You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by dj...@apache.org on 2009/07/16 19:03:51 UTC
svn commit: r794752 [1/3] - in /geronimo/server/trunk/plugins/tomcat:
geronimo-tomcat6-builder/src/test/java/org/apache/geronimo/tomcat/deployment/
geronimo-tomcat6-builder/src/test/resources/deployables/war4/WEB-INF/
geronimo-tomcat6/src/main/java/org...
Author: djencks
Date: Thu Jul 16 17:03:50 2009
New Revision: 794752
URL: http://svn.apache.org/viewvc?rev=794752&view=rev
Log:
GERONIMO-4752 rewrite toomcat security to support jaspic and better support jacc
Added:
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/BaseGeronimoContextConfig.java (with props)
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/EjbWsContextConfig.java (with props)
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/WebContextConfig.java (with props)
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/AuthResult.java (with props)
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/Authenticator.java (with props)
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/Authorizer.java (with props)
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/IdentityService.java (with props)
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/LoginService.java (with props)
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/SecurityValve.java (with props)
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/ServerAuthException.java (with props)
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/TomcatAuthStatus.java (with props)
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/UserIdentity.java (with props)
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/BasicAuthenticator.java (with props)
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/ClientCertAuthenticator.java (with props)
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/DigestAuthenticator.java (with props)
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/FormAuthenticator.java (with props)
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/NoneAuthenticator.java (with props)
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/jaspic/
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/jaspic/JaspicAuthenticator.java (with props)
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/jaspic/JaspicCallbackHandler.java (with props)
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/jaspic/JaspicMessageInfo.java (with props)
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/impl/
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoIdentityService.java (with props)
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoLoginService.java (with props)
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/jacc/
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/jacc/JACCAuthorizer.java (with props)
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/jacc/JACCEJBWebServiceAuthorizer.java (with props)
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/jacc/JACCRealm.java (with props)
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/jacc/JACCSecurityValve.java (with props)
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/jacc/JACCUserIdentity.java (with props)
Removed:
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/realm/TomcatEJBWSGeronimoRealm.java
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/realm/TomcatJAASRealm.java
Modified:
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6-builder/src/test/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilderTest.java
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6-builder/src/test/resources/deployables/war4/WEB-INF/geronimo-web.xml
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/EngineGBean.java
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/JAASTomcatPrincipal.java
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatContainer.java
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatEJBWebServiceContext.java
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatEngine.java
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/interceptor/PolicyContextBeforeAfter.java
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/listener/DispatchListener.java
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/ContainerTest.java
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/JAASSecurityTest.java
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/JACCSecurityTest.java
Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6-builder/src/test/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilderTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6-builder/src/test/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilderTest.java?rev=794752&r1=794751&r2=794752&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6-builder/src/test/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilderTest.java (original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6-builder/src/test/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilderTest.java Thu Jul 16 17:03:50 2009
@@ -32,7 +32,6 @@
import org.apache.geronimo.common.DeploymentException;
import org.apache.geronimo.connector.outbound.connectiontracking.ConnectionTrackingCoordinatorGBean;
import org.apache.geronimo.deployment.ModuleIDBuilder;
-import org.apache.geronimo.deployment.NamespaceDrivenBuilder;
import org.apache.geronimo.deployment.service.GBeanBuilder;
import org.apache.geronimo.deployment.util.UnpackedJarFile;
import org.apache.geronimo.gbean.AbstractName;
@@ -79,7 +78,6 @@
import org.apache.geronimo.testsupport.TestSupport;
import org.apache.geronimo.tomcat.EngineGBean;
import org.apache.geronimo.tomcat.HostGBean;
-import org.apache.geronimo.tomcat.RealmGBean;
import org.apache.geronimo.tomcat.TomcatContainer;
import org.apache.geronimo.tomcat.connector.Http11ConnectorGBean;
import org.apache.geronimo.transaction.manager.GeronimoTransactionManagerGBean;
Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6-builder/src/test/resources/deployables/war4/WEB-INF/geronimo-web.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6-builder/src/test/resources/deployables/war4/WEB-INF/geronimo-web.xml?rev=794752&r1=794751&r2=794752&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6-builder/src/test/resources/deployables/war4/WEB-INF/geronimo-web.xml (original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6-builder/src/test/resources/deployables/war4/WEB-INF/geronimo-web.xml Thu Jul 16 17:03:50 2009
@@ -45,14 +45,14 @@
<!--</default-subject>-->
<!--</security>-->
- <gbean name="TomcatRealm" class="org.apache.geronimo.tomcat.RealmGBean">
- <attribute name="className">org.apache.geronimo.tomcat.realm.TomcatGeronimoRealm</attribute>
- <attribute name="initParams">
- userClassNames=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal
- roleClassNames=org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal
- </attribute>
- <reference name="ConfigurationFactory"><name>securityRealm</name></reference>
- </gbean>
+ <!--<gbean name="TomcatRealm" class="org.apache.geronimo.tomcat.RealmGBean">-->
+ <!--<attribute name="className">org.apache.geronimo.tomcat.realm.TomcatGeronimoRealm</attribute>-->
+ <!--<attribute name="initParams">-->
+ <!--userClassNames=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal-->
+ <!--roleClassNames=org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal-->
+ <!--</attribute>-->
+ <!--<reference name="ConfigurationFactory"><name>securityRealm</name></reference>-->
+ <!--</gbean>-->
<gbean name="FirstValve" class="org.apache.geronimo.tomcat.ValveGBean">
<attribute name="className">org.apache.catalina.authenticator.SingleSignOn</attribute>
Added: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/BaseGeronimoContextConfig.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/BaseGeronimoContextConfig.java?rev=794752&view=auto
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/BaseGeronimoContextConfig.java (added)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/BaseGeronimoContextConfig.java Thu Jul 16 17:03:50 2009
@@ -0,0 +1,127 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.tomcat;
+
+import java.security.AccessControlContext;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.security.auth.message.config.AuthConfigFactory;
+import javax.security.auth.message.config.RegistrationListener;
+import javax.security.auth.message.config.AuthConfigProvider;
+import javax.security.auth.message.config.ServerAuthConfig;
+import javax.security.auth.message.AuthException;
+
+import org.apache.catalina.deploy.LoginConfig;
+import org.apache.catalina.deploy.SecurityConstraint;
+import org.apache.catalina.startup.ContextConfig;
+import org.apache.catalina.Context;
+import org.apache.catalina.core.StandardContext;
+import org.apache.geronimo.tomcat.security.Authenticator;
+import org.apache.geronimo.tomcat.security.LoginService;
+import org.apache.geronimo.tomcat.security.IdentityService;
+import org.apache.geronimo.tomcat.security.Authorizer;
+import org.apache.geronimo.tomcat.security.SecurityValve;
+import org.apache.geronimo.tomcat.security.UserIdentity;
+import org.apache.geronimo.tomcat.security.jacc.JACCAuthorizer;
+import org.apache.geronimo.tomcat.security.jacc.JACCRealm;
+import org.apache.geronimo.tomcat.security.jacc.JACCSecurityValve;
+import org.apache.geronimo.tomcat.security.impl.GeronimoLoginService;
+import org.apache.geronimo.tomcat.security.impl.GeronimoIdentityService;
+import org.apache.geronimo.tomcat.security.authentication.BasicAuthenticator;
+import org.apache.geronimo.tomcat.security.authentication.NoneAuthenticator;
+import org.apache.geronimo.tomcat.security.authentication.DigestAuthenticator;
+import org.apache.geronimo.tomcat.security.authentication.ClientCertAuthenticator;
+import org.apache.geronimo.tomcat.security.authentication.FormAuthenticator;
+import org.apache.geronimo.tomcat.security.authentication.jaspic.JaspicCallbackHandler;
+import org.apache.geronimo.tomcat.security.authentication.jaspic.JaspicAuthenticator;
+import org.apache.geronimo.security.ContextManager;
+import org.apache.geronimo.security.jaas.ConfigurationFactory;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class BaseGeronimoContextConfig extends ContextConfig {
+ private static final String MESSAGE_LAYER = "HttpServlet";
+
+
+ protected void configureSecurity(StandardContext geronimoContext, String policyContextId, ConfigurationFactory configurationFactory, Subject defaultSubject, String authMethod, String realmName, String loginPage, String errorPage) {
+ IdentityService identityService = new GeronimoIdentityService();
+ if (defaultSubject == null) {
+ defaultSubject = ContextManager.EMPTY;
+ }
+ UserIdentity unauthenticatedIdentity = identityService.newUserIdentity(defaultSubject, null, null);
+ LoginService loginService = new GeronimoLoginService(configurationFactory, identityService);
+ Authenticator authenticator = null;
+ AuthConfigFactory authConfigFactory = AuthConfigFactory.getFactory();
+ RegistrationListener listener = new RegistrationListener() {
+
+ public void notify(String layer, String appContext) {
+ }
+ };
+ //?? TODO is context.getPath() the context root?
