You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by dj...@apache.org on 2006/04/28 17:12:23 UTC
svn commit: r397916 - in /geronimo/branches/1.1/modules:
jetty-builder/src/java/org/apache/geronimo/jetty/deployment/
jetty-builder/src/schema/ jetty/src/java/org/apache/geronimo/jetty/
jetty/src/java/org/apache/geronimo/jetty/interceptor/ jetty/src/te...
Author: djencks
Date: Fri Apr 28 08:12:20 2006
New Revision: 397916
URL: http://svn.apache.org/viewcvs?rev=397916&view=rev
Log:
finish backporting security fixes etc GERONIMO-1425, GERONIMO-1440, GERONIMO-1570, GERONIMO-1460. Does not include GERONIMO-1638 (multiple servers) or new keystore manager or GERONIMO-1434 (gbean-jndi references) or wadi work.
Added:
geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/Host.java
- copied unchanged from r374212, geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/Host.java
geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/InternalJAASJettyRealm.java
- copied unchanged from r367430, geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/InternalJAASJettyRealm.java
geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/NonAuthenticator.java
- copied unchanged from r371341, geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/NonAuthenticator.java
Modified:
geronimo/branches/1.1/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java
geronimo/branches/1.1/modules/jetty-builder/src/schema/geronimo-jetty-1.1.xsd
geronimo/branches/1.1/modules/jetty-builder/src/schema/geronimo-jetty-config-1.0.xsd
geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyRealm.java
geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainer.java
geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainerImpl.java
geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyEJBWebServiceContext.java
geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyServer.java
geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java
geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java
geronimo/branches/1.1/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java
Modified: geronimo/branches/1.1/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java
URL: http://svn.apache.org/viewcvs/geronimo/branches/1.1/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java?rev=397916&r1=397915&r2=397916&view=diff
==============================================================================
--- geronimo/branches/1.1/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java (original)
+++ geronimo/branches/1.1/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java Fri Apr 28 08:12:20 2006
@@ -69,6 +69,8 @@
import org.apache.geronimo.jetty.JettyFilterMapping;
import org.apache.geronimo.jetty.JettyServletHolder;
import org.apache.geronimo.jetty.JettyWebAppContext;
+import org.apache.geronimo.jetty.NonAuthenticator;
+import org.apache.geronimo.jetty.Host;
import org.apache.geronimo.kernel.GBeanAlreadyExistsException;
import org.apache.geronimo.kernel.GBeanNotFoundException;
import org.apache.geronimo.kernel.Kernel;
@@ -220,9 +222,9 @@
EnvironmentType environmentType = jettyWebApp.getEnvironment();
Environment environment = EnvironmentBuilder.buildEnvironment(environmentType, defaultEnvironment);
if (standAlone && environment.getConfigId() == null) {
- if (contextRoot.startsWith("/")) {
- contextRoot = contextRoot.substring(1);
- }
+ if (contextRoot.startsWith("/")) {
+ contextRoot = contextRoot.substring(1);
+ }
Artifact configID = new Artifact(Artifact.DEFAULT_GROUP_ID, contextRoot, "1", "car");
environment.setConfigId(configID);
}
@@ -355,11 +357,23 @@
Set securityRoles = collectRoleNames(webApp);
Map rolePermissions = new HashMap();
- String[] hosts = jettyWebApp.getVirtualHostArray();
+ String[] hosts = jettyWebApp.getHostArray();
for (int i = 0; i < hosts.length; i++) {
hosts[i] = hosts[i].trim();
}
- webModuleData.setAttribute("virtualHosts", hosts);
+ String[] virtualHosts = jettyWebApp.getVirtualHostArray();
+ for (int i = 0; i < virtualHosts.length; i++) {
+ virtualHosts[i] = virtualHosts[i].trim();
+ }
+ if (hosts.length > 0 || virtualHosts.length > 0) {
+ //use name same as module
+ AbstractName hostName = earContext.getNaming().createChildName(moduleName, "Host", "Host");
+ GBeanData hostData = new GBeanData(hostName, Host.GBEAN_INFO);
+ hostData.setAttribute("hosts", hosts);
+ hostData.setAttribute("virtualHosts", virtualHosts);
