You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by dj...@apache.org on 2003/12/28 20:34:05 UTC
cvs commit: incubator-geronimo/modules/core/src/test/org/apache/geronimo/security EjbModuleConfigurationTest.java LoginPropertiesFileTest.java LoginSQLTest.java SecurityServiceTest.java WebModuleConfigurationTest.java
djencks 2003/12/28 11:34:05
Modified: modules/core/src/java/org/apache/geronimo/security
AbstractModuleConfiguration.java
AbstractSecurityRealm.java
EJBModuleConfiguration.java
GeronimoLoginConfiguration.java SecurityRealm.java
SecurityService.java WebModuleConfiguration.java
modules/core/src/java/org/apache/geronimo/security/providers
PropertiesFileSecurityRealm.java
SQLLoginModule.java SQLSecurityRealm.java
modules/core/src/test/org/apache/geronimo/security
EjbModuleConfigurationTest.java
LoginPropertiesFileTest.java LoginSQLTest.java
SecurityServiceTest.java
WebModuleConfigurationTest.java
Added: modules/core/src/java/org/apache/geronimo/security
ModuleConfiguration.java
Removed: modules/core/src/java/org/apache/geronimo/security
ModuleConfigurationMBean.java
Log:
Convert security service to use GeronimoMBeans. Module configurations must now be explicitly created (by the module deployers)
Revision Changes Path
1.2 +38 -42 incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/AbstractModuleConfiguration.java
Index: AbstractModuleConfiguration.java
===================================================================
RCS file: /home/cvs/incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/AbstractModuleConfiguration.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- AbstractModuleConfiguration.java 18 Nov 2003 05:17:17 -0000 1.1
+++ AbstractModuleConfiguration.java 28 Dec 2003 19:34:05 -0000 1.2
@@ -55,37 +55,37 @@
*/
package org.apache.geronimo.security;
-import org.apache.geronimo.kernel.jmx.JMXUtil;
-import org.apache.geronimo.kernel.service.GeronimoMBeanContext;
+import java.util.Collection;
+import java.util.HashSet;
+import javax.management.InstanceNotFoundException;
+import javax.management.MBeanRegistrationException;
+import javax.management.ObjectName;
import javax.security.jacc.PolicyConfiguration;
import javax.security.jacc.PolicyConfigurationFactory;
import javax.security.jacc.PolicyContextException;
-import javax.management.MBeanServer;
-import javax.management.ObjectName;
-import javax.management.InstanceNotFoundException;
-import javax.management.MBeanRegistrationException;
-import java.util.Collection;
-import java.util.HashSet;
+
+import org.apache.geronimo.kernel.jmx.JMXUtil;
+import org.apache.geronimo.kernel.service.GeronimoMBeanContext;
+import org.apache.geronimo.kernel.service.GeronimoMBeanInfo;
+import org.apache.geronimo.kernel.service.GeronimoMBeanTarget;
/**
*
* @version $Revision$ $Date$
*/
-public abstract class AbstractModuleConfiguration implements ModuleConfigurationMBean {
+public abstract class AbstractModuleConfiguration implements ModuleConfiguration, GeronimoMBeanTarget {
+
private String contextId;
private GeronimoMBeanContext context;
- private MBeanServer server;
- private ObjectName objectName;
private PolicyConfigurationFactory factory;
private PolicyConfiguration policyConfiguration;
private boolean configured = false;
private HashSet roleNames = new HashSet();
- public AbstractModuleConfiguration(String contextId, String objectName) throws GeronimoSecurityException {
+ public AbstractModuleConfiguration(String contextId) throws GeronimoSecurityException {
this.contextId = contextId;
- this.objectName = JMXUtil.getObjectName(objectName);
try {
factory = PolicyConfigurationFactory.getPolicyConfigurationFactory();
@@ -97,20 +97,6 @@
}
}
- public ObjectName preRegister(MBeanServer mBeanServer, ObjectName objectName) throws Exception {
- server = mBeanServer;
-
- return objectName;
- }
-
- public void postRegister(Boolean aBoolean) {
- }
-
- public void preDeregister() throws Exception {
- }
-
- public void postDeregister() {
- }
public void doStart() {
@@ -136,13 +122,6 @@
this.context = context;
}
- /**
- * This method returns this MBean's object name.
- * @return this MBean's object name.
- */
- public ObjectName getObjectName() {
- return objectName;
- }
/**
* This method returns this object's policy context identifier.
@@ -183,7 +162,7 @@
* @param principals The set of principals that are to be mapped to to role.
* @throws GeronimoSecurityException if the mapping principals to the same role twice occurs.
*/
- public void addRollMapping(String role, Collection principals) throws GeronimoSecurityException {
+ public void addRoleMapping(String role, Collection principals) throws GeronimoSecurityException {
if (!configured) throw new GeronimoSecurityException("Must call configure() first");
try {
@@ -222,7 +201,7 @@
* the linkConfiguration method signature. The exception thrown by the implementation class will be encapsulated
* (during construction) in the thrown <code>GeronimoSecurityException</code>.
*/
- public void linkConfiguration(ModuleConfigurationMBean link) throws GeronimoSecurityException {
+ public void linkConfiguration(ModuleConfiguration link) throws GeronimoSecurityException {
PolicyConfiguration other;
try {
@@ -256,12 +235,21 @@
* construction) in the thrown <code>GeronimoSecurityException</code>.
*/
public void delete() throws GeronimoSecurityException {
+
try {
- server.unregisterMBean(objectName);
- } catch (InstanceNotFoundException e) {
- throw new GeronimoSecurityException("Already deleted", e);
- } catch (MBeanRegistrationException e) {
- } finally {
+ if (context != null) {
+ try {
+ context.stop();
+ } catch (Exception e) {
+ }
+ try {
+ context.getServer().unregisterMBean(context.getObjectName());
+ } catch (InstanceNotFoundException e) {
+ throw new GeronimoSecurityException("Already deleted", e);
+ } catch (MBeanRegistrationException e) {
+ }
+ }
+ }finally {
try {
policyConfiguration.delete();
} catch (PolicyContextException e) {
@@ -314,4 +302,12 @@
throw new GeronimoSecurityException("Unable to obtain inService state", e.getCause());
}
}
+
+ public static GeronimoMBeanInfo getGeronimoMBeanInfo() throws Exception {
+ GeronimoMBeanInfo mbeanInfo = new GeronimoMBeanInfo();
+ //don't set target class: do this in concrete subclasses.