+ String appContext = "server " + geronimoContext.getPath();
+ AuthConfigProvider authConfigProvider = authConfigFactory.getConfigProvider(MESSAGE_LAYER, appContext, listener);
+ ServerAuthConfig serverAuthConfig = null;
+ JaspicCallbackHandler callbackHandler = null;
+ if (authConfigProvider != null) {
+ callbackHandler = new JaspicCallbackHandler(loginService);
+ try {
+ serverAuthConfig = authConfigProvider.getServerAuthConfig(MESSAGE_LAYER, appContext, callbackHandler);
+ } catch (AuthException e) {
+ //TODO log exception? rethrow????
+ }
+ }
+ if (serverAuthConfig != null) {
+ Map authProperties = new HashMap();
+ Subject serviceSubject = new Subject();
+ authenticator = new JaspicAuthenticator(serverAuthConfig, authProperties, serviceSubject, callbackHandler, identityService);
+ } else if ("BASIC".equalsIgnoreCase(authMethod)) {
+ authenticator = new BasicAuthenticator(loginService, realmName, unauthenticatedIdentity);
+ } else if ("CLIENT-CERT".equalsIgnoreCase(authMethod)) {
+ authenticator = new ClientCertAuthenticator(loginService, unauthenticatedIdentity);
+ } else if ("DIGEST".equalsIgnoreCase(authMethod)) {
+ authenticator = new DigestAuthenticator(loginService, realmName, unauthenticatedIdentity);
+ } else if ("FORM".equalsIgnoreCase(authMethod)) {
+ authenticator = new FormAuthenticator(loginService, unauthenticatedIdentity, loginPage, errorPage);
+ } else if ("NONE".equalsIgnoreCase(authMethod)) {
+ authenticator = new NoneAuthenticator(unauthenticatedIdentity);
+ }
+ if (authenticator == null) {
+ throw new IllegalStateException("No authenticator configured");
+ }
+
+ AccessControlContext defaultAcc = ContextManager.registerSubjectShort(defaultSubject, null, null);
+ Authorizer authorizer = new JACCAuthorizer(defaultAcc);
+
+ SecurityValve securityValve = new JACCSecurityValve(authenticator, authorizer, identityService, policyContextId);
+
+ geronimoContext.addValve(securityValve);
+ if (log.isDebugEnabled()) {
+ log.debug(sm.getString(
+ "contextConfig.authenticatorConfigured",
+ authMethod));
+ }
+
+ geronimoContext.setRealm(new JACCRealm());
+ }
+}
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/BaseGeronimoContextConfig.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/BaseGeronimoContextConfig.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/BaseGeronimoContextConfig.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/EjbWsContextConfig.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/EjbWsContextConfig.java?rev=794752&view=auto
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/EjbWsContextConfig.java (added)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/EjbWsContextConfig.java Thu Jul 16 17:03:50 2009
@@ -0,0 +1,59 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.tomcat;
+
+import javax.security.auth.Subject;
+
+import org.apache.geronimo.security.jaas.ConfigurationFactory;
+import org.apache.catalina.core.StandardContext;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class EjbWsContextConfig extends BaseGeronimoContextConfig {
+ private final String policyContextId;
+ private final ConfigurationFactory configurationFactory;
+ private final Subject defaultSubject;
+ private final String authMethod;
+ private final String realmName;
+
+ public EjbWsContextConfig(String policyContextId, ConfigurationFactory configurationFactory, Subject defaultSubject, String authMethod, String realmName) {
+ this.policyContextId = policyContextId;
+ this.configurationFactory = configurationFactory;
+ this.defaultSubject = defaultSubject;
+ this.authMethod = authMethod;
+ this.realmName = realmName;
+ }
+
+ @Override
+ protected void authenticatorConfig() {
+ if (policyContextId == null || configurationFactory == null) {
+ return;
+ }
+
+ configureSecurity((StandardContext)context,
+ policyContextId,
+ configurationFactory,
+ defaultSubject,
+ authMethod, realmName, null, null);
+ }
+
+}
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/EjbWsContextConfig.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/EjbWsContextConfig.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/EjbWsContextConfig.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/EngineGBean.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/EngineGBean.java?rev=794752&r1=794751&r2=794752&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/EngineGBean.java (original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/EngineGBean.java Thu Jul 16 17:03:50 2009
@@ -16,8 +16,6 @@
*/
package org.apache.geronimo.tomcat;
-import java.util.Collection;
-import java.util.Iterator;
import java.util.Map;
import org.apache.catalina.Cluster;
@@ -25,26 +23,20 @@
import org.apache.catalina.Host;
import org.apache.catalina.LifecycleListener;
import org.apache.catalina.Manager;
-import org.apache.catalina.Realm;
import org.apache.catalina.Valve;
import org.apache.catalina.core.StandardEngine;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.apache.geronimo.gbean.GBeanInfo;
import org.apache.geronimo.gbean.GBeanInfoBuilder;
import org.apache.geronimo.gbean.GBeanLifecycle;
-import org.apache.geronimo.gbean.ReferenceCollection;
-import org.apache.geronimo.gbean.ReferenceCollectionEvent;
-import org.apache.geronimo.gbean.ReferenceCollectionListener;
import org.apache.geronimo.gbean.annotation.GBean;
import org.apache.geronimo.gbean.annotation.ParamAttribute;
import org.apache.geronimo.gbean.annotation.ParamReference;
-import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
+import org.apache.geronimo.security.jaas.ConfigurationFactory;
import org.apache.geronimo.system.jmx.MBeanServerReference;
import org.apache.geronimo.tomcat.cluster.CatalinaClusterGBean;
-import org.apache.geronimo.tomcat.realm.TomcatJAASRealm;
-import org.apache.geronimo.security.jaas.ConfigurationFactory;
+import org.apache.geronimo.tomcat.security.jacc.JACCRealm;
import org.apache.tomcat.util.modeler.Registry;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
/**
* @version $Rev$ $Date$
@@ -61,100 +53,95 @@
public EngineGBean(
//fish engine out of server configured with server.xml
- @ParamReference(name="Server")TomcatServerGBean server,
- @ParamAttribute(name="serviceName")String serviceName,
+ @ParamReference(name = "Server") TomcatServerGBean server,
+ @ParamAttribute(name = "serviceName") String serviceName,
//Or (deprecated) set up an engine directly
- @ParamAttribute(name = "className")String className,
- @ParamAttribute(name = "initParams")Map initParams,
- @ParamReference(name="DefaultHost", namingType = HostGBean.J2EE_TYPE)HostGBean defaultHost,
- @ParamReference(name="RealmGBean", namingType = GBeanInfoBuilder.DEFAULT_J2EE_TYPE)ObjectRetriever realmGBean,
- @ParamReference(name="ConfigurationFactory", namingType = GBeanInfoBuilder.DEFAULT_J2EE_TYPE)ConfigurationFactory configurationFactory,
- @ParamReference(name="TomcatValveChain", namingType = ValveGBean.J2EE_TYPE)ValveGBean tomcatValveChain,
- @ParamReference(name="LifecycleListenerChain", namingType = LifecycleListenerGBean.J2EE_TYPE)LifecycleListenerGBean listenerChain,
- @ParamReference(name="CatalinaCluster", namingType = CatalinaClusterGBean.J2EE_TYPE)CatalinaClusterGBean clusterGBean,
- @ParamReference(name="Manager", namingType = ManagerGBean.J2EE_TYPE)ManagerGBean manager,
- @ParamReference(name="MBeanServerReference")MBeanServerReference mbeanServerReference) throws Exception {
+ @ParamAttribute(name = "className") String className,
+ @ParamAttribute(name = "initParams") Map initParams,
+ @ParamReference(name = "DefaultHost", namingType = HostGBean.J2EE_TYPE) HostGBean defaultHost,
+ @ParamReference(name = "RealmGBean", namingType = GBeanInfoBuilder.DEFAULT_J2EE_TYPE) ObjectRetriever realmGBean,
+ @ParamReference(name = "ConfigurationFactory", namingType = GBeanInfoBuilder.DEFAULT_J2EE_TYPE) ConfigurationFactory configurationFactory,
+ @ParamReference(name = "TomcatValveChain", namingType = ValveGBean.J2EE_TYPE) ValveGBean tomcatValveChain,
+ @ParamReference(name = "LifecycleListenerChain", namingType = LifecycleListenerGBean.J2EE_TYPE) LifecycleListenerGBean listenerChain,
+ @ParamReference(name = "CatalinaCluster", namingType = CatalinaClusterGBean.J2EE_TYPE) CatalinaClusterGBean clusterGBean,
+ @ParamReference(name = "Manager", namingType = ManagerGBean.J2EE_TYPE) ManagerGBean manager,
+ @ParamReference(name = "MBeanServerReference") MBeanServerReference mbeanServerReference) throws Exception {
if (server == null) {
//legacy configuration
- if (className == null){
- className = "org.apache.geronimo.tomcat.TomcatEngine";
- }
+ if (className == null) {
+ className = "org.apache.geronimo.tomcat.TomcatEngine";
+ }
- if (initParams == null){
- throw new IllegalArgumentException("Must have 'name' value in initParams.");
- }
-
- //Be sure the defaulthost has been declared.
- if (defaultHost == null){
- throw new IllegalArgumentException("Must have a 'defaultHost' attribute.");
- }
+ if (initParams == null) {
+ throw new IllegalArgumentException("Must have 'name' value in initParams.");
+ }
- //Be sure the name has been declared.
- if (!initParams.containsKey(NAME)){
- throw new IllegalArgumentException("Must have a 'name' value initParams.");
- }
-
- //Deprecate the defaultHost initParam
- if (initParams.containsKey(DEFAULTHOST)){
- log.warn("The " + DEFAULTHOST + " initParams value is no longer used and will be ignored.");
- initParams.remove(DEFAULTHOST);
- }
+ //Be sure the defaulthost has been declared.
+ if (defaultHost == null) {
+ throw new IllegalArgumentException("Must have a 'defaultHost' attribute.");
+ }
- engine = (Engine)Class.forName(className).newInstance();
+ //Be sure the name has been declared.
