You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by dj...@apache.org on 2004/11/10 22:43:29 UTC
svn commit: rev 57380 - in geronimo/trunk/modules/security: . src/java/org/apache/geronimo/security/util src/test/org/apache/geronimo/security
Author: djencks
Date: Wed Nov 10 13:43:29 2004
New Revision: 57380
Removed:
geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/AbstractLoaderUtilTest.java
Modified:
geronimo/trunk/modules/security/project.xml
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/util/ConfigurationUtil.java
Log:
cleanup: remove excess dependencies and remove unused code and classes
Modified: geronimo/trunk/modules/security/project.xml
==============================================================================
--- geronimo/trunk/modules/security/project.xml (original)
+++ geronimo/trunk/modules/security/project.xml Wed Nov 10 13:43:29 2004
@@ -47,29 +47,16 @@
<!-- ============ -->
<dependencies>
- <dependency>
- <groupId>geronimo</groupId>
- <artifactId>geronimo-xmlbeans-plugin</artifactId>
- <version>${pom.currentVersion}</version>
- <type>plugin</type>
- </dependency>
-
- <!-- needed for xmlbeans runtime-->
- <dependency>
- <groupId>xmlbeans</groupId>
- <artifactId>xbean-apache</artifactId>
- <version>&xmlbeans-version;</version>
- </dependency>
<dependency>
<groupId>geronimo</groupId>
- <artifactId>geronimo-core</artifactId>
+ <artifactId>geronimo-common</artifactId>
<version>${pom.currentVersion}</version>
</dependency>
<dependency>
<groupId>geronimo</groupId>
- <artifactId>geronimo-common</artifactId>
+ <artifactId>geronimo-core</artifactId>
<version>${pom.currentVersion}</version>
</dependency>
@@ -93,43 +80,16 @@
<dependency>
<groupId>geronimo</groupId>
- <artifactId>geronimo-deployment</artifactId>
- <version>${pom.currentVersion}</version>
- </dependency>
-
- <dependency>
- <groupId>geronimo</groupId>
<artifactId>geronimo-system</artifactId>
<version>${pom.currentVersion}</version>
</dependency>
<dependency>
- <groupId>geronimo</groupId>
- <artifactId>geronimo-core</artifactId>
- <version>${pom.currentVersion}</version>
- </dependency>
-
- <dependency>
<groupId>geronimo-spec</groupId>
<artifactId>geronimo-spec-j2ee-jacc</artifactId>
<version>&geronimo-spec-j2ee-jacc-version;</version>
</dependency>
- <dependency>
- <groupId>geronimo-spec</groupId>
- <artifactId>geronimo-spec-servlet</artifactId>
- <version>&geronimo-spec-servlet-version;</version>
- </dependency>
-
- <dependency>
- <groupId>geronimo</groupId>
- <artifactId>geronimo-j2ee-schema</artifactId>
- <version>${pom.currentVersion}</version>
- <properties>
- <xmlbeans>true</xmlbeans>
- </properties>
- </dependency>
-
<!-- Thirdparty -->
<dependency>
@@ -159,13 +119,6 @@
</dependency>
<dependency>
- <groupId>xerces</groupId>
- <artifactId>xercesImpl</artifactId>
- <version>&xerces-version;</version>
- <url>http://xml.apache.org</url>
- </dependency>
-
- <dependency>
<groupId>regexp</groupId>
<artifactId>regexp</artifactId>
<version>®exp-version;</version>
@@ -177,13 +130,6 @@
<artifactId>hsqldb</artifactId>
<version>&hsqldb-version;</version>
<url>http://hsqldb.sourceforge.net</url>
- </dependency>
-
- <dependency>
- <groupId>xml-resolver</groupId>
- <artifactId>xml-resolver</artifactId>
- <version>&xml-resolver-version;</version>
- <url>http://xml.apache.org/commons</url>
</dependency>
<dependency>
Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/util/ConfigurationUtil.java
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/util/ConfigurationUtil.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/util/ConfigurationUtil.java Wed Nov 10 13:43:29 2004
@@ -17,43 +17,17 @@
package org.apache.geronimo.security.util;
-import javax.security.jacc.EJBMethodPermission;
-import javax.security.jacc.EJBRoleRefPermission;
-import javax.security.jacc.PolicyConfiguration;