+ mbeanInfo.addOperationsDeclaredIn(ModuleConfiguration.class);
+ return mbeanInfo;
+ }
+
}
1.3 +27 -12 incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/AbstractSecurityRealm.java
Index: AbstractSecurityRealm.java
===================================================================
RCS file: /home/cvs/incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/AbstractSecurityRealm.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- AbstractSecurityRealm.java 18 Nov 2003 05:17:17 -0000 1.2
+++ AbstractSecurityRealm.java 28 Dec 2003 19:34:05 -0000 1.3
@@ -55,25 +55,19 @@
*/
package org.apache.geronimo.security;
-import org.apache.geronimo.core.service.AbstractManagedComponent;
-import org.apache.geronimo.kernel.jmx.JMXUtil;
-
-import javax.management.ObjectName;
-import javax.management.MBeanServer;
+import org.apache.geronimo.kernel.service.GeronimoMBeanTarget;
+import org.apache.geronimo.kernel.service.GeronimoMBeanContext;
/**
*
* @version $Revision$ $Date$
- * @jmx:mbean extends="org.apache.geronimo.security.SecurityRealm, org.apache.geronimo.kernel.management.StateManageable"
*/
-public abstract class AbstractSecurityRealm extends AbstractManagedComponent implements SecurityRealm, AbstractSecurityRealmMBean {
+public abstract class AbstractSecurityRealm implements SecurityRealm, GeronimoMBeanTarget {
+
private String realmName;
- public ObjectName preRegister(MBeanServer mBeanServer, ObjectName objectName) throws Exception {
- if (objectName == null) objectName = JMXUtil.getObjectName("geronimo.security:type=SecurityRealm");
- return super.preRegister(mBeanServer, objectName);
- }
+ protected GeronimoMBeanContext context;
public String getRealmName() {
return realmName;
@@ -81,5 +75,26 @@
public void setRealmName(String realmName) {
this.realmName = realmName;
+ }
+
+ public void setMBeanContext(GeronimoMBeanContext context) {
+ this.context = context;
+ }
+
+ public boolean canStart() {
+ return true;
+ }
+
+ public void doStart() {
+ }
+
+ public boolean canStop() {
+ return true;
+ }
+
+ public void doStop() {
+ }
+
+ public void doFail() {
}
}
1.3 +21 -8 incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/EJBModuleConfiguration.java
Index: EJBModuleConfiguration.java
===================================================================
RCS file: /home/cvs/incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/EJBModuleConfiguration.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- EJBModuleConfiguration.java 18 Nov 2003 05:36:57 -0000 1.2
+++ EJBModuleConfiguration.java 28 Dec 2003 19:34:05 -0000 1.3
@@ -63,6 +63,9 @@
import org.apache.geronimo.deployment.model.ejb.AssemblyDescriptor;
import org.apache.geronimo.deployment.model.j2ee.SecurityRole;
import org.apache.geronimo.security.util.ConfigurationUtil;
+import org.apache.geronimo.kernel.service.GeronimoMBeanInfo;
+import org.apache.geronimo.kernel.service.GeronimoOperationInfo;
+import org.apache.geronimo.kernel.service.GeronimoParameterInfo;
import javax.security.jacc.PolicyConfiguration;
import java.util.HashSet;
@@ -74,12 +77,12 @@
*
*
* @version $Revision$ $Date$
- * @jmx:mbean extends="org.apache.geronimo.security.ModuleConfigurationMBean"
*/
-public class EJBModuleConfiguration extends AbstractModuleConfiguration implements EJBModuleConfigurationMBean {
+public class EJBModuleConfiguration extends AbstractModuleConfiguration {
- public EJBModuleConfiguration(String contextId) throws GeronimoSecurityException {
- super(contextId, "geronimo.security:type=EjbModuleConfigurationMBean");
+ public EJBModuleConfiguration(String contextId, EjbJar ejbJar) throws GeronimoSecurityException {
+ super(contextId);
+ configure(ejbJar);
}
/**
@@ -92,9 +95,8 @@
* the security descriptor or the state of the module configuration.
* @see javax.security.jacc.PolicyConfiguration
* @see "Java Authorization Contract for Containers", section 3.1.3
- * @jmx:managed-operation
*/
- public void configure(EjbJar ejbJar) throws GeronimoSecurityException {
+ private void configure(EjbJar ejbJar) throws GeronimoSecurityException {
PolicyConfiguration configuration = getPolicyConfiguration();
AssemblyDescriptor assemblyDescriptor = ejbJar.getAssemblyDescriptor();
@@ -137,9 +139,20 @@
throw new GeronimoSecurityException(e);
}
}
- super.addRollMapping(role.getRoleName(), set);
+ super.addRoleMapping(role.getRoleName(), set);
}
}
}
+ }
+
+ public static GeronimoMBeanInfo getGeronimoMBeanInfo() throws Exception {
+ GeronimoMBeanInfo mbeanInfo = AbstractModuleConfiguration.getGeronimoMBeanInfo();
+ mbeanInfo.setTargetClass(EJBModuleConfiguration.class);
+ /*mbeanInfo.addOperationInfo(new GeronimoOperationInfo("configure",
+ new GeronimoParameterInfo[] {
+ new GeronimoParameterInfo("EJBJar", EjbJar.class, "Geronimo POJO ejb jar descriptor")},
+ GeronimoOperationInfo.ACTION,
+ "Translate the EJB deployment descriptors into equivalent security permissions")); */
+ return mbeanInfo;
}
}
1.3 +13 -35 incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/GeronimoLoginConfiguration.java
Index: GeronimoLoginConfiguration.java
===================================================================
RCS file: /home/cvs/incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/GeronimoLoginConfiguration.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- GeronimoLoginConfiguration.java 23 Nov 2003 17:26:43 -0000 1.2
+++ GeronimoLoginConfiguration.java 28 Dec 2003 19:34:05 -0000 1.3
@@ -55,17 +55,12 @@
*/
package org.apache.geronimo.security;
-import org.apache.geronimo.kernel.jmx.MBeanProxyFactory;
-import org.apache.geronimo.kernel.jmx.JMXUtil;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.Iterator;
-import javax.security.auth.login.Configuration;
import javax.security.auth.login.AppConfigurationEntry;
-import javax.security.auth.AuthPermission;
-import javax.management.MBeanServer;
-import javax.management.ObjectInstance;
-import java.util.Iterator;
-import java.util.HashMap;
-import java.util.ArrayList;
+import javax.security.auth.login.Configuration;
/**
@@ -73,23 +68,19 @@
* @version $Revision$ $Date$
*/
public class GeronimoLoginConfiguration extends Configuration {
- private static ThreadLocal mBeanServer = new ThreadLocal();
- SecurityServiceMBean securityServiceMBean;
- public AppConfigurationEntry[] getAppConfigurationEntry(String realm) {
- MBeanServer server = (MBeanServer)mBeanServer.get();
- if (server == null) throw new java.lang.IllegalStateException("MBean Server not set");
+ private final SecurityService securityService;
- SecurityServiceMBean ss = (SecurityServiceMBean) MBeanProxyFactory.getProxy(SecurityServiceMBean.class,
- server,
- JMXUtil.getObjectName("geronimo.security:type=SecurityService"));
+ public GeronimoLoginConfiguration(SecurityService securityService) {
+ this.securityService = securityService;
+ }
+
+ public AppConfigurationEntry[] getAppConfigurationEntry(String realm) {
ArrayList list = new ArrayList();
- Iterator iter = ss.getRealms().iterator();
- while (iter.hasNext()) {
- ObjectInstance instance = (ObjectInstance) iter.next();
+ for (Iterator iter = securityService.getRealms().iterator(); iter.hasNext();) {
+ SecurityRealm sr = (SecurityRealm) iter.next();
- SecurityRealm sr = (SecurityRealm) MBeanProxyFactory.getProxy(SecurityRealm.class, server, instance.getObjectName());
if (realm.equals(sr.getRealmName())) {
AppConfigurationEntry[] ace = sr.getAppConfigurationEntry();
@@ -115,17 +106,4 @@
public void refresh() {
}
- /**
- * This sets the MBean server that the GeronimoLoginConfiguration is to use
- * when generating the AppConfigurationEntries.<p>
- *
- * todo This strikes me as kinda kludgy
- * @param server
- */
- public static void setMBeanServer(MBeanServer server) {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null) sm.checkPermission(new AuthPermission("setLoginConfiguration"));
-
- mBeanServer.set(server);
- }
}
1.2 +2 -2 incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/SecurityRealm.java
Index: SecurityRealm.java
===================================================================
RCS file: /home/cvs/incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/SecurityRealm.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- SecurityRealm.java 8 Nov 2003 06:06:42 -0000 1.1
+++ SecurityRealm.java 28 Dec 2003 19:34:05 -0000 1.2
@@ -66,7 +66,7 @@
*
* @version $Revision$ $Date$
*/
-public interface SecurityRealm extends Component {
+public interface SecurityRealm {
public String getRealmName();
1.3 +92 -185 incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/SecurityService.java
Index: SecurityService.java
===================================================================
RCS file: /home/cvs/incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/SecurityService.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- SecurityService.java 14 Dec 2003 17:21:01 -0000 1.2
+++ SecurityService.java 28 Dec 2003 19:34:05 -0000 1.3
@@ -55,53 +55,38 @@
*/
package org.apache.geronimo.security;
-import org.apache.geronimo.kernel.jmx.JMXUtil;
-import org.apache.geronimo.kernel.jmx.MBeanProxyFactory;
-import org.apache.geronimo.kernel.service.GeronimoMBeanTarget;
-import org.apache.geronimo.kernel.service.GeronimoMBeanContext;
-import org.apache.geronimo.kernel.service.GeronimoMBeanInfo;
-import org.apache.geronimo.core.service.AbstractManagedComponent;
-import org.apache.geronimo.security.util.ConfigurationUtil;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
+import java.security.AccessController;
+import java.util.Collection;
+import java.util.Iterator;
+import java.util.Collections;
+import javax.management.ObjectName;
import javax.security.auth.login.Configuration;
import javax.security.jacc.PolicyContextException;
-import javax.management.ObjectName;
-import javax.management.MBeanServer;
-import javax.management.Query;
-import javax.management.InstanceAlreadyExistsException;
-import javax.management.MBeanRegistrationException;
-import javax.management.NotCompliantMBeanException;
-import javax.management.Notification;
-import javax.management.MBeanServerNotification;
-import javax.management.InstanceNotFoundException;
-import java.util.Set;
-import java.security.AccessController;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.geronimo.kernel.service.GeronimoMBeanEndpoint;
+import org.apache.geronimo.kernel.service.GeronimoMBeanInfo;
+import org.apache.geronimo.kernel.service.GeronimoOperationInfo;
+import org.apache.geronimo.kernel.service.GeronimoParameterInfo;
+import org.apache.geronimo.security.util.ConfigurationUtil;
/**
* An MBean that maintains a list of security realms.