+ if (!initParams.containsKey(NAME)) {
+ throw new IllegalArgumentException("Must have a 'name' value initParams.");
+ }
- //Set the parameters
- setParameters(engine, initParams);
-
- //Set realm (must be before Hosts)
- if (realmGBean != null){
- engine.setRealm((Realm)realmGBean.getInternalObject());
- } else if (configurationFactory != null) {
- Realm realm = new TomcatJAASRealm(configurationFactory);
- engine.setRealm(realm);
- }
-
- //Set the default Host
- Host host = (Host) defaultHost.getInternalObject();
- if (host.getParent() != null) {
- throw new IllegalStateException("Default host is already in use by another engine: " + host.getParent());
- }
- engine.setDefaultHost(host.getName());
- addHost(host);
+ //Deprecate the defaultHost initParam
+ if (initParams.containsKey(DEFAULTHOST)) {
+ log.warn("The " + DEFAULTHOST + " initParams value is no longer used and will be ignored.");
+ initParams.remove(DEFAULTHOST);
+ }
- if (manager != null)
- engine.setManager((Manager)manager.getInternalObject());
+ engine = (Engine) Class.forName(className).newInstance();
- //Add the valve and listener lists
- if (engine instanceof StandardEngine){
- if (tomcatValveChain != null){
- ValveGBean valveGBean = tomcatValveChain;
- while(valveGBean != null){
- ((StandardEngine)engine).addValve((Valve)valveGBean.getInternalObject());
- valveGBean = valveGBean.getNextValve();
- }
+ //Set the parameters
+ setParameters(engine, initParams);
+
+ //Set realm (must be before Hosts)
+ engine.setRealm(JACCRealm.INSTANCE);
+
+ //Set the default Host
+ Host host = (Host) defaultHost.getInternalObject();
+ if (host.getParent() != null) {
+ throw new IllegalStateException("Default host is already in use by another engine: " + host.getParent());
}
-
- if (listenerChain != null){
- LifecycleListenerGBean listenerGBean = listenerChain;
- while(listenerGBean != null){
- ((StandardEngine)engine).addLifecycleListener((LifecycleListener)listenerGBean.getInternalObject());
- listenerGBean = listenerGBean.getNextListener();
+ engine.setDefaultHost(host.getName());
+ addHost(host);
+
+ if (manager != null)
+ engine.setManager((Manager) manager.getInternalObject());
+
+ //Add the valve and listener lists
+ if (engine instanceof StandardEngine) {
+ if (tomcatValveChain != null) {
+ ValveGBean valveGBean = tomcatValveChain;
+ while (valveGBean != null) {
+ ((StandardEngine) engine).addValve((Valve) valveGBean.getInternalObject());
+ valveGBean = valveGBean.getNextValve();
+ }
+ }
+
+ if (listenerChain != null) {
+ LifecycleListenerGBean listenerGBean = listenerChain;
+ while (listenerGBean != null) {
+ ((StandardEngine) engine).addLifecycleListener((LifecycleListener) listenerGBean.getInternalObject());
+ listenerGBean = listenerGBean.getNextListener();
+ }
}
}
- }
- if(mbeanServerReference != null) {
- Registry.setServer(mbeanServerReference.getMBeanServer());
- }
-
+ if (mbeanServerReference != null) {
+ Registry.setServer(mbeanServerReference.getMBeanServer());
+ }
- //Add clustering
- if (clusterGBean != null){
- engine.setCluster((Cluster)clusterGBean.getInternalObject());
- }
+
+ //Add clustering
+ if (clusterGBean != null) {
+ engine.setCluster((Cluster) clusterGBean.getInternalObject());
+ }
} else {
//get engine from server gbean
engine = (Engine) server.getService(serviceName).getContainer();
Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java?rev=794752&r1=794751&r2=794752&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java (original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java Thu Jul 16 17:03:50 2009
@@ -42,6 +42,7 @@
import org.apache.geronimo.common.DeploymentException;
import org.apache.geronimo.common.GeronimoSecurityException;
import org.apache.geronimo.security.ContextManager;
+import org.apache.geronimo.security.jaas.ConfigurationFactory;
import org.apache.geronimo.security.jacc.RunAsSource;
import org.apache.geronimo.tomcat.interceptor.BeforeAfter;
import org.apache.geronimo.tomcat.interceptor.ComponentContextBeforeAfter;
@@ -63,6 +64,11 @@
public class GeronimoStandardContext extends StandardContext {
private static final long serialVersionUID = 3834587716552831032L;
+ private static final boolean allowLinking;
+
+ static {
+ allowLinking = new Boolean(System.getProperty("org.apache.geronimo.tomcat.GeronimoStandardContext.allowLinking", "false"));
+ }
private Subject defaultSubject = null;
private RunAsSource runAsSource = RunAsSource.NULL;
@@ -73,12 +79,10 @@
private BeforeAfter beforeAfter = null;
private int contextCount = 0;
-
- private static final boolean allowLinking;
-
- static {
- allowLinking = new Boolean(System.getProperty("org.apache.geronimo.tomcat.GeronimoStandardContext.allowLinking", "false"));
- }
+
+ private boolean authenticatorInstalled;
+ private ConfigurationFactory configurationFactory;
+ private String policyContextId;
public void setContextProperties(TomcatContext ctx) throws DeploymentException {
