You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by dj...@apache.org on 2004/12/19 20:11:09 UTC
svn commit: r122776 - in geronimo/trunk/modules: assembly/src/plan j2ee/src/java/org/apache/geronimo/j2ee/j2eeobjectnames jetty-builder/src/java/org/apache/geronimo/jetty/deployment jetty-builder/src/test/org/apache/geronimo/jetty/deployment jetty/src/java/org/apache/geronimo/jetty jetty/src/java/org/apache/geronimo/jetty/interceptor jetty/src/test/org/apache/geronimo/jetty security/src/java/org/apache/geronimo/security security/src/java/org/apache/geronimo/security/deploy tomcat/src/test/org/apache/geronimo/tomcat
Author: djencks
Date: Sun Dec 19 11:11:07 2004
New Revision: 122776
URL: http://svn.apache.org/viewcvs?view=rev&rev=122776
Log:
merge JettyWebAppJACCContext into JettyWebAppContext
Removed:
geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java
Modified:
geronimo/trunk/modules/assembly/src/plan/j2ee-deployer-plan.xml
geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml
geronimo/trunk/modules/j2ee/src/java/org/apache/geronimo/j2ee/j2eeobjectnames/NameFactory.java
geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java
geronimo/trunk/modules/jetty-builder/src/test/org/apache/geronimo/jetty/deployment/JettyModuleBuilderTest.java
geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyPrincipal.java
geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java
geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java
geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java
geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java
Modified: geronimo/trunk/modules/assembly/src/plan/j2ee-deployer-plan.xml
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/assembly/src/plan/j2ee-deployer-plan.xml?view=diff&rev=122776&p1=geronimo/trunk/modules/assembly/src/plan/j2ee-deployer-plan.xml&r1=122775&p2=geronimo/trunk/modules/assembly/src/plan/j2ee-deployer-plan.xml&r2=122776
==============================================================================
--- geronimo/trunk/modules/assembly/src/plan/j2ee-deployer-plan.xml (original)
+++ geronimo/trunk/modules/assembly/src/plan/j2ee-deployer-plan.xml Sun Dec 19 11:11:07 2004
@@ -163,7 +163,7 @@
<!--can this SecurityService actually do anything in this configuration???-->
<gbean name="geronimo.deployer:type=SecurityService" class="org.apache.geronimo.security.SecurityServiceImpl">
<attribute name="policyConfigurationFactory" type="java.lang.String">org.apache.geronimo.security.jacc.GeronimoPolicyConfigurationFactory</attribute>
- <reference name="Realms">geronimo.security:type=SecurityRealm,*</reference>
+ <reference name="Mappers">geronimo.security:type=SecurityRealm,*</reference>
</gbean>
<gbean name="geronimo.deployer:role=ModuleBuilder,type=Web,config=org/apache/geronimo/J2EEDeployer" class="org.apache.geronimo.jetty.deployment.JettyModuleBuilder">
Modified: geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml?view=diff&rev=122776&p1=geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml&r1=122775&p2=geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml&r2=122776
==============================================================================
--- geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml (original)
+++ geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml Sun Dec 19 11:11:07 2004
@@ -157,7 +157,7 @@
<gbean name="geronimo.security:type=SecurityService" class="org.apache.geronimo.security.SecurityServiceImpl">
<attribute name="policyConfigurationFactory" type="java.lang.String">org.apache.geronimo.security.jacc.GeronimoPolicyConfigurationFactory</attribute>
- <reference name="Realms">geronimo.security:type=SecurityRealm,*</reference>
+ <reference name="Mappers">geronimo.security:type=SecurityRealm,*</reference>
</gbean>