-import javax.security.jacc.PolicyContext;
-import javax.security.jacc.PolicyContextException;
-import javax.security.jacc.PolicyContextHandler;
-import javax.security.jacc.WebResourcePermission;
-import javax.security.jacc.WebUserDataPermission;
import java.lang.reflect.Constructor;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Iterator;
+import javax.security.jacc.PolicyContext;
+import javax.security.jacc.PolicyContextException;
+import javax.security.jacc.PolicyContextHandler;
-import org.apache.geronimo.security.GeronimoSecurityException;
-import org.apache.geronimo.security.RealmPrincipal;
import org.apache.geronimo.security.PrimaryRealmPrincipal;
+import org.apache.geronimo.security.RealmPrincipal;
import org.apache.geronimo.security.deploy.Principal;
-import org.apache.geronimo.xbeans.j2ee.AssemblyDescriptorType;
-import org.apache.geronimo.xbeans.j2ee.EjbJarType;
-import org.apache.geronimo.xbeans.j2ee.EnterpriseBeansType;
-import org.apache.geronimo.xbeans.j2ee.EntityBeanType;
-import org.apache.geronimo.xbeans.j2ee.ExcludeListType;
-import org.apache.geronimo.xbeans.j2ee.HttpMethodType;
-import org.apache.geronimo.xbeans.j2ee.JavaTypeType;
-import org.apache.geronimo.xbeans.j2ee.MethodPermissionType;
-import org.apache.geronimo.xbeans.j2ee.MethodType;
-import org.apache.geronimo.xbeans.j2ee.RoleNameType;
-import org.apache.geronimo.xbeans.j2ee.SecurityConstraintType;
-import org.apache.geronimo.xbeans.j2ee.SecurityRoleRefType;
-import org.apache.geronimo.xbeans.j2ee.SecurityRoleType;
-import org.apache.geronimo.xbeans.j2ee.SessionBeanType;
-import org.apache.geronimo.xbeans.j2ee.UrlPatternType;
-import org.apache.geronimo.xbeans.j2ee.WebAppType;
-import org.apache.geronimo.xbeans.j2ee.WebResourceCollectionType;
/**
@@ -132,284 +106,5 @@
}
}
- /**
- * Translate the web deployment descriptors into equivalent security
- * permissions. These permissions are placed into the appropriate
- * <code>PolicyConfiguration</code> object as defined in the JAAC spec.
- *
- * @param webApp the deployment descriptor from which to obtain the
- * security constraints that are to be translated.
- * @throws org.apache.geronimo.security.GeronimoSecurityException
- * if there is any violation of the semantics of
- * the security descriptor or the state of the module configuration.
- * @see javax.security.jacc.PolicyConfiguration
- * @see "Java Authorization Contract for Containers", section 3.1.3
- */
- public static void configure(PolicyConfiguration configuration, WebAppType webApp) throws GeronimoSecurityException {
-
- HashSet securityRoles = new HashSet();
- SecurityRoleType[] securityRolesArray = webApp.getSecurityRoleArray();
- for (int i = 0; i < securityRolesArray.length; i++) {
- securityRoles.add(securityRolesArray[i].getRoleName());
- }
-
- HashMap uncheckedPatterns = new HashMap();
- HashMap excludedPatterns = new HashMap();
- HashMap rolesPatterns = new HashMap();
- HashSet allSet = new HashSet();
- HashMap allMap = new HashMap();
-
- SecurityConstraintType[] s = webApp.getSecurityConstraintArray();
- for (int i = 0; i < s.length; i++) {
-
- HashMap currentPatterns;
- if (s[i].getAuthConstraint() == null) {
- currentPatterns = uncheckedPatterns;
- } else if (s[i].getAuthConstraint().getRoleNameArray().length == 0) {
- currentPatterns = excludedPatterns;
- } else {
- currentPatterns = rolesPatterns;
- }
-
- String transport = "";
- if (s[i].getUserDataConstraint() != null) {
- transport = s[i].getUserDataConstraint().getTransportGuarantee().getStringValue();
- }
-
- WebResourceCollectionType[] collection = s[i].getWebResourceCollectionArray();
- for (int j = 0; j < collection.length; j++) {
- HttpMethodType[] methods = collection[j].getHttpMethodArray();
- UrlPatternType[] patterns = collection[j].getUrlPatternArray();