@@ -104,6 +108,9 @@
getServletContext().setAttribute(entry.getKey(), entry.getValue());
}
}
+ if (tctx.getSecurityHolder() != null) {
+ configurationFactory = tctx.getSecurityHolder().getConfigurationFactory();
+ }
}
int index = 0;
@@ -127,8 +134,8 @@
if (securityHolder.getPolicyContextID() != null) {
- PolicyContext.setContextID(securityHolder.getPolicyContextID());
-
+ policyContextId = securityHolder.getPolicyContextID();
+ PolicyContext.setContextID(policyContextId);
/**
* Register our default subject with the ContextManager
*/
@@ -138,7 +145,7 @@
defaultSubject = ContextManager.EMPTY;
}
- interceptor = new PolicyContextBeforeAfter(interceptor, index++, index++, index++, securityHolder.getPolicyContextID(), defaultSubject);
+ interceptor = new PolicyContextBeforeAfter(interceptor, index++, index++, index++, policyContextId, defaultSubject);
}
}
@@ -448,4 +455,24 @@
public Subject getSubjectForRole(String runAsRole) {
return runAsSource.getSubjectForRole(runAsRole);
}
+
+ public boolean isAuthenticatorInstalled() {
+ return authenticatorInstalled;
+ }
+
+ public void setAuthenticatorInstalled(boolean authenticatorInstalled) {
+ this.authenticatorInstalled = authenticatorInstalled;
+ }
+
+ public ConfigurationFactory getConfigurationFactory() {
+ return configurationFactory;
+ }
+
+ public Subject getDefaultSubject() {
+ return defaultSubject;
+ }
+
+ public String getPolicyContextId() {
+ return policyContextId;
+ }
}
Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/JAASTomcatPrincipal.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/JAASTomcatPrincipal.java?rev=794752&r1=794751&r2=794752&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/JAASTomcatPrincipal.java (original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/JAASTomcatPrincipal.java Thu Jul 16 17:03:50 2009
@@ -34,6 +34,12 @@
this.name = name;
}
+ public JAASTomcatPrincipal(String name, Subject subject, List roles) {
+ this.name = name;
+ this.subject = subject;
+ this.roles = roles;
+ }
+
public String getName() {
return name;
}
Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatContainer.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatContainer.java?rev=794752&r1=794751&r2=794752&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatContainer.java (original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatContainer.java Thu Jul 16 17:03:50 2009
@@ -25,19 +25,18 @@
import javax.management.ObjectName;
import javax.management.MalformedObjectNameException;
+import javax.security.auth.Subject;
import org.apache.catalina.Container;
import org.apache.catalina.Context;
import org.apache.catalina.Engine;
import org.apache.catalina.LifecycleListener;
-import org.apache.catalina.Realm;
import org.apache.catalina.Service;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.Lifecycle;
import org.apache.catalina.core.StandardService;
import org.apache.catalina.startup.ContextConfig;
import org.apache.catalina.connector.Connector;
-import org.apache.catalina.realm.JAASRealm;
import org.apache.geronimo.gbean.GBeanLifecycle;
import org.apache.geronimo.gbean.annotation.GBean;
import org.apache.geronimo.gbean.annotation.ParamAttribute;
@@ -48,9 +47,8 @@
import org.apache.geronimo.management.geronimo.NetworkConnector;
import org.apache.geronimo.management.geronimo.WebManager;
import org.apache.geronimo.security.jaas.ConfigurationFactory;
+import org.apache.geronimo.security.ContextManager;
import org.apache.geronimo.system.serverinfo.ServerInfo;
-import org.apache.geronimo.tomcat.realm.TomcatGeronimoRealm;
-import org.apache.geronimo.tomcat.realm.TomcatJAASRealm;
import org.apache.geronimo.tomcat.util.SecurityHolder;
import org.apache.geronimo.webservices.SoapHandler;
import org.apache.geronimo.webservices.WebServiceContainer;
@@ -262,22 +260,22 @@
* <p/>
* It simply delegates the call to Tomcat's Embedded and Host classes
*
- * @param ctx the context to be added
+ * @param contextInfo the context to be added
* @see org.apache.catalina.startup.Embedded
* @see org.apache.catalina.Host
*/
- public void addContext(TomcatContext ctx) throws Exception {
- Context anotherCtxObj = createContext(ctx.getContextPath(), ctx.getDocBase(), ctx.getClassLoader());
+ public void addContext(TomcatContext contextInfo) throws Exception {
+ Context context = createContext(contextInfo.getContextPath(), contextInfo.getDocBase(), contextInfo.getClassLoader());
// Set the context for the Tomcat implementation
- ctx.setContext(anotherCtxObj);
+ contextInfo.setContext(context);
// Have the context to set its properties if its a GeronimoStandardContext
- if (anotherCtxObj instanceof GeronimoStandardContext) {
- ((GeronimoStandardContext) anotherCtxObj).setContextProperties(ctx);
+ if (context instanceof GeronimoStandardContext) {
+ ((GeronimoStandardContext) context).setContextProperties(contextInfo);
}
//Was a virtual server defined?