+ earContext.addGBean(hostData);
+ webModuleData.setReferencePattern("Host", hostName);
+ }
//session manager
webModuleData.setAttribute("sessionManager", jettyWebApp.getSessionManager());
@@ -507,6 +521,8 @@
webModuleData.setAttribute("realmName", loginConfig.getRealmName().getStringValue());
}
+ } else if (jettyWebApp.isSetSecurityRealmName()) {
+ webModuleData.setAttribute("authenticator", new NonAuthenticator());
}
moduleContext.addGBean(webModuleData);
Modified: geronimo/branches/1.1/modules/jetty-builder/src/schema/geronimo-jetty-1.1.xsd
URL: http://svn.apache.org/viewcvs/geronimo/branches/1.1/modules/jetty-builder/src/schema/geronimo-jetty-1.1.xsd?rev=397916&r1=397915&r2=397916&view=diff
==============================================================================
--- geronimo/branches/1.1/modules/jetty-builder/src/schema/geronimo-jetty-1.1.xsd (original)
+++ geronimo/branches/1.1/modules/jetty-builder/src/schema/geronimo-jetty-1.1.xsd Fri Apr 28 08:12:20 2006
@@ -43,6 +43,7 @@
<xs:element ref="naming:web-container" minOccurs="0"/>
+ <xs:element name="host" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
<xs:element name="virtual-host" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
<xs:element name="session-manager" type="xs:string" minOccurs="0"/>
Modified: geronimo/branches/1.1/modules/jetty-builder/src/schema/geronimo-jetty-config-1.0.xsd
URL: http://svn.apache.org/viewcvs/geronimo/branches/1.1/modules/jetty-builder/src/schema/geronimo-jetty-config-1.0.xsd?rev=397916&r1=397915&r2=397916&view=diff
==============================================================================
--- geronimo/branches/1.1/modules/jetty-builder/src/schema/geronimo-jetty-config-1.0.xsd (original)
+++ geronimo/branches/1.1/modules/jetty-builder/src/schema/geronimo-jetty-config-1.0.xsd Fri Apr 28 08:12:20 2006
@@ -28,6 +28,7 @@
<xs:complexType name="jetty-configType">
<xs:sequence>
+ <xs:element name="host" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
<xs:element name="virtual-host" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
<xs:element name="session-manager" type="xs:string" minOccurs="0"/>
</xs:sequence>
Modified: geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyRealm.java
URL: http://svn.apache.org/viewcvs/geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyRealm.java?rev=397916&r1=397915&r2=397916&view=diff
==============================================================================
--- geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyRealm.java (original)
+++ geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyRealm.java Fri Apr 28 08:12:20 2006
@@ -16,23 +16,10 @@
*/
package org.apache.geronimo.jetty;
-import java.security.AccessControlContext;
-import java.security.AccessControlException;
import java.security.Principal;
-import java.security.cert.X509Certificate;
-import java.util.HashMap;
-import javax.security.auth.Subject;
-import javax.security.auth.login.LoginContext;
-import javax.security.auth.login.LoginException;
-import javax.security.jacc.WebRoleRefPermission;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.apache.geronimo.jetty.interceptor.SecurityContextBeforeAfter;
-import org.apache.geronimo.security.ContextManager;
-import org.apache.geronimo.security.realm.providers.CertificateCallbackHandler;
-import org.apache.geronimo.security.realm.providers.ClearableCallbackHandler;
-import org.apache.geronimo.security.realm.providers.PasswordCallbackHandler;
import org.mortbay.http.HttpRequest;
import org.mortbay.http.UserRealm;
@@ -44,12 +31,11 @@
private static Log log = LogFactory.getLog(JAASJettyRealm.class);
private final String webRealmName;
- private final String geronimoRealmName;
- private final HashMap userMap = new HashMap();
+ private final InternalJAASJettyRealm internalJAASJettyRealm;
- public JAASJettyRealm(String realmName, String geronimoRealmName) {
+ public JAASJettyRealm(String realmName, InternalJAASJettyRealm internalJAASJettyRealm) {
this.webRealmName = realmName;
- this.geronimoRealmName = geronimoRealmName;
+ this.internalJAASJettyRealm = internalJAASJettyRealm;
}
public String getName() {
@@ -57,126 +43,39 @@
}
public Principal getPrincipal(String username) {
- return (Principal) userMap.get(username);
+ return internalJAASJettyRealm.getPrincipal(username);
}
public Principal authenticate(String username, Object credentials, HttpRequest request) {