<gbean name="geronimo.security:type=JaasLoginService" class="org.apache.geronimo.security.jaas.JaasLoginService">
Modified: geronimo/trunk/modules/j2ee/src/java/org/apache/geronimo/j2ee/j2eeobjectnames/NameFactory.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/j2ee/src/java/org/apache/geronimo/j2ee/j2eeobjectnames/NameFactory.java?view=diff&rev=122776&p1=geronimo/trunk/modules/j2ee/src/java/org/apache/geronimo/j2ee/j2eeobjectnames/NameFactory.java&r1=122775&p2=geronimo/trunk/modules/j2ee/src/java/org/apache/geronimo/j2ee/j2eeobjectnames/NameFactory.java&r2=122776
==============================================================================
--- geronimo/trunk/modules/j2ee/src/java/org/apache/geronimo/j2ee/j2eeobjectnames/NameFactory.java (original)
+++ geronimo/trunk/modules/j2ee/src/java/org/apache/geronimo/j2ee/j2eeobjectnames/NameFactory.java Sun Dec 19 11:11:07 2004
@@ -210,4 +210,8 @@
return ObjectName.getInstance(context.getJ2eeDomainName(j2eeDomainName), props);
}
+ //TODO parameterize this
+ public static ObjectName getSecurityRealmName(String realmName) throws MalformedObjectNameException {
+ return ObjectName.getInstance("geronimo.security:type=SecurityRealm,name=" + realmName);
+ }
}
Modified: geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java?view=diff&rev=122776&p1=geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java&r1=122775&p2=geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java&r2=122776
==============================================================================
--- geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java (original)
+++ geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java Sun Dec 19 11:11:07 2004
@@ -46,13 +46,6 @@
import javax.security.jacc.WebUserDataPermission;
import javax.transaction.UserTransaction;
-import org.apache.xmlbeans.XmlException;
-import org.apache.xmlbeans.XmlObject;
-import org.mortbay.http.BasicAuthenticator;
-import org.mortbay.http.ClientCertAuthenticator;
-import org.mortbay.http.DigestAuthenticator;
-import org.mortbay.jetty.servlet.FormAuthenticator;
-
import org.apache.geronimo.common.DeploymentException;
import org.apache.geronimo.deployment.service.GBeanHelper;
import org.apache.geronimo.deployment.util.DeploymentUtil;
@@ -71,7 +64,6 @@
import org.apache.geronimo.jetty.JettyFilterMapping;
import org.apache.geronimo.jetty.JettyServletHolder;
import org.apache.geronimo.jetty.JettyWebAppContext;
-import org.apache.geronimo.jetty.JettyWebAppJACCContext;
import org.apache.geronimo.kernel.Kernel;
import org.apache.geronimo.naming.deployment.ENCConfigBuilder;
import org.apache.geronimo.naming.deployment.GBeanResourceEnvironmentBuilder;
@@ -79,6 +71,7 @@
import org.apache.geronimo.schema.SchemaConversionUtils;
import org.apache.geronimo.security.SecurityService;
import org.apache.geronimo.security.deploy.Security;
+import org.apache.geronimo.security.deploy.AutoMapAssistant;
import org.apache.geronimo.security.deployment.SecurityBuilder;
import org.apache.geronimo.security.util.URLPattern;
import org.apache.geronimo.transaction.OnlineUserTransaction;
@@ -111,6 +104,12 @@
import org.apache.geronimo.xbeans.j2ee.WebAppType;
import org.apache.geronimo.xbeans.j2ee.WebResourceCollectionType;
import org.apache.geronimo.xbeans.j2ee.WelcomeFileListType;
+import org.apache.xmlbeans.XmlException;
+import org.apache.xmlbeans.XmlObject;
+import org.mortbay.http.BasicAuthenticator;
+import org.mortbay.http.ClientCertAuthenticator;
+import org.mortbay.http.DigestAuthenticator;
+import org.mortbay.jetty.servlet.FormAuthenticator;
/**
@@ -368,27 +367,29 @@
UserTransaction userTransaction = new OnlineUserTransaction();
ReadOnlyContext compContext = buildComponentContext(earContext, webModule, webApp, jettyWebApp, userTransaction, webClassLoader);
- GBeanData webModuleData;
+ GBeanData webModuleData = new GBeanData(webModuleName, JettyWebAppContext.GBEAN_INFO);
