
if (sm != null) sm.checkPermission(GET_CONTEXT);
- Context context = (Context) subjectContexts.get(currentCaller.get());
+ Subject currentSubject = ((Callers) callers.get()).getCurrentCaller();
+ Context context = (Context) subjectContexts.get(currentSubject);
assert context != null : "No registered context";
@@ -174,10 +200,10 @@
if (role == null) throw new IllegalArgumentException("Role must not be null");
try {
- Object caller = currentCaller.get();
- if (caller == null) return false;
+ Subject currentSubject = ((Callers) callers.get()).getCurrentCaller();
+ if (currentSubject == null) return false;
- Context context = (Context) subjectContexts.get(currentCaller.get());
+ Context context = (Context) subjectContexts.get(currentSubject);
assert context != null : "No registered context";
Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/ApplicationPolicyConfigurationManager.java
URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/ApplicationPolicyConfigurationManager.java?rev=431706&r1=431705&r2=431706&view=diff
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/ApplicationPolicyConfigurationManager.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/ApplicationPolicyConfigurationManager.java Tue Aug 15 14:19:27 2006
@@ -39,7 +39,7 @@
/**
* @version $Rev$ $Date$
*/
-public class ApplicationPolicyConfigurationManager implements GBeanLifecycle, RoleDesignateSource {
+public class ApplicationPolicyConfigurationManager implements GBeanLifecycle {
private final Map contextIdToPolicyConfigurationMap = new HashMap();
private final Map roleDesignates;
@@ -138,10 +138,6 @@
}
- public Map getRoleDesignateMap() {
- return roleDesignates;
- }
-
public static final GBeanInfo GBEAN_INFO;
static {
@@ -149,7 +145,6 @@
infoBuilder.addAttribute("contextIdToPermissionsMap", Map.class, true);
infoBuilder.addAttribute("roleDesignates", Map.class, true);
infoBuilder.addAttribute("classLoader", ClassLoader.class, false);
- infoBuilder.addInterface(RoleDesignateSource.class);
infoBuilder.addReference("PrincipalRoleMapper", PrincipalRoleMapper.class, NameFactory.JACC_MANAGER);
infoBuilder.setConstructor(new String[] {"contextIdToPermissionsMap", "roleDesignates", "classLoader", "PrincipalRoleMapper"});
GBEAN_INFO = infoBuilder.getBeanInfo();
Modified: geronimo/trunk/modules/tomcat-builder/pom.xml
URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/tomcat-builder/pom.xml?rev=431706&r1=431705&r2=431706&view=diff
==============================================================================
--- geronimo/trunk/modules/tomcat-builder/pom.xml (original)
+++ geronimo/trunk/modules/tomcat-builder/pom.xml Tue Aug 15 14:19:27 2006
@@ -129,7 +129,13 @@
<artifactId>geronimo-servlet_2.4_spec</artifactId>
<scope>test</scope>
</dependency>
-
+ <!--WFT??? why is this needed for tests all of a sudden? -->
+ <dependency>
+ <groupId>org.apache.geronimo.specs</groupId>
+ <artifactId>geronimo-jsp_2.0_spec</artifactId>
+ <scope>test</scope>
+ </dependency>
+
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
Modified: geronimo/trunk/modules/tomcat-builder/src/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilder.java
URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/tomcat-builder/src/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilder.java?rev=431706&r1=431705&r2=431706&view=diff
==============================================================================
--- geronimo/trunk/modules/tomcat-builder/src/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilder.java (original)
+++ geronimo/trunk/modules/tomcat-builder/src/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilder.java Tue Aug 15 14:19:27 2006
@@ -418,7 +418,6 @@
}
webModuleData.setAttribute("securityHolder", securityHolder);
- webModuleData.setReferencePattern("RoleDesignateSource", earContext.getJaccManagerName());
}
moduleContext.addGBean(webModuleData);
Modified: geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java
URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java?rev=431706&r1=431705&r2=431706&view=diff
