You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by dj...@apache.org on 2007/06/12 02:47:55 UTC
svn commit: r546336 - in /geronimo/server/trunk/modules:
geronimo-tomcat6-builder/src/main/java/org/apache/geronimo/tomcat/deployment/
geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/util/
geronimo-tomcat6/src/test/java/org/apache/geronimo/to...
Author: djencks
Date: Mon Jun 11 17:47:54 2007
New Revision: 546336
URL: http://svn.apache.org/viewvc?view=rev&rev=546336
Log:
GERONIMO-3154 Clean up tomcat security checks, removing unused and unnecessary non-jacc permission info
Modified:
geronimo/server/trunk/modules/geronimo-tomcat6-builder/src/main/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilder.java
geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/util/SecurityHolder.java
geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/JACCSecurityTest.java
Modified: geronimo/server/trunk/modules/geronimo-tomcat6-builder/src/main/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilder.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-tomcat6-builder/src/main/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilder.java?view=diff&rev=546336&r1=546335&r2=546336
==============================================================================
--- geronimo/server/trunk/modules/geronimo-tomcat6-builder/src/main/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilder.java (original)
+++ geronimo/server/trunk/modules/geronimo-tomcat6-builder/src/main/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilder.java Mon Jun 11 17:47:54 2007
@@ -22,13 +22,9 @@
import java.io.FileWriter;
import java.io.IOException;
import java.net.URL;
-import java.security.Permission;
import java.security.PermissionCollection;
-import java.security.Permissions;
import java.util.Collection;
-import java.util.Enumeration;
import java.util.HashMap;
-import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.atomic.AtomicBoolean;
@@ -59,7 +55,6 @@
import org.apache.geronimo.j2ee.deployment.WebModule;
import org.apache.geronimo.j2ee.deployment.WebServiceBuilder;
import org.apache.geronimo.j2ee.deployment.annotation.AnnotatedWebApp;
-import org.apache.geronimo.j2ee.deployment.annotation.SecurityAnnotationHelper;
import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
import org.apache.geronimo.kernel.Kernel;
import org.apache.geronimo.kernel.Naming;
@@ -89,8 +84,6 @@
import org.apache.geronimo.xbeans.javaee.PersistenceUnitRefType;
import org.apache.geronimo.xbeans.javaee.ResourceEnvRefType;
import org.apache.geronimo.xbeans.javaee.ResourceRefType;
-import org.apache.geronimo.xbeans.javaee.SecurityConstraintType;
-import org.apache.geronimo.xbeans.javaee.SecurityRoleType;
import org.apache.geronimo.xbeans.javaee.ServiceRefType;
import org.apache.geronimo.xbeans.javaee.ServletType;
import org.apache.geronimo.xbeans.javaee.WebAppDocument;
@@ -115,7 +108,7 @@
public TomcatModuleBuilder(Environment defaultEnvironment,
AbstractNameQuery tomcatContainerName,
- Collection webServiceBuilder,
+ Collection<WebServiceBuilder> webServiceBuilder,
Collection securityBuilders,
Collection serviceBuilders,
NamingBuilder namingBuilders,
@@ -212,6 +205,7 @@
warName = "$root-dir$";
}
} catch (IOException e) {
+ //really?
}
}
idBuilder.resolve(environment, warName, "war");
@@ -315,8 +309,8 @@
configureBasicWebModuleAttributes(webApp, tomcatWebApp, moduleContext, earContext, webModule, webModuleData);
try {
moduleContext.addGBean(webModuleData);
- Set securityRoles = collectRoleNames(webApp);
- Map rolePermissions = new HashMap();
+ Set<String> securityRoles = collectRoleNames(webApp);
+ Map<String, PermissionCollection> rolePermissions = new HashMap<String, PermissionCollection>();
webModuleData.setAttribute("contextPath", webModule.getContextRoot());
// unsharableResources, applicationManagedSecurityResources
GBeanResourceEnvironmentBuilder rebuilder = new GBeanResourceEnvironmentBuilder(webModuleData);
@@ -362,20 +356,17 @@
AbstractName managerName = earContext.getNaming().createChildName(moduleName, manager, ManagerGBean.J2EE_TYPE);
webModuleData.setReferencePattern("Manager", managerName);
}
- Map portMap = webModule.getSharedContext();
//Handle the role permissions and webservices on the servlets.