- String virtualServer = ctx.getVirtualServer();
+ String virtualServer = contextInfo.getVirtualServer();
if (virtualServer == null) {
virtualServer = engine.getDefaultHost();
}
@@ -287,60 +285,60 @@
}
//Get the security-realm-name if there is one
- SecurityHolder secHolder = ctx.getSecurityHolder() == null? new SecurityHolder(): ctx.getSecurityHolder();
+ SecurityHolder secHolder = contextInfo.getSecurityHolder() == null? new SecurityHolder(): contextInfo.getSecurityHolder();
//Did we declare a GBean at the context level?
- if (ctx.getRealm() != null) {
- Realm realm = ctx.getRealm();
-
- //Allow for the <security-realm-name> override from the
- //geronimo-web.xml file to be used if our Realm is a JAAS type
- if (secHolder.getConfigurationFactory() != null) {
- if (realm instanceof JAASRealm) {
- ((JAASRealm) realm).setAppName(secHolder.getConfigurationFactory().getConfigurationName());
- }
- }
- anotherCtxObj.setRealm(realm);
- } else {
- Realm realm = host.getRealm();
- //Check and see if we have a declared realm name and no match to a parent name
- if (secHolder.getConfigurationFactory() != null) {
- //Is the context requiring JACC?
- if (secHolder.isSecurity()) {
- //JACC
- realm = new TomcatGeronimoRealm(secHolder.getConfigurationFactory());
- } else {
- //JAAS
- realm = new TomcatJAASRealm(secHolder.getConfigurationFactory());
- ((JAASRealm) realm).setUserClassNames("org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal");
- ((JAASRealm) realm).setRoleClassNames("org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal");
- }
-
- if (log.isDebugEnabled()) {
- log.debug("The security-realm-name '" + secHolder.getConfigurationFactory().getConfigurationName() +
- "' was specified and a parent (Engine/Host) is not named the same or no RealmGBean was configured for this context. " +
- "Creating a default " + realm.getClass().getName() +
- " adapter for this context.");
- }
-
- anotherCtxObj.setRealm(realm);
- } else {
- //The same reason with the above
- //anotherCtxObj.setRealm(realm);
- }
- }
+// if (contextInfo.getRealm() != null) {
+// Realm realm = contextInfo.getRealm();
+//
+// //Allow for the <security-realm-name> override from the
+// //geronimo-web.xml file to be used if our Realm is a JAAS type
+// if (secHolder.getConfigurationFactory() != null) {
+// if (realm instanceof JAASRealm) {
+// ((JAASRealm) realm).setAppName(secHolder.getConfigurationFactory().getConfigurationName());
+// }
+// }
+// context.setRealm(realm);
+// } else {
+// Realm realm = host.getRealm();
+// //Check and see if we have a declared realm name and no match to a parent name
+// if (secHolder.getConfigurationFactory() != null) {
+// //Is the context requiring JACC?
+// if (secHolder.isSecurity()) {
+// //JACC
+// realm = new TomcatGeronimoRealm(secHolder.getConfigurationFactory());
+// } else {
+// //JAAS
+// realm = new TomcatJAASRealm(secHolder.getConfigurationFactory());
+// ((JAASRealm) realm).setUserClassNames("org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal");
+// ((JAASRealm) realm).setRoleClassNames("org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal");
+// }
+//
+// if (log.isDebugEnabled()) {
+// log.debug("The security-realm-name '" + secHolder.getConfigurationFactory().getConfigurationName() +
+// "' was specified and a parent (Engine/Host) is not named the same or no RealmGBean was configured for this context. " +
+// "Creating a default " + realm.getClass().getName() +
+// " adapter for this context.");
+// }
+//
+// context.setRealm(realm);
+// } else {
+// //The same reason with the above
+// //anotherCtxObj.setRealm(realm);
+// }
+// }
// add application listeners to the new context
if (applicationListeners != null) {
for (String listener : applicationListeners) {
- anotherCtxObj.addApplicationListener(listener);
+ context.addApplicationListener(listener);
}
}
try {
- host.addChild(anotherCtxObj);
+ host.addChild(context);
} catch (IllegalArgumentException ex) {
- log.error("Unable to add the child container: " + anotherCtxObj.getName()
+ log.error("Unable to add the child container: " + context.getName()
+ " . Please check if your project's context-root is unique.", ex);
}
}
@@ -385,7 +383,16 @@
String[] protectedMethods,
Properties properties,
ClassLoader classLoader) throws Exception {
- Context webServiceContext = createEJBWebServiceContext(contextPath, webServiceContainer, configurationFactory, realmName, transportGuarantee, authMethod, protectedMethods, classLoader);
+
+ if( log.isDebugEnabled() )
+ log.debug("Creating EJBWebService context '" + contextPath + "'.");
+
+ TomcatEJBWebServiceContext context = new TomcatEJBWebServiceContext(contextPath, webServiceContainer, classLoader);
+ Subject defaultSubject = ContextManager.EMPTY;
+ ContextConfig config = new EjbWsContextConfig(policyContextId, configurationFactory, defaultSubject, authMethod, realmName);
+ context.addLifecycleListener(config);
+
+ Context webServiceContext = (context);
String virtualServer;
if (virtualHosts != null && virtualHosts.length > 0) {
@@ -415,51 +422,6 @@
webServices.remove(contextPath);
}
-// public static final GBeanInfo GBEAN_INFO;
-//
-// static {
-// GBeanInfoBuilder infoFactory = GBeanInfoBuilder.createStatic("Tomcat Web Container", TomcatContainer.class);
-//
-// infoFactory.setConstructor(new String[]{
-// "classLoader",
-// "catalinaHome",
-// "applicationListeners",
-// "EngineGBean",
-// "LifecycleListenerChain",
-// "ServerInfo",
-// "objectName",
-// "WebManager"});
-//
-// infoFactory.addAttribute("classLoader", ClassLoader.class, false);
-//
-// infoFactory.addAttribute("catalinaHome", String.class, true);
-//
-// infoFactory.addAttribute("applicationListeners", String[].class, true);
-//
-// infoFactory.addAttribute("objectName", String.class, false);
-//
-// infoFactory.addReference("EngineGBean", ObjectRetriever.class, GBeanInfoBuilder.DEFAULT_J2EE_TYPE);
-// infoFactory.addReference("LifecycleListenerChain", LifecycleListenerGBean.class, LifecycleListenerGBean.J2EE_TYPE);
-//
-// infoFactory.addReference("ServerInfo", ServerInfo.class, "GBean");
-// infoFactory.addReference("WebManager", WebManager.class);
-//
-// infoFactory.addOperation("addContext", new Class[]{TomcatContext.class});
-// infoFactory.addOperation("removeContext", new Class[]{TomcatContext.class});
-//
-// infoFactory.addOperation("addConnector", new Class[]{Connector.class});
-// infoFactory.addOperation("removeConnector", new Class[]{Connector.class});
-//
-// infoFactory.addInterface(SoapHandler.class);
-// infoFactory.addInterface(TomcatWebContainer.class);
-//
-// GBEAN_INFO = infoFactory.getBeanInfo();
-// }
-//
-// public static GBeanInfo getGBeanInfo() {
-// return GBEAN_INFO;
-// }
-
public Context createContext(String path, String docBase, ClassLoader cl) {
if( log.isDebugEnabled() )
@@ -474,35 +436,12 @@
if (cl != null)
context.setParentClassLoader(cl);
- ContextConfig config = new ContextConfig();
-// config.setCustomAuthenticators(authenticators);
+ ContextConfig config = new WebContextConfig();
context.addLifecycleListener(config);
context.setDelegate(true);