==============================================================================
--- geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java (original)
+++ geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java Tue Aug 15 14:19:27 2006
@@ -121,7 +121,7 @@
defaultSubject.getPrincipals().add(new IdentificationPrincipal(id));
}
- interceptor = new PolicyContextBeforeAfter(interceptor, index++, securityHolder.getPolicyContextID());
+ interceptor = new PolicyContextBeforeAfter(interceptor, index++, index++, securityHolder.getPolicyContextID());
}
}
Modified: geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatWebAppContext.java
URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatWebAppContext.java?rev=431706&r1=431705&r2=431706&view=diff
==============================================================================
--- geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatWebAppContext.java (original)
+++ geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatWebAppContext.java Tue Aug 15 14:19:27 2006
@@ -105,8 +105,6 @@
private final TrackedConnectionAssociator trackedConnectionAssociator;
- private final RoleDesignateSource roleDesignateSource;
-
private final SecurityHolder securityHolder;
private final J2EEServer server;
@@ -134,7 +132,6 @@
TransactionManager transactionManager,
TrackedConnectionAssociator trackedConnectionAssociator,
TomcatContainer container,
- RoleDesignateSource roleDesignateSource,
ObjectRetriever tomcatRealm,
ValveGBean tomcatValveChain,
CatalinaClusterGBean cluster,
@@ -176,7 +173,6 @@
this.applicationManagedSecurityResources = applicationManagedSecurityResources;
this.trackedConnectionAssociator = trackedConnectionAssociator;
- this.roleDesignateSource = roleDesignateSource;
this.server = server;
this.application = application;
@@ -232,11 +228,6 @@
verifyObjectName(myObjectName);
}
- if (securityHolder != null){
- if (roleDesignateSource == null) {
- throw new IllegalArgumentException("RoleDesignateSource must be supplied for a secure web app");
- }
- }
}
public String getObjectName() {
@@ -450,14 +441,14 @@
// super.start();
//register the classloader <> dir context association so that tomcat's jndi based getResources works.
DirContext resources = context.getResources();
- DirContextURLStreamHandler.bind((ClassLoader) classLoader, resources);
+ DirContextURLStreamHandler.bind(classLoader, resources);
log.debug("TomcatWebAppContext started for " + path);
}
public void doStop() throws Exception {
container.removeContext(this);
- DirContextURLStreamHandler.unbind((ClassLoader) classLoader);
+ DirContextURLStreamHandler.unbind(classLoader);
// No more logging will occur for this ClassLoader. Inform the LogFactory to avoid a memory leak.
// LogFactory.release(classLoader);
@@ -495,7 +486,6 @@
infoBuilder.addReference("TrackedConnectionAssociator", TrackedConnectionAssociator.class, NameFactory.JCA_CONNECTION_TRACKER);
infoBuilder.addReference("Container", TomcatContainer.class, NameFactory.GERONIMO_SERVICE);
- infoBuilder.addReference("RoleDesignateSource", RoleDesignateSource.class, NameFactory.JACC_MANAGER);
infoBuilder.addReference("TomcatRealm", ObjectRetriever.class);
infoBuilder.addReference("TomcatValveChain", ValveGBean.class);
infoBuilder.addReference("Cluster", CatalinaClusterGBean.class, CatalinaClusterGBean.J2EE_TYPE);
@@ -522,7 +512,6 @@
"TransactionManager",
"TrackedConnectionAssociator",
"Container",
- "RoleDesignateSource",
"TomcatRealm",
"TomcatValveChain",
"Cluster",
Modified: geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/interceptor/PolicyContextBeforeAfter.java
URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/interceptor/PolicyContextBeforeAfter.java?rev=431706&r1=431705&r2=431706&view=diff
==============================================================================
--- geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/interceptor/PolicyContextBeforeAfter.java (original)
+++ geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/interceptor/PolicyContextBeforeAfter.java Tue Aug 15 14:19:27 2006