*
* @version $Revision$ $Date$
- * @jmx:mbean
*/
-public class SecurityService extends AbstractManagedComponent implements SecurityServiceMBean, GeronimoMBeanTarget {
+public class SecurityService {
- private static final ObjectName DEFAULT_NAME = JMXUtil.getObjectName("geronimo.security:type=SecurityService");
- private GeronimoMBeanContext context;
private final Log log = LogFactory.getLog(SecurityService.class);
- static {
- AccessController.doPrivileged(
- new java.security.PrivilegedAction() {
- public Object run() {
- Configuration.setConfiguration(new GeronimoLoginConfiguration());
- return null;
- }
- });
- }
+ private Collection realms = Collections.EMPTY_SET;
+ private Collection ejbModuleConfigurations = Collections.EMPTY_SET;
+ private Collection webModuleConfigurations = Collections.EMPTY_SET;
+
/**
* Permissions that protect access to sensitive security information
@@ -111,36 +96,35 @@
public static GeronimoMBeanInfo getGeronimoMBeanInfo() throws Exception {
GeronimoMBeanInfo mbeanInfo = new GeronimoMBeanInfo();
mbeanInfo.setTargetClass(SecurityService.class.getName());
- return mbeanInfo;
- }
-
- public ObjectName preRegister(MBeanServer mBeanServer, ObjectName objectName) throws Exception {
- if (objectName == null) objectName = DEFAULT_NAME;
- return super.preRegister(mBeanServer, objectName);
- }
-
- /**
- * @param aBoolean a <code>Boolean</code> value
- */
- public void postRegister(Boolean aBoolean) {
- super.postRegister(aBoolean);
- }
-
- public void preDeregister() throws Exception {
- }
-
- public void postDeregister() {
- }
- public void setMBeanContext(GeronimoMBeanContext context) {
- this.context = context;
+ mbeanInfo.addOperationInfo(new GeronimoOperationInfo("getEjbModuleConfiguration",
+ new GeronimoParameterInfo[] {
+ new GeronimoParameterInfo("contextID", String.class, ""),
+ new GeronimoParameterInfo("remove", Boolean.TYPE, "")},
+ GeronimoOperationInfo.ACTION_INFO,
+ "Get security configuration for ejb module identified by contextID"));
+
+ mbeanInfo.addOperationInfo(new GeronimoOperationInfo("getWebModuleConfiguration",
+ new GeronimoParameterInfo[] {
+ new GeronimoParameterInfo("contextID", String.class, ""),
+ new GeronimoParameterInfo("remove", Boolean.TYPE, "")},
+ GeronimoOperationInfo.ACTION_INFO,
+ "Get security configuration for web module identified by contextID"));
+ mbeanInfo.addEndpoint(new GeronimoMBeanEndpoint("Realms", SecurityRealm.class, ObjectName.getInstance("geronimo.security:type=SecurityRealm,*")));
+ mbeanInfo.addEndpoint(new GeronimoMBeanEndpoint("EJBModuleConfigurations", EJBModuleConfiguration.class, ObjectName.getInstance("geronimo.security:Type=EJBModuleConfiguration,*")));
+ mbeanInfo.addEndpoint(new GeronimoMBeanEndpoint("WebModuleConfigurations", WebModuleConfiguration.class, ObjectName.getInstance("geronimo.security:Type=WebModuleConfiguration,*")));
+ return mbeanInfo;
}
- public boolean canStart() {
- return true;
- }
- public void doStart() {
+ public SecurityService() {
+ AccessController.doPrivileged(
+ new java.security.PrivilegedAction() {
+ public Object run() {
+ Configuration.setConfiguration(new GeronimoLoginConfiguration(SecurityService.this));
+ return null;
+ }
+ });
/**
* @see "JSR 115 4.6.1" Container Subject Policy Contact Handler
*/
@@ -151,45 +135,50 @@
} catch (PolicyContextException pce) {
log.error("Exception in doStart()", pce);
- IllegalStateException ise = new IllegalStateException();
- ise.initCause(pce);
- throw ise;
+ throw (IllegalStateException)new IllegalStateException().initCause(pce);
}
- log.debug("Security Server started");
- }
-
- public boolean canStop() {
- return true;
- }
-
- public void doStop() {
- log.debug("Security Server stopped");
- }
-
- public void doFail() {
}
/**
*
+ * This was once a managed operation...only used by GeronimoLoginConfiguration, which uses it directly.
+ * Return type was a Set. Changed to collection to work with GeronimoMBeanEndpoints.
* @return
* @throws GeronimoSecurityException
- * @jmx:managed-operation
*/
- public Set getRealms() throws GeronimoSecurityException {
+ public Collection getRealms() throws GeronimoSecurityException {
SecurityManager sm = System.getSecurityManager();
if (sm != null) sm.checkPermission(CONFIGURE);
+ return realms;
+ }
- try {
- return server.queryMBeans(JMXUtil.getObjectName("geronimo.security:type=SecurityRealm"), null);
- } catch (Exception e) {
- throw new GeronimoSecurityException(e);
- }
+
+ public void setRealms(Collection realms) {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null) sm.checkPermission(CONFIGURE);
+ this.realms = realms;
+ }
+
+ public Collection getEJBModuleConfigurations() {
+ return ejbModuleConfigurations;
+ }
+
+ public void setEJBModuleConfigurations(Collection ejbModuleConfigurations) {
+ this.ejbModuleConfigurations = ejbModuleConfigurations;
+ }
+
+ public Collection getWebModuleConfigurations() {
+ return webModuleConfigurations;
+ }
+
+ public void setWebModuleConfigurations(Collection webModuleConfigurations) {
+ this.webModuleConfigurations = webModuleConfigurations;
}
/**
* <p>This method is used to obtain a web module configuration that corresponds to the identified policy context.
* The methods of the <code>WebModuleConfigurationMBean</code> class are used to map deployment descriptor
- * information into policy statements needed by the identified policy context as well as the principal to roll
+ * information into policy statements needed by the identified policy context as well as the principal to role
* mapping.</p>
*
* <p>If at the time of the call, the identified web module configuration does not exist, then the web module
@@ -215,46 +204,22 @@
* identified policy context.
* @throws GeronimoSecurityException if the implementation throws a checked exception that has not been accounted for by
* the <code>getWebModuleConfiguration</code> method signature.