try {
Set securityRoles = new HashSet();
if (jettyWebApp.isSetLoginDomainName()) {
- webModuleData = new GBeanData(webModuleName, JettyWebAppJACCContext.GBEAN_INFO);
Security security = SecurityBuilder.buildSecurityConfig(jettyWebApp.getSecurity(), collectRoleNames(webApp));
security.autoGenerate(securityService);
webModuleData.setAttribute("loginDomainName", jettyWebApp.getLoginDomainName().trim());
webModuleData.setAttribute("securityConfig", security);
- String policyContextID;
- if (earContext.getApplicationObjectName() == null) {
- policyContextID = module.getName();
- } else {
- policyContextID = earContext.getApplicationObjectName().toString();
- }
+ String policyContextID = webModuleName.getCanonicalName();
webModuleData.setAttribute("policyContextID", policyContextID);
buildSpecSecurityConfig(webApp, webModuleData, securityRoles);
-
- } else {
- webModuleData = new GBeanData(webModuleName, JettyWebAppContext.GBEAN_INFO);
+ AutoMapAssistant assistant = security.getAssistant();
+ if (assistant != null) {
+ String realmName = assistant.getSecurityRealm();
+ ObjectName securityRealmName = null;
+ try {
+ securityRealmName = NameFactory.getSecurityRealmName(realmName);
+ } catch (MalformedObjectNameException e) {
+ throw new DeploymentException("Could not construct security realm name", e);
+ }
+ webModuleData.setReferencePattern("SecurityRealm", securityRealmName);
+ }
}
webModuleData.setAttribute("uri", URI.create(module.getTargetPath() + "/"));
Modified: geronimo/trunk/modules/jetty-builder/src/test/org/apache/geronimo/jetty/deployment/JettyModuleBuilderTest.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty-builder/src/test/org/apache/geronimo/jetty/deployment/JettyModuleBuilderTest.java?view=diff&rev=122776&p1=geronimo/trunk/modules/jetty-builder/src/test/org/apache/geronimo/jetty/deployment/JettyModuleBuilderTest.java&r1=122775&p2=geronimo/trunk/modules/jetty-builder/src/test/org/apache/geronimo/jetty/deployment/JettyModuleBuilderTest.java&r2=122776
==============================================================================
--- geronimo/trunk/modules/jetty-builder/src/test/org/apache/geronimo/jetty/deployment/JettyModuleBuilderTest.java (original)
+++ geronimo/trunk/modules/jetty-builder/src/test/org/apache/geronimo/jetty/deployment/JettyModuleBuilderTest.java Sun Dec 19 11:11:07 2004
@@ -184,7 +184,7 @@
kernel = new Kernel("test.kernel");
kernel.boot();
ObjectName defaultServlets = ObjectName.getInstance("test:name=test,type=none,*");
- SecurityServiceImpl securityService = new SecurityServiceImpl("org.apache.geronimo.security.jacc.GeronimoPolicyConfigurationFactory", null, null);
+ SecurityServiceImpl securityService = new SecurityServiceImpl("org.apache.geronimo.security.jacc.GeronimoPolicyConfigurationFactory", null);
builder = new JettyModuleBuilder(new URI("null"), new Integer(1800), Collections.EMPTY_LIST, containerName, defaultServlets, null, null, securityService, kernel);
Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyPrincipal.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyPrincipal.java?view=diff&rev=122776&p1=geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyPrincipal.java&r1=122775&p2=geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyPrincipal.java&r2=122776
==============================================================================
--- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyPrincipal.java (original)
+++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyPrincipal.java Sun Dec 19 11:11:07 2004
@@ -41,7 +41,7 @@
return subject;
}
- void setSubject(Subject subject) {
+ public void setSubject(Subject subject) {
this.subject = subject;
}
Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java?view=diff&rev=122776&p1=geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java&r1=122775&p2=geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java&r2=122776