return context;
}
-
- public Context createEJBWebServiceContext(String contextPath,
- WebServiceContainer webServiceContainer,
- ConfigurationFactory configurationFactory,
- String realmName,
- String transportGuarantee,
- String authMethod,
- String[] protectedMethods,
- ClassLoader classLoader) {
-
- if( log.isDebugEnabled() )
- log.debug("Creating EJBWebService context '" + contextPath + "'.");
-
- TomcatEJBWebServiceContext context = new TomcatEJBWebServiceContext(contextPath, webServiceContainer, configurationFactory, realmName, transportGuarantee, authMethod, protectedMethods, classLoader);
-
- ContextConfig config = new ContextConfig();
-// config.setCustomAuthenticators(authenticators);
- ((Lifecycle) context).addLifecycleListener(config);
-
- return (context);
-
- }
}
Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatEJBWebServiceContext.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatEJBWebServiceContext.java?rev=794752&r1=794751&r2=794752&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatEJBWebServiceContext.java (original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatEJBWebServiceContext.java Thu Jul 16 17:03:50 2009
@@ -22,9 +22,7 @@
import java.net.URI;
import java.net.URISyntaxException;
import java.util.HashMap;
-import java.util.HashSet;
import java.util.Map;
-import java.util.Set;
import javax.security.jacc.PolicyContext;
import javax.servlet.ServletException;
@@ -32,114 +30,30 @@
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.Wrapper;
-import org.apache.catalina.authenticator.BasicAuthenticator;
-import org.apache.catalina.authenticator.DigestAuthenticator;
-import org.apache.catalina.authenticator.NonLoginAuthenticator;
-import org.apache.catalina.authenticator.SSLAuthenticator;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.core.StandardContext;
-import org.apache.catalina.deploy.LoginConfig;
-import org.apache.catalina.deploy.SecurityCollection;
-import org.apache.catalina.deploy.SecurityConstraint;
import org.apache.catalina.valves.ValveBase;
+import org.apache.geronimo.webservices.WebServiceContainer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import org.apache.geronimo.tomcat.realm.TomcatEJBWSGeronimoRealm;
-import org.apache.geronimo.webservices.WebServiceContainer;
-import org.apache.geronimo.security.jaas.ConfigurationFactory;
public class TomcatEJBWebServiceContext extends StandardContext{
private static final Logger log = LoggerFactory.getLogger(TomcatEJBWebServiceContext.class);
- private final String contextPath;
private final WebServiceContainer webServiceContainer;
- private final boolean isSecureTransportGuarantee;
private final ClassLoader classLoader;
- private final Set<String> secureMethods;
- public TomcatEJBWebServiceContext(String contextPath, WebServiceContainer webServiceContainer, ConfigurationFactory configurationFactory, String realmName, String transportGuarantee, String authMethod, String[] protectedMethods, ClassLoader classLoader) {
- this.contextPath = contextPath;
+ public TomcatEJBWebServiceContext(String contextPath, WebServiceContainer webServiceContainer, ClassLoader classLoader) {
this.webServiceContainer = webServiceContainer;
- this.secureMethods = initSecureMethods(protectedMethods);
this.setPath(contextPath);
this.setDocBase("");
this.setParentClassLoader(classLoader);
this.setDelegate(true);
log.debug("EJB Webservice Context = " + contextPath);
- if (configurationFactory != null) {
-
- TomcatEJBWSGeronimoRealm realm = new TomcatEJBWSGeronimoRealm(configurationFactory);
- setRealm(realm);
-
- if ("NONE".equals(transportGuarantee)) {
- isSecureTransportGuarantee = false;
- } else if ("INTEGRAL".equals(transportGuarantee) ||
- "CONFIDENTIAL".equals(transportGuarantee)) {
- isSecureTransportGuarantee = true;
- } else {
- throw new IllegalArgumentException("Invalid transport-guarantee: " + transportGuarantee);
- }
- if ("NONE".equals(authMethod) ||
- "BASIC".equals(authMethod) ||
- "DIGEST".equals(authMethod) ||
- "CLIENT-CERT".equals(authMethod)) {
-
- //Setup a login configuration
- LoginConfig loginConfig = new LoginConfig();
- loginConfig.setAuthMethod(authMethod);
- loginConfig.setRealmName(realmName);
- this.setLoginConfig(loginConfig);
-
- //Setup a default Security Constraint
- SecurityCollection collection = new SecurityCollection();
- if (secureMethods == null) {
- // protect all
- collection.addMethod("GET");
- collection.addMethod("POST");
- collection.addMethod("PUT");
- collection.addMethod("DELETE");
- collection.addMethod("HEAD");
- collection.addMethod("OPTIONS");
- collection.addMethod("TRACE");
- collection.addMethod("CONNECT");
- } else {
- // protect specified
- for (String method : secureMethods) {
- collection.addMethod(method);
- }
- }
- collection.addPattern("/*");
- collection.setName("default");
- SecurityConstraint sc = new SecurityConstraint();
- sc.addAuthRole("*");
- sc.addCollection(collection);
- sc.setAuthConstraint(true);
- sc.setUserConstraint(transportGuarantee);
- this.addConstraint(sc);
- this.addSecurityRole("default");
-
- //Set the proper authenticator
- if ("BASIC".equals(authMethod) ){
- this.addValve(new BasicAuthenticator());
- } else if ("DIGEST".equals(authMethod) ){
- this.addValve(new DigestAuthenticator());
- } else if ("CLIENT-CERT".equals(authMethod) ){
- this.addValve(new SSLAuthenticator());
- } else if ("NONE".equals(authMethod)) {
- this.addValve(new NonLoginAuthenticator());
- }
-
- } else {
- throw new IllegalArgumentException("Invalid authMethod: " + authMethod);
- }
- } else {
- isSecureTransportGuarantee = false;
- }
-
this.classLoader = classLoader;
this.addValve(new EJBWebServiceValve());
@@ -152,29 +66,6 @@
}
- private Set<String> initSecureMethods(String[] protectedMethods) {
- if (protectedMethods == null) {
- return null;
- }
- Set<String> methods = null;
- for (String method : protectedMethods) {
- if (method == null) {
- continue;
- }
- method = method.trim();
- if (method.length() == 0) {
- continue;
- }
- method = method.toUpperCase();
-
- if (methods == null) {
- methods = new HashSet<String>();
- }
- methods.add(method);
- }
- return methods;
- }
-
public class EJBWebServiceValve extends ValveBase {
public void invoke(Request req, Response res) throws IOException, ServletException {
@@ -201,12 +92,6 @@
req.finishRequest();
- if (secureMethods == null || secureMethods.contains(req.getMethod())) {
- if (isSecureTransportGuarantee && !req.isSecure()) {
- res.sendError(403);
- return;
- }
- }
if (isWSDLRequest(req)) {
try {
webServiceContainer.getWsdl(request, response);
Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatEngine.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatEngine.java?rev=794752&r1=794751&r2=794752&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatEngine.java (original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatEngine.java Thu Jul 16 17:03:50 2009
@@ -19,7 +19,6 @@
import org.apache.catalina.Engine;
import org.apache.catalina.Realm;
import org.apache.catalina.core.StandardEngine;
-import org.apache.geronimo.tomcat.realm.TomcatJAASRealm;