- try {
- if ( (username!=null) && (!username.equals("")) ) {
-
- JAASJettyPrincipal userPrincipal = (JAASJettyPrincipal) userMap.get(username);
-
- //user has been previously authenticated, but
- //re-authentication has been requested, so remove them
- if (userPrincipal != null) {
- userMap.remove(username);
- }
-
- ClearableCallbackHandler callbackHandler;
- if (credentials instanceof char[]) {
- char[] password = (char[]) credentials;
- callbackHandler = new PasswordCallbackHandler(username, password);
- } else if (credentials instanceof String) {
- char[] password = ((String) credentials).toCharArray();
- callbackHandler = new PasswordCallbackHandler(username, password);
- } else if (credentials instanceof X509Certificate[]) {
- X509Certificate[] certs = (X509Certificate[]) credentials;
- if (certs.length < 1) {
- throw new LoginException("no certificates supplied");
- }
- callbackHandler = new CertificateCallbackHandler(certs[0]);
- } else {
- throw new LoginException("Cannot extract credentials from class: " + credentials.getClass().getName());
- }
-
- //set up the login context
- LoginContext loginContext = new LoginContext(geronimoRealmName, callbackHandler);
- loginContext.login();
- callbackHandler.clear();
-
- Subject subject = ContextManager.getServerSideSubject(loginContext.getSubject());
- ContextManager.setCurrentCaller(subject);
-
- //login success
- userPrincipal = new JAASJettyPrincipal(username);
- userPrincipal.setSubject(subject);
-
- userMap.put(username, userPrincipal);
-
- return userPrincipal;
- }
- else {
- log.debug("Login Failed - null userID");
- return null;
- }
-
- } catch (LoginException e) {
-// log.warn("Login Failed", e);
- log.debug("Login Failed", e);
- return null;
- }
- }
-
- public void logout(Principal user) {
- JAASJettyPrincipal principal = (JAASJettyPrincipal) user;
-
- userMap.remove(principal.getName());
- ContextManager.unregisterSubject(principal.getSubject());
+ return internalJAASJettyRealm.authenticate(username, credentials, request);
}
public boolean reauthenticate(Principal user) {
- // TODO This is not correct if auth can expire! We need to
-
- ContextManager.setCurrentCaller(((JAASJettyPrincipal) user).getSubject());
-
- // get the user out of the cache
- return (userMap.get(user.getName()) != null);
+ return internalJAASJettyRealm.reauthenticate(user);
}
- public void disassociate(Principal user) {
- // do nothing
+ public boolean isUserInRole(Principal user, String role) {
+ return internalJAASJettyRealm.isUserInRole(user, role);
}
- public boolean isUserInRole(Principal user, String role) {
- if (user == null || role == null) {
- return false;
- }
-
- AccessControlContext acc = ContextManager.getCurrentContext();
- try {
- // JACC v1.0 secion B.19
- String servletName = JettyServletHolder.getCurrentServletName();
- if (servletName.equals("jsp")) {
- servletName = "";
- }
- acc.checkPermission(new WebRoleRefPermission(servletName, role));
- } catch (AccessControlException e) {
- return false;
- }
- return true;
+ public void disassociate(Principal user) {
+ internalJAASJettyRealm.disassociate(user);
}
public Principal pushRole(Principal user, String role) {
- ((JAASJettyPrincipal) user).push(ContextManager.getCurrentCaller());
- ContextManager.setCurrentCaller(SecurityContextBeforeAfter.getCurrentRoleDesignate(role));
- return user;
+ return internalJAASJettyRealm.pushRole(user, role);
}
public Principal popRole(Principal user) {
- ContextManager.setCurrentCaller(((JAASJettyPrincipal) user).pop());
- return user;
+ return internalJAASJettyRealm.popRole(user);
}
- public int hashCode() {
- return webRealmName.hashCode() * 37 ^ geronimoRealmName.hashCode();
+ public void logout(Principal user) {
+ internalJAASJettyRealm.logout(user);
}
- public boolean equals(Object other) {
- if (other == null || other.getClass() != JAASJettyRealm.class) {
- return false;
- }
- JAASJettyRealm otherRealm = (JAASJettyRealm) other;
- return webRealmName.equals(otherRealm.webRealmName) && geronimoRealmName.equals(otherRealm.geronimoRealmName);
+ public String getSecurityRealmName() {
+ return internalJAASJettyRealm.getSecurityRealmName();
}
}
Modified: geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainer.java
URL: http://svn.apache.org/viewcvs/geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainer.java?rev=397916&r1=397915&r2=397916&view=diff