- * @jmx:managed-operation
*/
- public ObjectName getWebModuleConfiguration(String contextID, boolean remove) throws GeronimoSecurityException {
+ public WebModuleConfiguration getWebModuleConfiguration(String contextID, boolean remove) throws GeronimoSecurityException {
+ assert contextID != null : "ContextID must be supplied!";
SecurityManager sm = System.getSecurityManager();
if (sm != null) sm.checkPermission(CONFIGURE);
- Set configBeans = server.queryMBeans(JMXUtil.getObjectName("geronimo.security:type=WebModuleConfigurationMBean,*"),
- Query.eq(Query.attr("ContextID"),
- Query.value(contextID)));
- assert configBeans.size() <= 1;
-
- WebModuleConfigurationMBean configBean = null;
- ObjectName objName;
- if (configBeans.isEmpty()) {
- configBean = new WebModuleConfiguration(contextID);
-
- objName = configBean.getObjectName();
- try {
- server.registerMBean(configBean, configBean.getObjectName());
- } catch (InstanceAlreadyExistsException e) {
- throw new GeronimoSecurityException(e);
- } catch (MBeanRegistrationException e) {
- throw new GeronimoSecurityException(e);
- } catch (NotCompliantMBeanException e) {
- throw new GeronimoSecurityException(e);
- } catch (IllegalArgumentException e) {
- throw new GeronimoSecurityException(e);
+ for (Iterator iterator = webModuleConfigurations.iterator(); iterator.hasNext();) {
+ WebModuleConfiguration webModuleConfiguration = (WebModuleConfiguration) iterator.next();
+ if (contextID.equals(webModuleConfiguration.getContextID())) {
+ if (remove) {
+ webModuleConfiguration.delete();
+ }
+ return webModuleConfiguration;
}
- } else {
- objName = (ObjectName)configBeans.iterator().next();
}
-
- if (remove) {
- configBean = (WebModuleConfigurationMBean) MBeanProxyFactory.getProxy(WebModuleConfigurationMBean.class,
- server,
- objName);
- configBean.delete();
- }
-
- return objName;
+ return null;
}
/**
@@ -286,80 +251,22 @@
* identified policy context.
* @throws GeronimoSecurityException if the implementation throws a checked exception that has not been accounted for by
* the <code>getEjbModuleConfiguration</code> method signature.
- * @jmx:managed-operation
*/
- public ObjectName getEjbModuleConfiguration(String contextID, boolean remove) throws GeronimoSecurityException {
+ public EJBModuleConfiguration getEjbModuleConfiguration(String contextID, boolean remove) throws GeronimoSecurityException {
+ assert contextID != null : "ContextID must be supplied!";
SecurityManager sm = System.getSecurityManager();
if (sm != null) sm.checkPermission(CONFIGURE);
- Set configBeans = server.queryMBeans(JMXUtil.getObjectName("geronimo.security:type=EjbModuleConfigurationMBean,*"),
- Query.eq(Query.attr("ContextID"),
- Query.value(contextID)));
- assert configBeans.size() <= 1;
-
- EJBModuleConfigurationMBean configBean = null;
- ObjectName objName;
- if (configBeans.isEmpty()) {
- configBean = new EJBModuleConfiguration(contextID);
-
- objName = configBean.getObjectName();
- try {
- server.registerMBean(configBean, configBean.getObjectName());
- } catch (InstanceAlreadyExistsException e) {
- throw new GeronimoSecurityException(e);
- } catch (MBeanRegistrationException e) {
- throw new GeronimoSecurityException(e);
- } catch (NotCompliantMBeanException e) {
- throw new GeronimoSecurityException(e);
- } catch (IllegalArgumentException e) {
- throw new GeronimoSecurityException(e);
- }
- } else {
- objName = (ObjectName)configBeans.iterator().next();
- }
-
- if (remove) {
- configBean = (EJBModuleConfiguration) MBeanProxyFactory.getProxy(EJBModuleConfiguration.class,
- server,
- objName);
- configBean.delete();
- }
-
- return objName;
- }
-
- /**
- * Monitor JMX notifications<p>
- *
- * When a security realm is registered in JMX, then set up the containment relationship with it so that it
- * becomes one of our components.
- * @param n a <code>Notification</code> value
- * @param o an <code>Object</code> value
- */
- public void handleNotification(Notification n, Object o) {
- ObjectName source = null;
-
- try {
- // Respond to registrations of SecurityRealm
- if (MBeanServerNotification.REGISTRATION_NOTIFICATION.equals(n.getType())) {
- MBeanServerNotification notification = (MBeanServerNotification) n;
- source = notification.getMBeanName();
- if (server.isInstanceOf(source, SecurityRealm.class.getName())) {
- log.debug("Received registration notification for SecurityRealm=" + source);
- dependencyService.addStartDependency(source, objectName);
- } else if (server.isInstanceOf(source, AbstractModuleConfiguration.class.getName())) {
- log.debug("Received registration notification for ModuleConfiguration=" + source);
- dependencyService.addStartDependency(source, objectName);
- } else {
- log.debug("Ignoring registration of mbean=" + source);
+ for (Iterator iterator = ejbModuleConfigurations.iterator(); iterator.hasNext();) {
+ EJBModuleConfiguration ejbModuleConfiguration = (EJBModuleConfiguration) iterator.next();
+ if (contextID.equals(ejbModuleConfiguration.getContextID())) {
+ if (remove) {
+ ejbModuleConfiguration.delete();
}
+ return ejbModuleConfiguration;
}
- } catch (InstanceNotFoundException e) {
- log.debug("Registration notification received for non-existant object: " + source);
- } catch (Exception e) {
- throw new IllegalStateException(e.toString());
}
-
- super.handleNotification(n, o);
+ return null;
}
+
}
1.3 +32 -18 incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/WebModuleConfiguration.java
Index: WebModuleConfiguration.java
===================================================================
RCS file: /home/cvs/incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/WebModuleConfiguration.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- WebModuleConfiguration.java 18 Nov 2003 05:36:57 -0000 1.2
+++ WebModuleConfiguration.java 28 Dec 2003 19:34:05 -0000 1.3
@@ -56,22 +56,26 @@
package org.apache.geronimo.security;
-import org.apache.geronimo.deployment.model.geronimo.web.WebApp;
-import org.apache.geronimo.deployment.model.geronimo.j2ee.RoleMappings;
-import org.apache.geronimo.deployment.model.geronimo.j2ee.Role;
-import org.apache.geronimo.deployment.model.geronimo.j2ee.Realm;
-import org.apache.geronimo.deployment.model.geronimo.j2ee.Principal;
-import org.apache.geronimo.security.util.ConfigurationUtil;
-
-import javax.security.jacc.PolicyConfiguration;
-import java.util.HashSet;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
+import java.util.HashSet;
+
+import javax.security.jacc.PolicyConfiguration;
+
+import org.apache.geronimo.deployment.model.geronimo.j2ee.Principal;
+import org.apache.geronimo.deployment.model.geronimo.j2ee.Realm;
+import org.apache.geronimo.deployment.model.geronimo.j2ee.Role;
+import org.apache.geronimo.deployment.model.geronimo.j2ee.RoleMappings;
+import org.apache.geronimo.deployment.model.geronimo.web.WebApp;
+import org.apache.geronimo.kernel.service.GeronimoMBeanInfo;
+import org.apache.geronimo.kernel.service.GeronimoOperationInfo;
+import org.apache.geronimo.kernel.service.GeronimoParameterInfo;
+import org.apache.geronimo.security.util.ConfigurationUtil;
/**
* This es an MBean wrapper class that performs much of the utility work
- * needed to perform the translattion of the web deployment descriptors
+ * needed to perform the translation of the web deployment descriptors
* into equivalent security permissions. These permissions are placed into
* the appropriate <code>PolicyConfiguration</code> object as defined in the
* JAAC spec.