@@ -16,38 +16,38 @@
*/
package org.apache.geronimo.tomcat.interceptor;
-import javax.security.auth.Subject;
import javax.security.jacc.PolicyContext;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
+import org.apache.geronimo.security.Callers;
import org.apache.geronimo.security.ContextManager;
public class PolicyContextBeforeAfter implements BeforeAfter{
-
+
private final BeforeAfter next;
private final String policyContextID;
private final int policyContextIDIndex;
+ private final int callersIndex;
- public PolicyContextBeforeAfter(BeforeAfter next, int policyContextIDIndex, String policyContextID) {
+ public PolicyContextBeforeAfter(BeforeAfter next, int policyContextIDIndex, int callersIndex, String policyContextID) {
this.next = next;
this.policyContextIDIndex = policyContextIDIndex;
+ this.callersIndex = callersIndex;
this.policyContextID = policyContextID;
}
public void before(Object[] context, ServletRequest httpRequest, ServletResponse httpResponse) {
-
+
//Save the old
- PolicyHolder policyHolder = new PolicyHolder();
- policyHolder.setContextId(PolicyContext.getContextID());
- policyHolder.setSubject(ContextManager.getCurrentCaller());
-
- context[policyContextIDIndex] = policyHolder;
-
+
+ context[policyContextIDIndex] = PolicyContext.getContextID();
+ context[callersIndex] = ContextManager.getCallers();
+
//Set the new
PolicyContext.setContextID(policyContextID);
PolicyContext.setHandlerData(httpRequest);
-
+
if (next != null) {
next.before(context, httpRequest, httpResponse);
}
@@ -57,30 +57,10 @@
if (next != null) {
next.after(context, httpRequest, httpResponse);
}
-
+
//Replace the old
- PolicyHolder policyHolder = (PolicyHolder)context[policyContextIDIndex];
- PolicyContext.setContextID(policyHolder.getContextId());
- ContextManager.setCurrentCaller(policyHolder.getSubject());
- }
-
- class PolicyHolder{
-
- private Subject subject;
- private String contextId;
-
- public String getContextId() {
- return contextId;
- }
- public void setContextId(String contextId) {
- this.contextId = contextId;
- }
- public Subject getSubject() {
- return subject;
- }
- public void setSubject(Subject subject) {
- this.subject = subject;
- }
+ PolicyContext.setContextID((String)context[policyContextIDIndex]);
+ ContextManager.popCallers((Callers) context[callersIndex]);
}
}
Modified: geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java
URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java?rev=431706&r1=431705&r2=431706&view=diff
==============================================================================
--- geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java (original)
+++ geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java Tue Aug 15 14:19:27 2006
@@ -112,7 +112,7 @@
if (subject == null)
return super.hasUserDataPermission(request, response, constraints);
- ContextManager.setCurrentCaller(subject);
+ ContextManager.setCallers(subject, subject);
try {
@@ -192,7 +192,8 @@
return request.isSecure();
} else {
- ContextManager.setCurrentCaller(((JAASTomcatPrincipal) principal).getSubject());
+ Subject currentCaller = ((JAASTomcatPrincipal) principal).getSubject();
+ ContextManager.setCallers(currentCaller, currentCaller);
}
try {
@@ -238,7 +239,8 @@
}
//Set the caller
- ContextManager.setCurrentCaller(((JAASTomcatPrincipal) principal).getSubject());
+ Subject currentCaller = ((JAASTomcatPrincipal) principal).getSubject();
+ ContextManager.setCallers(currentCaller, currentCaller);
AccessControlContext acc = ContextManager.getCurrentContext();
@@ -337,7 +339,7 @@
return (null);
}
- ContextManager.setCurrentCaller(subject);
+ ContextManager.setCallers(subject, subject);
} catch (AccountExpiredException e) {
if (log.isDebugEnabled())
Modified: geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/valve/DefaultSubjectValve.java
URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/valve/DefaultSubjectValve.java?rev=431706&r1=431705&r2=431706&view=diff