==============================================================================
--- geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainer.java (original)
+++ geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainer.java Fri Apr 28 08:12:20 2006
@@ -35,9 +35,9 @@
void removeContext(HttpContext context);
- UserRealm addRealm(UserRealm realm);
+ InternalJAASJettyRealm addRealm(String realmName);
- void removeRealm(UserRealm realm);
+ void removeRealm(String realmName);
void resetStatistics();
Modified: geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainerImpl.java
URL: http://svn.apache.org/viewcvs/geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainerImpl.java?rev=397916&r1=397915&r2=397916&view=diff
==============================================================================
--- geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainerImpl.java (original)
+++ geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainerImpl.java Fri Apr 28 08:12:20 2006
@@ -19,22 +19,22 @@
import java.util.HashMap;
import java.util.Map;
+
+import javax.management.j2ee.statistics.Stats;
+
import org.apache.geronimo.gbean.GBeanInfo;
import org.apache.geronimo.gbean.GBeanInfoBuilder;
import org.apache.geronimo.gbean.GBeanLifecycle;
-import org.apache.geronimo.webservices.SoapHandler;
-import org.apache.geronimo.webservices.WebServiceContainer;
import org.apache.geronimo.management.StatisticsProvider;
-import org.apache.geronimo.management.geronimo.WebManager;
import org.apache.geronimo.management.geronimo.NetworkConnector;
+import org.apache.geronimo.management.geronimo.WebManager;
+import org.apache.geronimo.webservices.SoapHandler;
+import org.apache.geronimo.webservices.WebServiceContainer;
import org.mortbay.http.HttpContext;
import org.mortbay.http.HttpListener;
import org.mortbay.http.RequestLog;
-import org.mortbay.http.UserRealm;
import org.mortbay.jetty.Server;
-import javax.management.j2ee.statistics.Stats;
-
/**
* @version $Rev$ $Date$
*/
@@ -44,6 +44,7 @@
private final String objectName;
private final WebManager manager;
private JettyWebContainerStatsImpl stats;
+ private final Map realms = new HashMap();
public JettyContainerImpl(String objectName, WebManager manager) {
this.objectName = objectName;
@@ -157,16 +158,29 @@
server.removeContext(context);
}
- public UserRealm addRealm(UserRealm realm) {
- return server.addRealm(realm);
+ public InternalJAASJettyRealm addRealm(String realmName) {
+ InternalJAASJettyRealm realm = (InternalJAASJettyRealm) realms.get(realmName);
+ if (realm == null) {
+ realm = new InternalJAASJettyRealm(realmName);
+ realms.put(realmName, realm);
+ } else {
+ realm.addUse();
+ }
+ return realm;
}
- public void removeRealm(UserRealm realm) {
- server.removeRealm(realm.getName());
+ public void removeRealm(String realmName) {
+ InternalJAASJettyRealm realm = (InternalJAASJettyRealm) realms.get(realmName);
+ if (realm != null) {
+ if (realm.removeUse() == 0){
+ realms.remove(realmName);
+ }
+ }
}
public void addWebService(String contextPath, String[] virtualHosts, WebServiceContainer webServiceContainer, String securityRealmName, String realmName, String transportGuarantee, String authMethod, ClassLoader classLoader) throws Exception {
- JettyEJBWebServiceContext webServiceContext = new JettyEJBWebServiceContext(contextPath, webServiceContainer, securityRealmName, realmName, transportGuarantee, authMethod, classLoader);
+ InternalJAASJettyRealm internalJAASJettyRealm = securityRealmName == null? null:addRealm(securityRealmName);
+ JettyEJBWebServiceContext webServiceContext = new JettyEJBWebServiceContext(contextPath, webServiceContainer, internalJAASJettyRealm, realmName, transportGuarantee, authMethod, classLoader);
webServiceContext.setHosts(virtualHosts);
addContext(webServiceContext);
webServiceContext.start();
@@ -175,6 +189,10 @@
public void removeWebService(String contextPath) {
JettyEJBWebServiceContext webServiceContext = (JettyEJBWebServiceContext) webServices.remove(contextPath);
+ String securityRealmName = webServiceContext.getSecurityRealmName();
+ if (securityRealmName != null) {
+ removeRealm(securityRealmName);
+ }
removeContext(webServiceContext);
}
@@ -220,8 +238,8 @@
infoBuilder.addOperation("removeListener", new Class[]{HttpListener.class});
infoBuilder.addOperation("addContext", new Class[]{HttpContext.class});