@@ -82,12 +86,12 @@
* @version $Revision$ $Date$
* @see javax.security.jacc.PolicyConfiguration
* @see "Java Authorization Contract for Containers", section 3.1.3
- * @jmx:mbean extends="org.apache.geronimo.security.ModuleConfigurationMBean"
*/
-public class WebModuleConfiguration extends AbstractModuleConfiguration implements WebModuleConfigurationMBean {
+public class WebModuleConfiguration extends AbstractModuleConfiguration {
- public WebModuleConfiguration(String contextId) throws GeronimoSecurityException {
- super(contextId, "geronimo.security:type=WebModuleConfigurationMBean");
+ public WebModuleConfiguration(String contextId, WebApp webApp) throws GeronimoSecurityException {
+ super(contextId);
+ configure(webApp);
}
/**
@@ -100,9 +104,8 @@
* the security descriptor or the state of the module configuration.
* @see javax.security.jacc.PolicyConfiguration
* @see "Java Authorization Contract for Containers", section 3.1.3
- * @jmx:managed-operation
*/
- public void configure(WebApp webApp) throws GeronimoSecurityException {
+ private void configure(WebApp webApp) throws GeronimoSecurityException {
PolicyConfiguration configuration = getPolicyConfiguration();
@@ -139,9 +142,20 @@
throw new GeronimoSecurityException(e);
}
}
- super.addRollMapping(role.getRoleName(), set);
+ super.addRoleMapping(role.getRoleName(), set);
}
}
}
+ }
+
+ public static GeronimoMBeanInfo getGeronimoMBeanInfo() throws Exception {
+ GeronimoMBeanInfo mbeanInfo = AbstractModuleConfiguration.getGeronimoMBeanInfo();
+ mbeanInfo.setTargetClass(WebModuleConfiguration.class);
+ /*mbeanInfo.addOperationInfo(new GeronimoOperationInfo("configure",
+ new GeronimoParameterInfo[] {
+ new GeronimoParameterInfo("WebApp", WebApp.class, "Geronimo POJO web-app descriptor")},
+ GeronimoOperationInfo.ACTION,
+ "Translate the Web deployment descriptors into equivalent security permissions"));*/
+ return mbeanInfo;
}
}
1.1 incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/ModuleConfiguration.java
Index: ModuleConfiguration.java
===================================================================
/* ====================================================================
* The Apache Software License, Version 1.1
*
* Copyright (c) 2003 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Apache" and "Apache Software Foundation" and
* "Apache Geronimo" must not be used to endorse or promote products
* derived from this software without prior written permission. For
* written permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache",
* "Apache Geronimo", nor may "Apache" appear in their name, without
* prior written permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
* ====================================================================
*/
package org.apache.geronimo.security;
import org.apache.geronimo.kernel.service.GeronimoMBeanTarget;
import javax.management.ObjectName;
import javax.management.MBeanRegistration;
import java.util.Collection;
import java.util.HashSet;
/**
*
* @version $Revision: 1.1 $ $Date: 2003/12/28 19:34:05 $
*/
public interface ModuleConfiguration {
/**
* This method returns this modules's policy context identifier.
* @return this object's policy context identifier.
*/
public String getContextID();
/**
* This method returns the module's set of roles.
* @return the set of roles that are being used for this module.
*/
public HashSet getRoles();
/**
* Add a mapping from a module's security roles to physical principals. Mapping principals to the same role twice
* will cause a <code>PolicyContextException</code> to be thrown.
* @param role The role that is to be mapped to a set of principals.
* @param principals The set of principals that are to be mapped to to role.
* @throws GeronimoSecurityException if the mapping principals to the same role twice occurs.
*/
public void addRoleMapping(String role, Collection principals) throws GeronimoSecurityException;
/**
* <p>Creates a relationship between this configuration and another such that they share the same principal-to-role
* mappings. <code>PolicyConfigurations</code> are linked to apply a common principal-to-role mapping to multiple
* seperately manageable <code>PolicyConfigurations</code>, as is required when an application is composed of
* multiple modules.</p>
*
* <p>Note that the policy statements which comprise a role, or comprise the excluded or unchecked policy
* collections in a <code>PolicyConfiguration</code> are unaffected by the configuration being linked to
* another.</p>
* @param link a reference to a different PolicyConfiguration than this <code>PolicyConfiguration</code>.
* <p>The relationship formed by this method is symetric, transitive and idempotent. If the argument
* <code>PolicyConfiguration</code> does not have a different Policy context identifier than this
* <code>PolicyConfiguration</code> no relationship is formed, and an exception, as described below, is thrown.
* @throws java.lang.SecurityException if called by an <code>AccessControlContext</code> that has not been granted
* the "setPolicy" <code>SecurityPermission</code>.
* @throws java.lang.UnsupportedOperationException if the state of the policy context whose interface is this
* <code>EjbModuleConfigurationMBean</code> Object is "deleted" or "inService" when this method is called.
* @throws java.lang.IllegalArgumentException if called with an argument <code>EjbModuleConfigurationMBean</code>
* whose Policy context is equivalent to that of this <code>EjbModuleConfigurationMBean</code>.
* @throws GeronimoSecurityException if the implementation throws a checked exception that has not been accounted for by
* the linkConfiguration method signature. The exception thrown by the implementation class will be encapsulated
* (during construction) in the thrown <code>GeronimoSecurityException</code>.
*/
public void linkConfiguration(ModuleConfiguration link) throws GeronimoSecurityException;
/**
* <p>Causes all policy statements to be deleted from this <code>PolicyConfiguration</code> and sets its internal
* state such that calling any method, other than <code>delete</code>, <code>getContextID</code>, or
* <code>inService</code> on the <code>PolicyConfiguration</code> will be rejected and cause an
* <code>UnsupportedOperationException</code> to be thrown.</p>
*
* <p>This operation has no affect on any linked <code>PolicyConfigurations</code> other than removing any links
* involving the deleted <code>PolicyConfiguration<code>.</p>
* @throws java.lang.SecurityException if called by an <code>AccessControlContext</code> that has not been granted
* the "setPolicy" <code>SecurityPermission</code>.
* @throws GeronimoSecurityException if the implementation throws a checked exception that has not been accounted for by
* the delete method signature. The exception thrown by the implementation class will be encapsulated (during
* construction) in the thrown <code>GeronimoSecurityException</code>.
*/
public void delete() throws GeronimoSecurityException;
/**
* <p>This method is used to set to "inService" the state of the policy context whose interface is this
* <code>PolicyConfiguration</code> Object. Only those policy contexts whose state is "inService" will be included
* in the policy contexts processed by the <code>Policy.refresh</code> method. A policy context whose state is
* "inService" may be returned to the "open" state by calling the <code>getPolicyConfiguration</code> method of the
* <code>PolicyConfiguration</code> factory with the policy context identifier of the policy context.</p>
*
* <p> When the state of a policy context is "inService", calling any method other than <code>commit</code>,
* <code>delete</code>, <code>getContextID</code>, or <code>inService</code> on its <code>PolicyConfiguration</code>
* Object will cause an <code>UnsupportedOperationException</code> to be thrown.</p>
* @throws java.lang.SecurityException if called by an <code>AccessControlContext</code> that has not been granted
* the "setPolicy" <code>SecurityPermission</code>.
* @throws java.lang.UnsupportedOperationException if the state of the policy context whose interface is this
* <code>PolicyConfiguration</code> Object is "deleted" when this method is called.
* @throws GeronimoSecurityException if the implementation throws a checked exception that has not been accounted for by
* the commit method signature. The exception thrown by the implementation class will be encapsulated (during
* construction) in the thrown <code>GeronimoSecurityException</code>.
*/
public void commit() throws GeronimoSecurityException;
/**
* This method is used to determine if the policy context whose interface is this <code>PolicyConfiguration</code>
* Object is in the "inService" state.
* @return <code>true</code> if the state of the associated policy context is "inService"; <code>false</code>
* otherwise.