public class TomcatEngine extends StandardEngine implements Engine{
Added: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/WebContextConfig.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/WebContextConfig.java?rev=794752&view=auto
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/WebContextConfig.java (added)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/WebContextConfig.java Thu Jul 16 17:03:50 2009
@@ -0,0 +1,59 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.tomcat;
+
+import org.apache.catalina.deploy.SecurityConstraint;
+import org.apache.catalina.deploy.LoginConfig;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class WebContextConfig extends BaseGeronimoContextConfig {
+ @Override
+ protected void authenticatorConfig() {
+ if (!(context instanceof GeronimoStandardContext)) {
+ throw new IllegalStateException("Unexpected context type");
+ }
+ GeronimoStandardContext geronimoContext = (GeronimoStandardContext) context;
+ if (geronimoContext.isAuthenticatorInstalled()) {
+ return;
+ }
+ SecurityConstraint constraints[] = context.findConstraints();
+ if ((constraints == null) || (constraints.length == 0)) {
+ return;
+ }
+ LoginConfig loginConfig = context.getLoginConfig();
+ String authMethod = loginConfig.getAuthMethod();
+ String realmName = loginConfig.getRealmName();
+ String loginPage = loginConfig.getLoginPage();
+ String errorPage = loginConfig.getErrorPage();
+
+ configureSecurity(geronimoContext,
+ geronimoContext.getPolicyContextId(),
+ geronimoContext.getConfigurationFactory(),
+ geronimoContext.getDefaultSubject(),
+ authMethod,
+ realmName,
+ loginPage,
+ errorPage);
+ }
+
+}
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/WebContextConfig.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/WebContextConfig.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/WebContextConfig.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/interceptor/PolicyContextBeforeAfter.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/interceptor/PolicyContextBeforeAfter.java?rev=794752&r1=794751&r2=794752&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/interceptor/PolicyContextBeforeAfter.java (original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/interceptor/PolicyContextBeforeAfter.java Thu Jul 16 17:03:50 2009
@@ -48,12 +48,12 @@
//Save the old
- context[policyContextIDIndex] = PolicyContext.getContextID();
+// context[policyContextIDIndex] = PolicyContext.getContextID();
context[callersIndex] = ContextManager.getCallers();
//Set the new
- PolicyContext.setContextID(policyContextID);
- PolicyContext.setHandlerData(httpRequest);
+// PolicyContext.setContextID(policyContextID);
+// PolicyContext.setHandlerData(httpRequest);
if (httpRequest != null){
context[defaultSubjectIndex] = httpRequest.getAttribute(DEFAULT_SUBJECT);
httpRequest.setAttribute(DEFAULT_SUBJECT, defaultSubject);
@@ -71,9 +71,9 @@
}
//Replace the old
- PolicyContext.setContextID((String)context[policyContextIDIndex]);
+// PolicyContext.setContextID((String)context[policyContextIDIndex]);
// Must unset handler data from thread - see GERONIMO-4574
- PolicyContext.setHandlerData(null);
+// PolicyContext.setHandlerData(null);
ContextManager.popCallers((Callers) context[callersIndex]);
if (httpRequest != null)
httpRequest.setAttribute(DEFAULT_SUBJECT, context[defaultSubjectIndex]);
Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/listener/DispatchListener.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/listener/DispatchListener.java?rev=794752&r1=794751&r2=794752&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/listener/DispatchListener.java (original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/listener/DispatchListener.java Thu Jul 16 17:03:50 2009
@@ -17,6 +17,7 @@
package org.apache.geronimo.tomcat.listener;
import java.util.Stack;
+
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
@@ -25,14 +26,14 @@
import org.apache.catalina.InstanceEvent;
import org.apache.catalina.InstanceListener;
import org.apache.catalina.core.StandardWrapper;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
import org.apache.geronimo.tomcat.GeronimoStandardContext;
import org.apache.geronimo.tomcat.interceptor.BeforeAfter;
-import org.apache.geronimo.tomcat.realm.TomcatGeronimoRealm;
+import org.apache.geronimo.tomcat.security.jacc.JACCRealm;
import org.apache.tomcat.util.buf.MessageBytes;
import org.apache.tomcat.util.http.mapper.Mapper;
import org.apache.tomcat.util.http.mapper.MappingData;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
public class DispatchListener implements InstanceListener {
@@ -68,7 +69,7 @@
Stack<Object[]> stack = currentContext.get();
Object context[] = new Object[webContext.getContextCount() + 1];
String wrapperName = getWrapperName(request, webContext);
- context[webContext.getContextCount()] = TomcatGeronimoRealm.setRequestWrapperName(wrapperName);
+ context[webContext.getContextCount()] = JACCRealm.setRequestWrapperName(wrapperName);
beforeAfter.before(context, request, response, BeforeAfter.DISPATCHED);
@@ -85,7 +86,7 @@
beforeAfter.after(context, request, response, BeforeAfter.DISPATCHED);
- TomcatGeronimoRealm.setRequestWrapperName((String) context[webContext.getContextCount()]);
+ JACCRealm.setRequestWrapperName((String) context[webContext.getContextCount()]);
}
}
Added: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/AuthResult.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/AuthResult.java?rev=794752&view=auto
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/AuthResult.java (added)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/AuthResult.java Thu Jul 16 17:03:50 2009
@@ -0,0 +1,43 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.tomcat.security;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class AuthResult {
+
+ private final TomcatAuthStatus authStatus;
+ private final UserIdentity userIdentity;
+
+ public AuthResult(TomcatAuthStatus authStatus, UserIdentity userIdentity) {
+ this.authStatus = authStatus;
+ this.userIdentity = userIdentity;
+ }
+
+ public TomcatAuthStatus getAuthStatus() {
+ return authStatus;
+ }
+
+ public UserIdentity getUserIdentity() {
+ return userIdentity;
+ }
+}
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/AuthResult.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/AuthResult.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/AuthResult.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/Authenticator.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/Authenticator.java?rev=794752&view=auto
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/Authenticator.java (added)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/Authenticator.java Thu Jul 16 17:03:50 2009
@@ -0,0 +1,37 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.tomcat.security;
+
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
+
+
+/**
+ * @version $Rev$ $Date$
+ */
+public interface Authenticator {
+
+ AuthResult validateRequest(Request request, Response response, boolean isAuthMandatory) throws ServerAuthException;
+