infoBuilder.addOperation("removeContext", new Class[]{HttpContext.class});
- infoBuilder.addOperation("addRealm", new Class[]{UserRealm.class});
- infoBuilder.addOperation("removeRealm", new Class[]{UserRealm.class});
+ infoBuilder.addOperation("addRealm", new Class[]{String.class});
+ infoBuilder.addOperation("removeRealm", new Class[]{String.class});
infoBuilder.addAttribute("objectName", String.class, false);
infoBuilder.addReference("WebManager", WebManager.class);
Modified: geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyEJBWebServiceContext.java
URL: http://svn.apache.org/viewcvs/geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyEJBWebServiceContext.java?rev=397916&r1=397915&r2=397916&view=diff
==============================================================================
--- geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyEJBWebServiceContext.java (original)
+++ geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyEJBWebServiceContext.java Fri Apr 28 08:12:20 2006
@@ -16,6 +16,9 @@
*/
package org.apache.geronimo.jetty;
+import org.apache.geronimo.webservices.WebServiceContainer;
+import org.mortbay.http.*;
+
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
@@ -24,18 +27,6 @@
import java.util.HashMap;
import java.util.Map;
-import org.apache.geronimo.webservices.WebServiceContainer;
-import org.mortbay.http.Authenticator;
-import org.mortbay.http.BasicAuthenticator;
-import org.mortbay.http.ClientCertAuthenticator;
-import org.mortbay.http.DigestAuthenticator;
-import org.mortbay.http.HttpContext;
-import org.mortbay.http.HttpException;
-import org.mortbay.http.HttpHandler;
-import org.mortbay.http.HttpRequest;
-import org.mortbay.http.HttpResponse;
-import org.mortbay.http.UserRealm;
-
/**
* Delegates requests to a WebServiceContainer which is presumably for an EJB WebService.
* <p/>
@@ -65,18 +56,18 @@
private final String contextPath;
private final WebServiceContainer webServiceContainer;
private final Authenticator authenticator;
- private final UserRealm realm;
+ private final JAASJettyRealm realm;
private final boolean isConfidentialTransportGuarantee;
private final boolean isIntegralTransportGuarantee;
private final ClassLoader classLoader;
private HttpContext httpContext;
- public JettyEJBWebServiceContext(String contextPath, WebServiceContainer webServiceContainer, String securityRealmName, String realmName, String transportGuarantee, String authMethod, ClassLoader classLoader) {
+ public JettyEJBWebServiceContext(String contextPath, WebServiceContainer webServiceContainer, InternalJAASJettyRealm internalJAASJettyRealm, String realmName, String transportGuarantee, String authMethod, ClassLoader classLoader) {
this.contextPath = contextPath;
this.webServiceContainer = webServiceContainer;
- if (securityRealmName != null) {
- JAASJettyRealm realm = new JAASJettyRealm(realmName, securityRealmName);
+ if (internalJAASJettyRealm != null) {
+ JAASJettyRealm realm = new JAASJettyRealm(realmName, internalJAASJettyRealm);
setRealm(realm);
this.realm = realm;
if ("NONE".equals(transportGuarantee)) {
@@ -175,6 +166,14 @@
public String getContextPath() {
return contextPath;
+ }
+
+ public String getSecurityRealmName() {
+ if (realm == null) {
+ return null;
+ } else {
+ return realm.getSecurityRealmName();
+ }
}
public static class RequestAdapter implements WebServiceContainer.Request {
Modified: geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyServer.java
URL: http://svn.apache.org/viewcvs/geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyServer.java?rev=397916&r1=397915&r2=397916&view=diff
==============================================================================
--- geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyServer.java (original)
+++ geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyServer.java Fri Apr 28 08:12:20 2006
@@ -16,104 +16,29 @@
*/
package org.apache.geronimo.jetty;
-import java.security.Principal;
-import java.util.HashMap;
-import java.util.Map;
-
-import org.mortbay.http.HttpRequest;
import org.mortbay.http.UserRealm;
import org.mortbay.jetty.Server;
/**
+ * JettyServer extends the base Jetty Server class to prevent managing any user realm information by the web.xml realm name
+ * which is only relevant for basic and digest authentication and should not be tied to any
+ * actual information about which security realm is in use.