* @throws java.lang.SecurityException if called by an <code>AccessControlContext</code> that has not been granted
* the "setPolicy" <code>SecurityPermission</code>.
* @throws GeronimoSecurityException if the implementation throws a checked exception that has not been accounted for by the
* <code>inService</code> method signature. The exception thrown by the implementation class will be encapsulated
* (during construction) in the thrown <code>GeronimoSecurityException</code>.
*/
public boolean inService() throws GeronimoSecurityException;
}
1.2 +18 -15 incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/providers/PropertiesFileSecurityRealm.java
Index: PropertiesFileSecurityRealm.java
===================================================================
RCS file: /home/cvs/incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/providers/PropertiesFileSecurityRealm.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- PropertiesFileSecurityRealm.java 18 Nov 2003 05:17:18 -0000 1.1
+++ PropertiesFileSecurityRealm.java 28 Dec 2003 19:34:05 -0000 1.2
@@ -78,6 +78,7 @@
* @version $Revision$ $Date$
*/
public class PropertiesFileSecurityRealm extends AbstractSecurityRealm {
+ private boolean running = false;
private URI usersURI;
private URI groupsURI;
Properties users = new Properties();
@@ -85,19 +86,21 @@
final static String REALM = "org.apache.geronimo.security.providers.PropertiesFileSecurityRealm";
- protected void doStart() throws Exception {
+ public void doStart() {
if (usersURI == null) throw new IllegalStateException("Users URI not set");
if (groupsURI == null) throw new IllegalStateException("Groups URI not set");
refresh();
+ running = true;
}
- protected void doStop() throws Exception {
+ public void doStop() {
usersURI = null;
groupsURI = null;
users.clear();
groups.clear();
+ running = false;
}
public URI getUsersURI() {
@@ -105,9 +108,9 @@
}
public void setUsersURI(URI usersURI) {
- if (getStateInstance() != State.STOPPED)
+ if (running) {
throw new IllegalStateException("Cannot change the Users URI after the realm is started");
-
+ }
this.usersURI = usersURI;
}
@@ -116,23 +119,23 @@
}
public void setGroupsURI(URI groupsURI) {
- if (getStateInstance() != State.STOPPED)
+ if (running) {
throw new IllegalStateException("Cannot change the Groups URI after the realm is started");
-
+ }
this.groupsURI = groupsURI;
}
public Set getGroupPrincipals() throws GeronimoSecurityException {
- if (getStateInstance() != State.RUNNING)
+ if (!running) {
throw new IllegalStateException("Cannot obtain Groups until the realm is started");
-
+ }
return Collections.unmodifiableSet(groups.keySet());
}
public Set getGroupPrincipals(RE regexExpression) throws GeronimoSecurityException {
- if (getStateInstance() != State.RUNNING)
+ if (!running) {
throw new IllegalStateException("Cannot obtain Groups until the realm is started");
-
+ }
HashSet result = new HashSet();
Enumeration enum = groups.keys();
String group;
@@ -148,16 +151,16 @@
}
public Set getUserPrincipals() throws GeronimoSecurityException {
- if (getStateInstance() != State.RUNNING)
+ if (!running) {
throw new IllegalStateException("Cannot obtain Users until the realm is started");
-
+ }
return Collections.unmodifiableSet(users.keySet());
}
public Set getUserPrincipals(RE regexExpression) throws GeronimoSecurityException {
- if (getStateInstance() != State.RUNNING)
+ if (!running) {
throw new IllegalStateException("Cannot obtain Users until the realm is started");
-
+ }
HashSet result = new HashSet();
Enumeration enum = users.keys();
String user;
1.3 +1 -2 incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/providers/SQLLoginModule.java
Index: SQLLoginModule.java
===================================================================
RCS file: /home/cvs/incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/providers/SQLLoginModule.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- SQLLoginModule.java 27 Nov 2003 10:33:48 -0000 1.2
+++ SQLLoginModule.java 28 Dec 2003 19:34:05 -0000 1.3
@@ -100,7 +100,6 @@
}
username = ((NameCallback) callbacks[0]).getName();
password = realm.obfuscate((String) realm.users.get(username));
-
return new String(((PasswordCallback) callbacks[1]).getPassword()).equals(password);
}
1.2 +37 -34 incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/providers/SQLSecurityRealm.java
Index: SQLSecurityRealm.java
===================================================================
RCS file: /home/cvs/incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/providers/SQLSecurityRealm.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- SQLSecurityRealm.java 18 Nov 2003 05:17:18 -0000 1.1
+++ SQLSecurityRealm.java 28 Dec 2003 19:34:05 -0000 1.2
@@ -55,22 +55,22 @@
*/
package org.apache.geronimo.security.providers;
-import org.apache.geronimo.security.AbstractSecurityRealm;
-import org.apache.geronimo.security.GeronimoSecurityException;
-import org.apache.geronimo.kernel.management.State;
-import org.apache.regexp.RE;
-
-import javax.security.auth.login.AppConfigurationEntry;
-import java.util.Set;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.sql.DriverManager;
import java.sql.Connection;
-import java.sql.SQLException;
+import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+import javax.security.auth.login.AppConfigurationEntry;
+
+import org.apache.geronimo.security.AbstractSecurityRealm;
+import org.apache.geronimo.security.GeronimoSecurityException;
+import org.apache.regexp.RE;
/**
@@ -79,6 +79,7 @@
*/
public class SQLSecurityRealm extends AbstractSecurityRealm {
+ private boolean running = false;
private String connectionURL;
private String user = "";
private String password = "";
@@ -89,13 +90,15 @@
final static String REALM = "org.apache.geronimo.security.providers.SQLSecurityRealm";
- protected void doStart() throws Exception {
+ public void doStart() {
if (connectionURL == null) throw new IllegalStateException("Connection URI not set");
refresh();
+ running = true;
}
- protected void doStop() throws Exception {
+ public void doStop() {
+ running = false;
connectionURL = null;
users.clear();
@@ -107,9 +110,9 @@
}
public void setConnectionURL(String connectionURL) {
- if (getStateInstance() != State.STOPPED)
+ if (running) {
throw new IllegalStateException("Cannot change the Connection URI after the realm is started");
-
+ }
this.connectionURL = connectionURL;
}
@@ -118,9 +121,9 @@
}
public void setPassword(String password) {
- if (getStateInstance() != State.STOPPED)
+ if (running) {
throw new IllegalStateException("Cannot change the connection password after the realm is started");
-
+ }
this.password = password;
}
@@ -129,9 +132,9 @@
}
public void setUser(String user) {
- if (getStateInstance() != State.STOPPED)
+ if (running) {
throw new IllegalStateException("Cannot change the connection user after the realm is started");
-
+ }
this.user = user;
}
@@ -140,9 +143,9 @@
}
public void setUserSelect(String userSelect) {
- if (getStateInstance() != State.STOPPED)
+ if (running) {
throw new IllegalStateException("Cannot change the user SQL select statement after the realm is started");
-
+ }
this.userSelect = userSelect;
}
@@ -151,24 +154,24 @@
}
public void setGroupSelect(String groupSelect) {
- if (getStateInstance() != State.STOPPED)
+ if (running) {
throw new IllegalStateException("Cannot change the group SQL select statement after the realm is started");
-
+ }
this.groupSelect = groupSelect;
}
public Set getGroupPrincipals() throws GeronimoSecurityException {
- if (getStateInstance() != State.RUNNING)
+ if (!running) {
throw new IllegalStateException("Cannot obtain Groups until the realm is started");
-
+ }
return Collections.unmodifiableSet(groups.keySet());
}
public Set getGroupPrincipals(RE regexExpression) throws GeronimoSecurityException {
- if (getStateInstance() != State.RUNNING)
+ if (!running) {
throw new IllegalStateException("Cannot obtain Groups until the realm is started");
-
+ }
HashSet result = new HashSet();
Iterator iter = groups.keySet().iterator();
String group;
@@ -184,16 +187,16 @@
}