+ boolean secureResponse(Request request, Response response, AuthResult authResult) throws ServerAuthException;
+
+ String getAuthType();
+}
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/Authenticator.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/Authenticator.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/Authenticator.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/Authorizer.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/Authorizer.java?rev=794752&view=auto
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/Authorizer.java (added)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/Authorizer.java Thu Jul 16 17:03:50 2009
@@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.tomcat.security;
+
+import org.apache.catalina.connector.Request;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public interface Authorizer {
+
+ Object getConstraints(Request request);
+
+ boolean hasUserDataPermissions(Request request, Object constraints);
+
+ boolean isAuthMandatory(Request request, Object constraints);
+
+ boolean hasResourcePermissions(Request request, AuthResult authResult, Object constraints, UserIdentity userIdentity);
+
+}
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/Authorizer.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/Authorizer.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/Authorizer.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/IdentityService.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/IdentityService.java?rev=794752&view=auto
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/IdentityService.java (added)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/IdentityService.java Thu Jul 16 17:03:50 2009
@@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.tomcat.security;
+
+import javax.security.auth.Subject;
+import java.security.Principal;
+import java.util.List;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public interface IdentityService {
+
+ Object associate(UserIdentity userIdentity);
+
+ void dissociate(Object previous);
+
+ UserIdentity newUserIdentity(Subject subject, Principal userPrincipal, List<String> gropus);
+
+}
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/IdentityService.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/IdentityService.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/IdentityService.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/LoginService.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/LoginService.java?rev=794752&view=auto
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/LoginService.java (added)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/LoginService.java Thu Jul 16 17:03:50 2009
@@ -0,0 +1,31 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.tomcat.security;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public interface LoginService {
+
+ UserIdentity login(String userName, String password);
+
+ void logout(UserIdentity userIdentity);
+}
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/LoginService.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/LoginService.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/LoginService.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/SecurityValve.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/SecurityValve.java?rev=794752&view=auto
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/SecurityValve.java (added)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/SecurityValve.java Thu Jul 16 17:03:50 2009
@@ -0,0 +1,104 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.tomcat.security;
+
+import java.io.IOException;
+import java.security.Principal;
+
+import javax.servlet.ServletException;
+
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
+import org.apache.catalina.valves.ValveBase;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class SecurityValve extends ValveBase {
+
+ private final Authenticator authenticator;
+ private final Authorizer authorizer;
+ private final IdentityService identityService;
+
+ public SecurityValve(Authenticator authenticator, Authorizer authorizer, IdentityService identityService) {
+ this.authenticator = authenticator;
+ this.authorizer = authorizer;
+ this.identityService = identityService;
+ }
+
+ public void invoke(Request request, Response response) throws IOException, ServletException {
+
+ Object constraints = authorizer.getConstraints(request);
+
+ if (!authorizer.hasUserDataPermissions(request, constraints)) {
+ //TODO redirect to secure port?
+ if (!response.isError()) {
+ response.sendError(Response.SC_FORBIDDEN);
+ }
+ return;
+ }
+ boolean isAuthMandatory = authorizer.isAuthMandatory(request, constraints);
+
+ try {
+ AuthResult authResult = authenticator.validateRequest(request, response, isAuthMandatory);
+
+ TomcatAuthStatus authStatus = authResult.getAuthStatus();
+
+ if (authStatus == TomcatAuthStatus.FAILURE) {
+ return;
+ } else if (authStatus == TomcatAuthStatus.SEND_CONTINUE) {
+ return;
+ } else if (authStatus == TomcatAuthStatus.SEND_FAILURE) {
+ return;
+ } else if (authStatus == TomcatAuthStatus.SEND_SUCCESS) {
+ return;
+ } else if (authStatus == TomcatAuthStatus.SUCCESS) {
+ request.setAuthType(authenticator.getAuthType());
+ UserIdentity userIdentity = authResult.getUserIdentity();
+ Principal principal = userIdentity == null? null: userIdentity.getUserPrincipal();
+ request.setUserPrincipal(principal);
+ if (isAuthMandatory) {
+ if (!authorizer.hasResourcePermissions(request, authResult, constraints, userIdentity)) {
+ if (!response.isError()) {
+ response.sendError(Response.SC_FORBIDDEN);
+ }
+ return;
+ }
+ }
+ Object previous = identityService.associate(userIdentity);
+ try {
+ getNext().invoke(request, response);
+ } finally {
+ identityService.dissociate(previous);
+ }
+ //This returns a success code but I'm not sure what to do with it.
+ authenticator.secureResponse(request, response, authResult);
+ } else {
+ //illegal state?
+ throw new ServletException("unexpected auth status: " + authStatus);
+ }
+ } catch (ServerAuthException e) {
+ throw new ServletException(e);
+ }
+
+
+ }
+}
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/SecurityValve.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/SecurityValve.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/SecurityValve.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/ServerAuthException.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/ServerAuthException.java?rev=794752&view=auto
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/ServerAuthException.java (added)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/ServerAuthException.java Thu Jul 16 17:03:50 2009
@@ -0,0 +1,41 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.tomcat.security;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class ServerAuthException extends Exception {
+ public ServerAuthException() {
+ }
+
+ public ServerAuthException(String s) {
+ super(s);
+ }
+
+ public ServerAuthException(String s, Throwable throwable) {
+ super(s, throwable);
+ }
+
+ public ServerAuthException(Throwable throwable) {
+ super(throwable);
+ }
+}