+ *
* @version $Rev$ $Date$
*/
public class JettyServer extends Server {
- private final Map realmDelegates = new HashMap();
public UserRealm addRealm(UserRealm realm) {
- RealmDelegate delegate = (RealmDelegate) getRealm(realm.getName());
- delegate.addDelegate(realm);
- return delegate.delegate;
+ throw new IllegalArgumentException("You must supply a security-realm-name to every web module using security features");
}
public UserRealm getRealm(String realmName) {
- RealmDelegate delegate = (RealmDelegate) realmDelegates.get(realmName);
-
- if (delegate == null) {
- delegate = new RealmDelegate(realmName);
- realmDelegates.put(realmName, delegate);
- }
- return delegate;
+ throw new IllegalArgumentException("You must supply a security-realm-name to every web module using security features");
}
public synchronized void removeRealm(UserRealm realm) {
- RealmDelegate delegate = (RealmDelegate) realmDelegates.get(realm.getName());
- if (delegate != null) {
- if (delegate.removeDelegate() == 0) {
- realmDelegates.remove(realm.getName());
- }
- }
+ throw new IllegalArgumentException("You must supply a security-realm-name to every web module using security features");
}
- private static class RealmDelegate implements UserRealm {
-
- private UserRealm delegate;
- private final String name;
- private int count;
-
- private RealmDelegate(String name) {
- this.name = name;
- }
-
- private synchronized void addDelegate(UserRealm newDelegate) {
- if (delegate != null && !delegate.equals(newDelegate)) {
- throw new IllegalArgumentException("Inconsistent assigment of user realm: old: " + delegate + ", new: " + newDelegate);
- }
- if (delegate == null) {
- delegate = newDelegate;
- }
- count++;
- }
-
- private int removeDelegate() {
- return count--;
- }
-
- public String getName() {
- return name;
- }
-
- public Principal getPrincipal(String username) {
- return delegate.getPrincipal(username);
- }
-
- public Principal authenticate(String username, Object credentials, HttpRequest request) {
- return delegate.authenticate(username, credentials, request);
- }
-
- public boolean reauthenticate(Principal user) {
- return delegate.reauthenticate(user);
- }
-
- public boolean isUserInRole(Principal user, String role) {
- return delegate.isUserInRole(user, role);
- }
-
- public void disassociate(Principal user) {
- delegate.disassociate(user);
- }
-
- public Principal pushRole(Principal user, String role) {
- return delegate.pushRole(user, role);
- }
-
- public Principal popRole(Principal user) {
- return delegate.popRole(user);
- }
-
- public void logout(Principal user) {
- delegate.logout(user);
- }
- }
}
Modified: geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java
URL: http://svn.apache.org/viewcvs/geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java?rev=397916&r1=397915&r2=397916&view=diff
==============================================================================
--- geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java (original)
+++ geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java Fri Apr 28 08:12:20 2006
@@ -17,6 +17,23 @@
package org.apache.geronimo.jetty;
+import java.io.IOException;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.security.PermissionCollection;
+import java.util.Collection;