public Set getUserPrincipals() throws GeronimoSecurityException {
- if (getStateInstance() != State.RUNNING)
+ if (!running) {
throw new IllegalStateException("Cannot obtain Users until the realm is started");
-
+ }
return Collections.unmodifiableSet(users.keySet());
}
public Set getUserPrincipals(RE regexExpression) throws GeronimoSecurityException {
- if (getStateInstance() != State.RUNNING)
+ if (!running) {
throw new IllegalStateException("Cannot obtain Users until the realm is started");
-
+ }
HashSet result = new HashSet();
Iterator iter = users.keySet().iterator();
String user;
1.2 +3 -4 incubator-geronimo/modules/core/src/test/org/apache/geronimo/security/EjbModuleConfigurationTest.java
Index: EjbModuleConfigurationTest.java
===================================================================
RCS file: /home/cvs/incubator-geronimo/modules/core/src/test/org/apache/geronimo/security/EjbModuleConfigurationTest.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- EjbModuleConfigurationTest.java 18 Nov 2003 05:28:27 -0000 1.1
+++ EjbModuleConfigurationTest.java 28 Dec 2003 19:34:05 -0000 1.2
@@ -83,19 +83,18 @@
public void setUp() throws Exception {
System.setProperty("javax.security.jacc.PolicyConfigurationFactory.provider", "org.apache.geronimo.security.GeronimoPolicyConfigurationFactory");
- module = new EJBModuleConfiguration("pookie test");
docDir = new File("src/test-data/xml/deployment");
loader = new GeronimoEjbJarLoader();
}
public void testRead() throws Exception {
- assertSame("pookie test", module.getContextID());
File f = new File(docDir, "geronimo-ejb-jar-testRead.xml");
Document xmlDoc = LoaderUtil.parseXML(new FileReader(f));
GeronimoEjbJarDocument doc = loader.load(xmlDoc);
EjbJar jar = doc.getEjbJar();
- module.configure(jar);
+ module = new EJBModuleConfiguration("pookie test", jar);
+ assertSame("pookie test", module.getContextID());
}
}
1.2 +17 -24 incubator-geronimo/modules/core/src/test/org/apache/geronimo/security/LoginPropertiesFileTest.java
Index: LoginPropertiesFileTest.java
===================================================================
RCS file: /home/cvs/incubator-geronimo/modules/core/src/test/org/apache/geronimo/security/LoginPropertiesFileTest.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- LoginPropertiesFileTest.java 18 Nov 2003 05:20:12 -0000 1.1
+++ LoginPropertiesFileTest.java 28 Dec 2003 19:34:05 -0000 1.2
@@ -55,22 +55,20 @@
*/
package org.apache.geronimo.security;
-import junit.framework.TestCase;
+import java.io.File;
+import java.io.IOException;
+import java.util.Collections;
-import javax.management.MBeanServer;
-import javax.security.auth.login.LoginContext;
import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.UnsupportedCallbackException;
-import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.login.LoginContext;
+import junit.framework.TestCase;
import org.apache.geronimo.security.providers.PropertiesFileSecurityRealm;
-import org.apache.geronimo.test.util.ServerUtil;
-
-import java.io.File;
-import java.io.IOException;
/**
@@ -78,32 +76,25 @@
* @version $Revision$ $Date$
*/
public class LoginPropertiesFileTest extends TestCase {
- MBeanServer server;
SecurityService securityService;
public void setUp() throws Exception {
- server = ServerUtil.newLocalServer();
securityService = new SecurityService();
- server.registerMBean(securityService, null);
- PropertiesFileSecurityRealm c = new PropertiesFileSecurityRealm();
- c.setRealmName("Foo");
- c.setUsersURI((new File(new File("."), "src/test-data/data/users.properties")).toURI());
- c.setGroupsURI((new File(new File("."), "src/test-data/data/groups.properties")).toURI());
- server.registerMBean(c, null);
+ PropertiesFileSecurityRealm securityRealm = new PropertiesFileSecurityRealm();
+ securityRealm.setRealmName("Foo");
+ securityRealm.setUsersURI((new File(new File("."), "src/test-data/data/users.properties")).toURI());
+ securityRealm.setGroupsURI((new File(new File("."), "src/test-data/data/groups.properties")).toURI());
+ securityRealm.doStart();
+ securityService.setRealms(Collections.singleton(securityRealm));
- securityService.startRecursive();
}
public void tearDown() throws Exception {
- securityService.stop();
-
- ServerUtil.stopLocalServer(server);
}
public void testLogin() throws Exception {
- GeronimoLoginConfiguration.setMBeanServer(server);
Subject subject = new Subject();
CallbackHandler handler = new CallbackHandler() {
@@ -122,5 +113,7 @@
context.login();
Subject rSubject = context.getSubject();
+ assertTrue("expected non-null subject", rSubject != null);
+
}
}
1.2 +36 -33 incubator-geronimo/modules/core/src/test/org/apache/geronimo/security/LoginSQLTest.java
Index: LoginSQLTest.java
===================================================================
RCS file: /home/cvs/incubator-geronimo/modules/core/src/test/org/apache/geronimo/security/LoginSQLTest.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- LoginSQLTest.java 18 Nov 2003 05:20:12 -0000 1.1
+++ LoginSQLTest.java 28 Dec 2003 19:34:05 -0000 1.2
@@ -55,23 +55,22 @@
*/
package org.apache.geronimo.security;
-import junit.framework.TestCase;
+import java.io.IOException;
+import java.sql.Connection;
+import java.sql.DriverManager;
+import java.sql.SQLException;
+import java.util.Collections;
-import javax.management.MBeanServer;
-import javax.security.auth.login.LoginContext;
import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.UnsupportedCallbackException;
-import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.login.LoginContext;
+import junit.framework.TestCase;
import org.apache.geronimo.security.providers.SQLSecurityRealm;
-import org.apache.geronimo.test.util.ServerUtil;
-
-import java.io.IOException;
-import java.sql.DriverManager;
-import java.sql.Connection;
/**
@@ -79,15 +78,21 @@
* @version $Revision$ $Date$
*/
public class LoginSQLTest extends TestCase {
- MBeanServer server;
+
+ private static final String hsqldbURL = "jdbc:hsqldb:target/database/LoginSQLTest";
SecurityService securityService;
public void setUp() throws Exception {
DriverManager.registerDriver(new org.hsqldb.jdbcDriver());
- Connection conn = DriverManager.getConnection("jdbc:hsqldb:target/database/LoginSQLTest", "sa", "");
+ Connection conn = DriverManager.getConnection(hsqldbURL, "sa", "");
+
- conn.prepareStatement("CREATE USER loginmodule PASSWORD password ADMIN;").executeQuery();
+ try {
+ conn.prepareStatement("CREATE USER loginmodule PASSWORD password ADMIN;").executeQuery();
+ } catch (SQLException e) {
+ //ignore, for some reason user already exists.
+ }
conn.prepareStatement("CREATE TABLE Users(UserName VARCHAR(16), Password VARCHAR(16));").executeQuery();
conn.prepareStatement("CREATE TABLE Groups(GroupName VARCHAR(16), UserName VARCHAR(16));").executeQuery();
@@ -112,36 +117,33 @@
conn.close();
- server = ServerUtil.newLocalServer();
-
securityService = new SecurityService();
- server.registerMBean(securityService, null);
-
- SQLSecurityRealm c = new SQLSecurityRealm();
- c.setRealmName("Foo");
- c.setConnectionURL("jdbc:hsqldb:target/database/LoginSQLTest");
- c.setUser("loginmodule");
- c.setPassword("password");
- server.registerMBean(c, null);
- securityService.startRecursive();
+ SQLSecurityRealm securityRealm = new SQLSecurityRealm();
+ securityRealm.setRealmName("Foo");
+ securityRealm.setConnectionURL(hsqldbURL);
+ securityRealm.setUser("loginmodule");
+ securityRealm.setPassword("password");
+ securityRealm.doStart();
+ securityService.setRealms(Collections.singleton(securityRealm));
}
public void tearDown() throws Exception {
- securityService.stop();
- ServerUtil.stopLocalServer(server);
+ Connection conn = DriverManager.getConnection(hsqldbURL, "sa", "");
- Connection conn = DriverManager.getConnection("jdbc:hsqldb:target/database/LoginSQLTest", "sa", "");
+ try {
+ conn.prepareStatement("DROP USER loginmodule;").executeQuery();
- conn.prepareStatement("DROP USER loginmodule;").executeQuery();
+ conn.prepareStatement("DROP TABLE Users;").executeQuery();
+ conn.prepareStatement("DROP TABLE Groups;").executeQuery();
+ } catch (SQLException e) {
+ //who knows??