- for (int k = 0; k < patterns.length; k++) {
- URLPattern pattern = (URLPattern) currentPatterns.get(patterns[k]);
- if (pattern == null) {
- pattern = new URLPattern(patterns[k].getStringValue());
- currentPatterns.put(patterns[k].getStringValue(), pattern);
- }
-
- URLPattern allPattern = (URLPattern) allMap.get(patterns[k].getStringValue());
- if (allPattern == null) {
- allPattern = new URLPattern(patterns[k].getStringValue());
- allSet.add(allPattern);
- allMap.put(patterns[k].getStringValue(), allPattern);
- }
-
- for (int l = 0; l < methods.length; l++) {
- pattern.addMethod(methods[l].getStringValue());
- allPattern.addMethod(methods[l].getStringValue());
- }
-
- if (methods.length == 0) {
- pattern.addMethod("");
- allPattern.addMethod("");
- }
-
- if (currentPatterns == rolesPatterns) {
- RoleNameType[] roles = s[i].getAuthConstraint().getRoleNameArray();
- for (int l = 0; l < roles.length; l++) {
- if (roles[l].getStringValue().equals("*")) {
- pattern.addAllRoles(securityRoles);
- } else {
- pattern.addRole(roles[l].getStringValue());
- }
- }
- }
-
- pattern.setTransport(transport);
- }
- }
- }
-
- try {
- /**
- *
- */
- Iterator iter = excludedPatterns.keySet().iterator();
- while (iter.hasNext()) {
- URLPattern pattern = (URLPattern) excludedPatterns.get(iter.next());
- String name = pattern.getQualifiedPattern(allSet);
- String actions = pattern.getMethods();
-
- configuration.addToExcludedPolicy(new WebResourcePermission(name, actions));
- configuration.addToExcludedPolicy(new WebUserDataPermission(name, actions));
- }
-
- /**
- *
- */
- iter = rolesPatterns.keySet().iterator();
- while (iter.hasNext()) {
- URLPattern pattern = (URLPattern) rolesPatterns.get(iter.next());
- String name = pattern.getQualifiedPattern(allSet);
- String actions = pattern.getMethods();
- WebResourcePermission permission = new WebResourcePermission(name, actions);
-
- Iterator names = pattern.getRoles().iterator();
- while (names.hasNext()) {
- configuration.addToRole((String) names.next(), permission);
- }
- }
-
- /**
- *
- */
- iter = uncheckedPatterns.keySet().iterator();
- while (iter.hasNext()) {
- URLPattern pattern = (URLPattern) uncheckedPatterns.get(iter.next());
- String name = pattern.getQualifiedPattern(allSet);
- String actions = pattern.getMethods();
-
- configuration.addToUncheckedPolicy(new WebResourcePermission(name, actions));
- }
-
- /**
- *
- */
- iter = rolesPatterns.keySet().iterator();
- while (iter.hasNext()) {
- URLPattern pattern = (URLPattern) rolesPatterns.get(iter.next());
- String name = pattern.getQualifiedPattern(allSet);
- String actions = pattern.getMethodsWithTransport();
-
- configuration.addToUncheckedPolicy(new WebUserDataPermission(name, actions));
- }
-
- iter = uncheckedPatterns.keySet().iterator();
- while (iter.hasNext()) {
- URLPattern pattern = (URLPattern) uncheckedPatterns.get(iter.next());
- String name = pattern.getQualifiedPattern(allSet);
- String actions = pattern.getMethodsWithTransport();
-
- configuration.addToUncheckedPolicy(new WebUserDataPermission(name, actions));
- }
-
- /**
- * A <code>WebResourcePermission</code> and a <code>WebUserDataPermission</code> must be instantiated for
- * each <tt>url-pattern</tt> in the deployment descriptor and the default pattern "/", that is not combined
- * by the <tt>web-resource-collection</tt> elements of the deployment descriptor with ever HTTP method
- * value. The permission objects must be contructed using the qualified pattern as their name and with
- * actions defined by the subset of the HTTP methods that do not occur in combination with the pattern.
- * The resulting permissions that must be added to the unchecked policy statements by calling the
- * <code>addToUncheckedPolcy</code> method on the <code>PolicyConfiguration</code> object.