+import java.util.EventListener;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Hashtable;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Set;
+
+import javax.management.MalformedObjectNameException;
+import javax.management.ObjectName;
+import javax.naming.Context;
+
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.geronimo.gbean.GBeanInfo;
@@ -36,10 +53,9 @@
import org.apache.geronimo.kernel.ObjectNameUtil;
import org.apache.geronimo.management.J2EEApplication;
import org.apache.geronimo.management.J2EEServer;
-import org.apache.geronimo.management.geronimo.WebModule;
-import org.apache.geronimo.management.geronimo.WebContainer;
-import org.apache.geronimo.management.geronimo.NetworkConnector;
import org.apache.geronimo.management.geronimo.WebConnector;
+import org.apache.geronimo.management.geronimo.WebContainer;
+import org.apache.geronimo.management.geronimo.WebModule;
import org.apache.geronimo.naming.enc.EnterpriseNamingContext;
import org.apache.geronimo.naming.reference.ClassLoaderAwareReference;
import org.apache.geronimo.naming.reference.KernelAwareReference;
@@ -48,7 +64,10 @@
import org.apache.geronimo.transaction.TrackedConnectionAssociator;
import org.apache.geronimo.transaction.context.OnlineUserTransaction;
import org.apache.geronimo.transaction.context.TransactionContextManager;
-import org.mortbay.http.*;
+import org.mortbay.http.Authenticator;
+import org.mortbay.http.HttpException;
+import org.mortbay.http.HttpRequest;
+import org.mortbay.http.HttpResponse;
import org.mortbay.jetty.servlet.AbstractSessionManager;
import org.mortbay.jetty.servlet.Dispatcher;
import org.mortbay.jetty.servlet.FilterHolder;
@@ -58,22 +77,6 @@
import org.mortbay.jetty.servlet.WebApplicationContext;
import org.mortbay.jetty.servlet.WebApplicationHandler;
-import javax.management.ObjectName;
-import javax.management.MalformedObjectNameException;
-import javax.naming.Context;
-import java.io.IOException;
-import java.net.URL;
-import java.net.MalformedURLException;
-import java.security.PermissionCollection;
-import java.util.Collection;
-import java.util.EventListener;
-import java.util.HashSet;
-import java.util.Hashtable;
-import java.util.Iterator;
-import java.util.Map;
-import java.util.Set;
-import java.util.HashMap;
-
/**
* Wrapper for a WebApplicationContext that sets up its J2EE environment.
*
@@ -166,7 +169,6 @@
public JettyWebAppContext(String objectName,
String originalSpecDD,
- String[] virtualHosts,
String sessionManager,
Map componentContext,
OnlineUserTransaction userTransaction,
@@ -194,6 +196,7 @@
PermissionCollection checkedPermissions,
PermissionCollection excludedPermissions,
+ Host host,
TransactionContextManager transactionContextManager,
TrackedConnectionAssociator trackedConnectionAssociator,
JettyContainer jettyContainer,
@@ -229,7 +232,10 @@
this.webClassLoader = classLoader;
setClassLoader(this.webClassLoader);
- setVirtualHosts(virtualHosts);
+ if (host != null) {
+ setHosts(host.getHosts());
+ setVirtualHosts(host.getVirtualHosts());
+ }
handler = new WebApplicationHandler();
addHandler(handler);
@@ -275,9 +281,10 @@
throw new IllegalArgumentException("RoleDesignateSource must be supplied for a secure web app");
}
Map roleDesignates = roleDesignateSource.getRoleDesignateMap();
- //set the JAASJettyRealm as our realm.