==============================================================================
--- geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/valve/DefaultSubjectValve.java (original)
+++ geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/valve/DefaultSubjectValve.java Tue Aug 15 14:19:27 2006
@@ -25,6 +25,7 @@
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.geronimo.security.ContextManager;
+import org.apache.geronimo.security.Callers;
/**
* @version $Rev$ $Date$
@@ -38,15 +39,18 @@
}
public void invoke(Request request, Response response) throws IOException, ServletException {
- boolean setSubject = ContextManager.getCurrentCaller() == null;
+ Callers oldCallers = null;
+ boolean setSubject = false;
+ if (defaultSubject != null) {
+ oldCallers = ContextManager.getCallers();
+ setSubject = oldCallers == null || oldCallers.getCurrentCaller() == null;
+ }
if (setSubject) {
- ContextManager.setCurrentCaller(defaultSubject);
- ContextManager.setNextCaller(defaultSubject);
+ ContextManager.setCallers(defaultSubject, defaultSubject);
try {
getNext().invoke(request, response);
} finally {
- ContextManager.setCurrentCaller(null);
- ContextManager.setNextCaller(null);
+ ContextManager.popCallers(oldCallers);
}
} else {
getNext().invoke(request, response);
Modified: geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java
URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java?rev=431706&r1=431705&r2=431706&view=diff
==============================================================================
--- geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java (original)
+++ geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java Tue Aug 15 14:19:27 2006
@@ -36,9 +36,8 @@
import org.apache.geronimo.security.jaas.LoginModuleGBean;
import org.apache.geronimo.security.jaas.server.JaasLoginService;
import org.apache.geronimo.security.jacc.ApplicationPolicyConfigurationManager;
-import org.apache.geronimo.security.jacc.ComponentPermissions;
-import org.apache.geronimo.security.jacc.RoleDesignateSource;
import org.apache.geronimo.security.jacc.ApplicationPrincipalRoleConfigurationManager;
+import org.apache.geronimo.security.jacc.ComponentPermissions;
import org.apache.geronimo.security.jacc.PrincipalRoleMapper;
import org.apache.geronimo.security.realm.GenericSecurityRealm;
import org.apache.geronimo.system.serverinfo.BasicServerInfo;
@@ -63,7 +62,7 @@
protected static final String POLICY_CONTEXT_ID = "securetest";
private GeronimoLoginConfiguration loginConfiguration;
- protected TomcatWebAppContext setUpInsecureAppContext(URI relativeWebAppRoot, URL configurationBaseURL, SecurityHolder securityHolder, RoleDesignateSource roleDesignateSource, ObjectRetriever tomcatRealm, ValveGBean valveChain) throws Exception {
+ protected TomcatWebAppContext setUpInsecureAppContext(URI relativeWebAppRoot, URL configurationBaseURL, SecurityHolder securityHolder, ObjectRetriever tomcatRealm, ValveGBean valveChain) throws Exception {
TomcatWebAppContext app = new TomcatWebAppContext(cl,
null,
@@ -77,7 +76,6 @@
transactionManager,
connectionTrackingCoordinator,
container,
- roleDesignateSource,
tomcatRealm,
valveChain,
null,
@@ -104,7 +102,6 @@
return setUpInsecureAppContext(new File(basedir, "target/var/catalina/webapps/war3/").toURI(),
configurationBaseURL,
securityHolder,
- jacc,
realm,
null);
}
Modified: geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/ApplicationTest.java
URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/ApplicationTest.java?rev=431706&r1=431705&r2=431706&view=diff
==============================================================================
--- geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/ApplicationTest.java (original)
+++ geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/ApplicationTest.java Tue Aug 15 14:19:27 2006
@@ -34,7 +34,6 @@
new File(basedir, "target/var/catalina/webapps/war1/WEB-INF/web.xml").toURL(),
null,
null,
- null,
null);
HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:8181/test/hello.txt").openConnection();