- */
- iter = allSet.iterator();
- while (iter.hasNext()) {
- URLPattern pattern = (URLPattern) iter.next();
- String name = pattern.getQualifiedPattern(allSet);
- String actions = pattern.getComplementedMethods();
- if (actions.length() == 0) {
- continue;
- }
-
- configuration.addToUncheckedPolicy(new WebResourcePermission(name, actions));
- configuration.addToUncheckedPolicy(new WebUserDataPermission(name, actions));
- }
-
- URLPattern pattern = new URLPattern("/");
- if (!allSet.contains(pattern)) {
- String name = pattern.getQualifiedPattern(allSet);
- String actions = pattern.getComplementedMethods();
-
- configuration.addToUncheckedPolicy(new WebResourcePermission(name, actions));
- configuration.addToUncheckedPolicy(new WebUserDataPermission(name, actions));
- }
- } catch (PolicyContextException e) {
- throw new GeronimoSecurityException(e);
- }
- }
-
- public static void configure(PolicyConfiguration configuration, EjbJarType ejbJar) throws GeronimoSecurityException {
-
- EnterpriseBeansType enterpriseBeans = ejbJar.getEnterpriseBeans();
- EntityBeanType[] entityBeans = enterpriseBeans.getEntityArray();
- SessionBeanType[] sessionBeans = enterpriseBeans.getSessionArray();
-
- AssemblyDescriptorType assemblyDescriptor = ejbJar.getAssemblyDescriptor();
- MethodPermissionType[] methodPermissions = assemblyDescriptor.getMethodPermissionArray();
- ExcludeListType excludeList = assemblyDescriptor.getExcludeList();
-
- /**
- * Section 3.1.5.1
- */
- for (int i = 0; i < methodPermissions.length; i++) {
- MethodPermissionType methodPermission = methodPermissions[i];
- MethodType[] methods = methodPermission.getMethodArray();
-
- for (int j = 0; j < methods.length; j++) {
- MethodType method = methods[j];
- EJBMethodPermission permission = new EJBMethodPermission(method.getEjbName().getStringValue(),
- method.getMethodName().getStringValue(),
- method.getMethodIntf().getStringValue(),
- toStringArray(method.getMethodParams().getMethodParamArray()));
-
- try {
- if (methodPermission.getUnchecked() != null) {
- configuration.addToUncheckedPolicy(permission);
- } else {
- RoleNameType[] roleNames = methodPermission.getRoleNameArray();
-
- for (int k = 0; k < roleNames.length; k++) {
- configuration.addToRole(roleNames[k].getStringValue(), permission);
- }
- }
- } catch (PolicyContextException e) {
- throw new GeronimoSecurityException(e);
- }
- }
- }
-
- /**
- * Section 3.1.5.2
- */
- if (excludeList != null) {
- MethodType[] methods = excludeList.getMethodArray();
- try {
- for (int i = 0; i < methods.length; i++) {
- EJBMethodPermission permission = new EJBMethodPermission(methods[i].getEjbName().getStringValue(),
- methods[i].getMethodName().getStringValue(),
- methods[i].getMethodIntf().getStringValue(),
- toStringArray(methods[i].getMethodParams().getMethodParamArray()));
- configuration.addToExcludedPolicy(permission);
- }
- } catch (PolicyContextException e) {
- throw new GeronimoSecurityException(e);
- }
- }
-
- /**
- * Section 3.1.5.3
- */
- for (int i = 0; i < entityBeans.length; i++) {
- translateSecurityRoleRefs(configuration, entityBeans[i].getSecurityRoleRefArray(), entityBeans[i].getEjbName().getStringValue());
- }
-
- for (int i = 0; i < sessionBeans.length; i++) {
- translateSecurityRoleRefs(configuration, sessionBeans[i].getSecurityRoleRefArray(), sessionBeans[i].getEjbName().getStringValue());
- }
- }
-
- public static String[] toStringArray(JavaTypeType[] methodParamArray) {
- String[] result = new String[methodParamArray.length];
- for (int i = 0; i < methodParamArray.length; i++) {
- result[i] = methodParamArray[i].getStringValue();
- }
- return result;
- }
-
-
- private static void translateSecurityRoleRefs(PolicyConfiguration configuration, SecurityRoleRefType[] roleRefs, String ejbName) throws GeronimoSecurityException {
-
- try {
-
- for (int i = 0; i < roleRefs.length; i++) {
- String roleName = roleRefs[i].getRoleName().getStringValue();
- String roleLink = roleRefs[i].getRoleLink().getStringValue();
-
- configuration.addToRole(roleLink, new EJBRoleRefPermission(ejbName, roleName));
- }
- } catch (PolicyContextException e) {
- throw new GeronimoSecurityException(e);
- }
- }
}