- UserRealm realm = new JAASJettyRealm(realmName, securityRealmName);
- realm = jettyContainer.addRealm(realm);
+ InternalJAASJettyRealm internalJAASJettyRealm = jettyContainer.addRealm(securityRealmName);
+ //wrap jetty realm with something that knows the dumb realmName
+ JAASJettyRealm realm = new JAASJettyRealm(realmName, internalJAASJettyRealm);
+ setRealm(realm);
this.securityInterceptor = new SecurityContextBeforeAfter(interceptor, index++, index++, policyContextID, defaultPrincipal, authenticator, checkedPermissions, excludedPermissions, roleDesignates, realm, classLoader);
interceptor = this.securityInterceptor;
} else {
@@ -624,7 +631,6 @@
infoBuilder.addAttribute("sessionTimeoutSeconds", int.class, true);
- infoBuilder.addAttribute("virtualHosts", String[].class, true);
infoBuilder.addAttribute("sessionManager", String.class, true);
infoBuilder.addAttribute("componentContext", Map.class, true);
infoBuilder.addAttribute("userTransaction", OnlineUserTransaction.class, true);
@@ -635,6 +641,7 @@
infoBuilder.addAttribute("contextPath", String.class, true);
+ infoBuilder.addReference("Host", Host.class, "Host");
infoBuilder.addReference("TransactionContextManager", TransactionContextManager.class, NameFactory.TRANSACTION_CONTEXT_MANAGER);
infoBuilder.addReference("TrackedConnectionAssociator", TrackedConnectionAssociator.class, NameFactory.JCA_CONNECTION_TRACKER);
infoBuilder.addReference("JettyContainer", JettyContainer.class, NameFactory.GERONIMO_SERVICE);
@@ -664,7 +671,6 @@
infoBuilder.setConstructor(new String[]{
"objectName",
"deploymentDescriptor",
- "virtualHosts",
"sessionManager",
"componentContext",
"userTransaction",
@@ -693,6 +699,7 @@
"checkedPermissions",
"excludedPermissions",
+ "Host",
"TransactionContextManager",
"TrackedConnectionAssociator",
"JettyContainer",
Modified: geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java
URL: http://svn.apache.org/viewcvs/geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java?rev=397916&r1=397915&r2=397916&view=diff
==============================================================================
--- geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java (original)
+++ geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java Fri Apr 28 08:12:20 2006
@@ -20,6 +20,7 @@
import org.apache.geronimo.common.GeronimoSecurityException;
import org.apache.geronimo.jetty.JAASJettyPrincipal;
import org.apache.geronimo.jetty.JettyContainer;
+import org.apache.geronimo.jetty.JAASJettyRealm;
import org.apache.geronimo.security.ContextManager;
import org.apache.geronimo.security.IdentificationPrincipal;
import org.apache.geronimo.security.SubjectId;
@@ -60,7 +61,7 @@
private final PermissionCollection excludedPermissions;
private final Authenticator authenticator;
- private final UserRealm realm;
+ private final JAASJettyRealm realm;
public SecurityContextBeforeAfter(BeforeAfter next,
int policyContextIDIndex,
@@ -71,7 +72,8 @@
PermissionCollection checkedPermissions,
PermissionCollection excludedPermissions,
Map roleDesignates,
- UserRealm realm, ClassLoader classLoader) {
+ JAASJettyRealm realm,
+ ClassLoader classLoader) {
assert realm != null;
assert authenticator != null;
@@ -109,7 +111,7 @@
public void stop(JettyContainer jettyContainer) {
Subject defaultSubject = this.defaultPrincipal.getSubject();
ContextManager.unregisterSubject(defaultSubject);
- jettyContainer.removeRealm(realm);
+ jettyContainer.removeRealm(realm.getSecurityRealmName());
}
public void before(Object[] context, HttpRequest httpRequest, HttpResponse httpResponse) {
@@ -238,7 +240,7 @@
* security checking should not proceed and servlet handling should proceed,
* e.g. login page.
*/
- private Principal obtainUser(String pathInContext, HttpRequest request, HttpResponse response, WebResourcePermission resourcePermission, WebUserDataPermission dataPermission) throws IOException, IOException {
+ private Principal obtainUser(String pathInContext, HttpRequest request, HttpResponse response, WebResourcePermission resourcePermission, WebUserDataPermission dataPermission) throws IOException {
boolean unauthenticated = !(checked.implies(resourcePermission) || checked.implies(dataPermission));
boolean forbidden = excludedPermissions.implies(resourcePermission) || excludedPermissions.implies(dataPermission);
Modified: geronimo/branches/1.1/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java
URL: http://svn.apache.org/viewcvs/geronimo/branches/1.1/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java?rev=397916&r1=397915&r2=397916&view=diff
==============================================================================
--- geronimo/branches/1.1/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java (original)
+++ geronimo/branches/1.1/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java Fri Apr 28 08:12:20 2006
@@ -88,7 +88,6 @@
JettyWebAppContext app = new JettyWebAppContext(null,
null,
null,
- null,
Collections.EMPTY_MAP,
new OnlineUserTransaction(),
cl,
@@ -112,6 +111,7 @@
defaultPrincipal,
checkedPermissions,
excludedPermissions,
+ null,
transactionContextManager,
connectionTrackingCoordinator,
container,