ServletType[] servletTypes = webApp.getServletArray();
- Map webServices = new HashMap();
+ Map<String, AbstractName> webServices = new HashMap<String, AbstractName>();
Class baseServletClass;
try {
baseServletClass = webClassLoader.loadClass(Servlet.class.getName());
} catch (ClassNotFoundException e) {
throw new DeploymentException("Could not load javax.servlet.Servlet in web classloader", e); // TODO identify web app in message
}
- for (int i = 0; i < servletTypes.length; i++) {
- ServletType servletType = servletTypes[i];
-
+ for (ServletType servletType : servletTypes) {
//Handle the Role Ref Permissions
processRoleRefPermissions(servletType, securityRoles, rolePermissions);
@@ -396,8 +387,7 @@
//let the web service builder deal with configuring the gbean with the web service stack
//Here we just extract the factory reference
boolean configured = false;
- for (Iterator iterator = webServiceBuilder.iterator(); iterator.hasNext();) {
- WebServiceBuilder serviceBuilder = (WebServiceBuilder) iterator.next();
+ for (WebServiceBuilder serviceBuilder : webServiceBuilder) {
if (serviceBuilder.configurePOJO(servletData, servletName, module, servletClassName, moduleContext)) {
configured = true;
break;
@@ -438,19 +428,9 @@
securityHolder.setPolicyContextID(policyContextID);
ComponentPermissions componentPermissions = buildSpecSecurityConfig(webApp, securityRoles, rolePermissions);
- securityHolder.setExcluded(componentPermissions.getExcludedPermissions());
- PermissionCollection checkedPermissions = new Permissions();
- for (Iterator iterator = rolePermissions.values().iterator(); iterator.hasNext();) {
- PermissionCollection permissionsForRole = (PermissionCollection) iterator.next();
- for (Enumeration iterator2 = permissionsForRole.elements(); iterator2.hasMoreElements();) {
- Permission permission = (Permission) iterator2.nextElement();
- checkedPermissions.add(permission);
- }
- }
- securityHolder.setChecked(checkedPermissions);
earContext.addSecurityContext(policyContextID, componentPermissions);
//TODO WTF is this for?
- securityHolder.setSecurity(true);
+ securityHolder.setSecurity(true);
webModuleData.setAttribute("securityHolder", securityHolder);
}
Modified: geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/util/SecurityHolder.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/util/SecurityHolder.java?view=diff&rev=546336&r1=546335&r2=546336
==============================================================================
--- geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/util/SecurityHolder.java (original)
+++ geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/util/SecurityHolder.java Mon Jun 11 17:47:54 2007
@@ -17,12 +17,9 @@
package org.apache.geronimo.tomcat.util;
import java.io.Serializable;
-import java.security.PermissionCollection;
-import java.util.Map;
import javax.security.auth.Subject;
-import org.apache.geronimo.security.deploy.SubjectInfo;
import org.apache.geronimo.security.jacc.RunAsSource;
public class SecurityHolder implements Serializable
@@ -32,8 +29,6 @@
private String policyContextID;
private Subject defaultSubject;
- private PermissionCollection checked;
- private PermissionCollection excluded;
private String securityRealm;
private boolean security;
private RunAsSource runAsSource;
@@ -46,16 +41,6 @@
this.securityRealm = securityRealm;
}
- public PermissionCollection getChecked()
- {
- return checked;
- }
-
- public void setChecked(PermissionCollection checked)
- {
- this.checked = checked;
- }
-
public Subject getDefaultSubject()
{
return defaultSubject;
@@ -64,16 +49,6 @@
public void setDefaultSubject(Subject defaultSubject)
{
this.defaultSubject = defaultSubject;
- }
-
- public PermissionCollection getExcluded()
- {
- return excluded;
- }
-
- public void setExcluded(PermissionCollection excluded)
- {
- this.excluded = excluded;
}
public String getPolicyContextID()
Modified: geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/JACCSecurityTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/JACCSecurityTest.java?view=diff&rev=546336&r1=546335&r2=546336
==============================================================================
--- geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/JACCSecurityTest.java (original)
+++ geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/JACCSecurityTest.java Mon Jun 11 17:47:54 2007
@@ -174,8 +174,6 @@
SecurityHolder securityHolder = new SecurityHolder();
securityHolder.setSecurity(true);
- securityHolder.setChecked(checked);
- securityHolder.setExcluded(componentPermissions.getExcludedPermissions());
securityHolder.setPolicyContextID(POLICY_CONTEXT_ID);
// securityHolder.setDefaultSubject(defaultPrincipal);
securityHolder.setSecurityRealm(securityRealmName);