+ }
- conn.prepareStatement("DROP TABLE Users;").executeQuery();
- conn.prepareStatement("DROP TABLE Groups;").executeQuery();
}
public void testLogin() throws Exception {
- GeronimoLoginConfiguration.setMBeanServer(server);
Subject subject = new Subject();
CallbackHandler handler = new CallbackHandler() {
@@ -160,5 +162,6 @@
context.login();
Subject rSubject = context.getSubject();
+ assertTrue("expected non-null subject", rSubject != null);
}
}
1.2 +30 -28 incubator-geronimo/modules/core/src/test/org/apache/geronimo/security/SecurityServiceTest.java
Index: SecurityServiceTest.java
===================================================================
RCS file: /home/cvs/incubator-geronimo/modules/core/src/test/org/apache/geronimo/security/SecurityServiceTest.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- SecurityServiceTest.java 18 Nov 2003 05:28:27 -0000 1.1
+++ SecurityServiceTest.java 28 Dec 2003 19:34:05 -0000 1.2
@@ -55,16 +55,17 @@
*/
package org.apache.geronimo.security;
-import junit.framework.TestCase;
-
-import javax.management.MBeanServer;
-import javax.management.ObjectName;
+import java.io.File;
+import java.util.Collections;
-import org.apache.geronimo.kernel.jmx.MBeanProxyFactory;
+import junit.framework.TestCase;
import org.apache.geronimo.security.providers.PropertiesFileSecurityRealm;
-import org.apache.geronimo.test.util.ServerUtil;
-
-import java.io.File;
+import org.apache.geronimo.deployment.model.geronimo.ejb.EjbJar;
+import org.apache.geronimo.deployment.model.geronimo.ejb.EnterpriseBeans;
+import org.apache.geronimo.deployment.model.geronimo.web.WebApp;
+import org.apache.geronimo.deployment.model.geronimo.j2ee.Security;
+import org.apache.geronimo.deployment.model.ejb.AssemblyDescriptor;
+import org.apache.geronimo.deployment.model.ejb.ExcludeList;
/**
@@ -73,37 +74,38 @@
* @version $Revision$ $Date$
*/
public class SecurityServiceTest extends TestCase {
- MBeanServer server;
- SecurityRealm c1;
SecurityService securityService;
public void setUp() throws Exception {
System.setProperty("javax.security.jacc.PolicyConfigurationFactory.provider", "org.apache.geronimo.security.GeronimoPolicyConfigurationFactory");
- server = ServerUtil.newLocalServer();
-
securityService = new SecurityService();
- server.registerMBean(securityService, null);
- PropertiesFileSecurityRealm c = new PropertiesFileSecurityRealm();
- c.setRealmName("Foo");
- c.setUsersURI((new File(new File("."), "src/test-data/data/users.properties")).toURI());
- c.setGroupsURI((new File(new File("."), "src/test-data/data/groups.properties")).toURI());
- server.registerMBean(c, null);
-
- securityService.startRecursive();
+ PropertiesFileSecurityRealm securityRealm = new PropertiesFileSecurityRealm();
+ securityRealm.setRealmName("Foo");
+ securityRealm.setUsersURI((new File(new File("."), "src/test-data/data/users.properties")).toURI());
+ securityRealm.setGroupsURI((new File(new File("."), "src/test-data/data/groups.properties")).toURI());
+
+ securityService.setRealms(Collections.singleton(securityRealm));
+ EjbJar ejbJar = new EjbJar();
+ ejbJar.setEnterpriseBeans(new EnterpriseBeans());
+ AssemblyDescriptor assemblyDescriptor = new AssemblyDescriptor();
+ assemblyDescriptor.setExcludeList(new ExcludeList());
+ ejbJar.setAssemblyDescriptor(assemblyDescriptor);
+ ejbJar.setSecurity(new Security());
+ securityService.setEJBModuleConfigurations(Collections.singleton(new EJBModuleConfiguration("Foo", ejbJar)));
+ WebApp webApp = new WebApp();
+ webApp.setSecurity(new Security());
+ securityService.setWebModuleConfigurations(Collections.singleton(new WebModuleConfiguration("Bar", webApp)));
}
public void tearDown() throws Exception {
- securityService.stop();
-
- ServerUtil.stopLocalServer(server);
}
public void testConfig() throws Exception {
- ObjectName name = securityService.getEjbModuleConfiguration("Foo", false);
- EJBModuleConfigurationMBean ejbConfig = (EJBModuleConfigurationMBean) MBeanProxyFactory.getProxy(EJBModuleConfigurationMBean.class,
- server,
- name);
+ EJBModuleConfiguration ejbModuleConfiguration = securityService.getEjbModuleConfiguration("Foo", false);
+ assertTrue("expected an ejbModuleConfiguration", ejbModuleConfiguration != null);
+ WebModuleConfiguration webModuleConfiguration = securityService.getWebModuleConfiguration("Bar", false);
+ assertTrue("expected a webModuleConfiguration", webModuleConfiguration != null);
}
}
1.2 +6 -9 incubator-geronimo/modules/core/src/test/org/apache/geronimo/security/WebModuleConfigurationTest.java
Index: WebModuleConfigurationTest.java
===================================================================
RCS file: /home/cvs/incubator-geronimo/modules/core/src/test/org/apache/geronimo/security/WebModuleConfigurationTest.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- WebModuleConfigurationTest.java 18 Nov 2003 05:28:27 -0000 1.1
+++ WebModuleConfigurationTest.java 28 Dec 2003 19:34:05 -0000 1.2
@@ -56,17 +56,15 @@
package org.apache.geronimo.security;
-import junit.framework.TestCase;
-
import java.io.File;
import java.io.FileReader;
+import junit.framework.TestCase;
+import org.apache.geronimo.deployment.model.geronimo.web.GeronimoWebAppDocument;
+import org.apache.geronimo.deployment.model.geronimo.web.WebApp;
import org.apache.geronimo.xml.deployment.GeronimoWebAppLoader;
import org.apache.geronimo.xml.deployment.LoaderUtil;
-import org.apache.geronimo.deployment.model.geronimo.web.WebApp;
-import org.apache.geronimo.deployment.model.geronimo.web.GeronimoWebAppDocument;
import org.w3c.dom.Document;
-import org.apache.geronimo.common.StopWatch;
/**
@@ -83,21 +81,20 @@
public void setUp() throws Exception {
System.setProperty("javax.security.jacc.PolicyConfigurationFactory.provider", "org.apache.geronimo.security.GeronimoPolicyConfigurationFactory");
- module = new WebModuleConfiguration("pookie /test");
docDir = new File("src/test-data/xml/deployment");
loader = new GeronimoWebAppLoader();
}
public void testRead() throws Exception {
- assertSame("pookie /test", module.getContextID());
File f = new File(docDir, "geronimo-web-app-testRead.xml");
Document xmlDoc = LoaderUtil.parseXML(new FileReader(f));
GeronimoWebAppDocument doc = loader.load(xmlDoc);
client = doc.getWebApp();
- module.configure(client);
+ module = new WebModuleConfiguration("pookie /test", client);
+ assertSame("pookie /test", module.getContextID());
}
}