==============================================================================
--- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java (original)
+++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java Sun Dec 19 11:11:07 2004
@@ -24,12 +24,15 @@
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
+import java.security.PermissionCollection;
+import java.io.IOException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.mortbay.http.Authenticator;
import org.mortbay.http.HttpRequest;
import org.mortbay.http.HttpResponse;
+import org.mortbay.http.HttpException;
import org.mortbay.jetty.servlet.AbstractSessionManager;
import org.mortbay.jetty.servlet.FilterHolder;
import org.mortbay.jetty.servlet.JSR154Filter;
@@ -47,10 +50,13 @@
import org.apache.geronimo.jetty.interceptor.ThreadClassloaderBeforeAfter;
import org.apache.geronimo.jetty.interceptor.TransactionContextBeforeAfter;
import org.apache.geronimo.jetty.interceptor.WebApplicationContextBeforeAfter;
+import org.apache.geronimo.jetty.interceptor.SecurityContextBeforeAfter;
import org.apache.geronimo.naming.java.ReadOnlyContext;
import org.apache.geronimo.transaction.OnlineUserTransaction;
import org.apache.geronimo.transaction.TrackedConnectionAssociator;
import org.apache.geronimo.transaction.context.TransactionContextManager;
+import org.apache.geronimo.security.deploy.Security;
+import org.apache.geronimo.security.realm.AutoMapAssistant;
/**
@@ -68,9 +74,9 @@
private final WebApplicationHandler handler;
private String displayName;
- //TODO make these private final again!
- protected BeforeAfter chain;
- protected int contextLength;
+ private final BeforeAfter chain;
+ private final int contextLength;
+ private final SecurityContextBeforeAfter securityInterceptor;
/**
* @deprecated never use this... this is only here because Jetty WebApplicationContext is externalizable
@@ -82,34 +88,45 @@
handler = null;
chain = null;
contextLength = 0;
+ securityInterceptor = null;
}
public JettyWebAppContext(URI uri,
- ReadOnlyContext componentContext,
- OnlineUserTransaction userTransaction,
- ClassLoader classLoader,
- URI[] webClassPath,
- boolean contextPriorityClassLoader,
- URL configurationBaseUrl,
- Set unshareableResources,
- Set applicationManagedSecurityResources,
-
- String displayName,
- Map contextParamMap,
- Collection listenerClassNames,
- boolean distributable,
- Map mimeMap,
- String[] welcomeFiles,
- Map localeEncodingMapping,
- Map errorPages,
- Authenticator authenticator,
- String realmName,
- Map tagLibMap,
- int sessionTimeoutSeconds,
-
- TransactionContextManager transactionContextManager,
- TrackedConnectionAssociator trackedConnectionAssociator,
- JettyContainer jettyContainer) throws Exception, IllegalAccessException, InstantiationException, ClassNotFoundException {
+ ReadOnlyContext componentContext,
+ OnlineUserTransaction userTransaction,
+ ClassLoader classLoader,
+ URI[] webClassPath,
+ boolean contextPriorityClassLoader,
+ URL configurationBaseUrl,
+ Set unshareableResources,
+ Set applicationManagedSecurityResources,
+
+ String displayName,
+ Map contextParamMap,
+ Collection listenerClassNames,
+ boolean distributable,
+ Map mimeMap,
+ String[] welcomeFiles,
+ Map localeEncodingMapping,
+ Map errorPages,
+ Authenticator authenticator,
+ String realmName,
+ Map tagLibMap,
+ int sessionTimeoutSeconds,
+
+ String policyContextID,
+ String loginDomainName,
+ Security securityConfig,
+ //from jettyxmlconfig
+ Set securityRoles,
+ PermissionCollection uncheckedPermissions,
+ PermissionCollection excludedPermissions,
+ Map rolePermissions,
+
+ TransactionContextManager transactionContextManager,
+ TrackedConnectionAssociator trackedConnectionAssociator,
+ JettyContainer jettyContainer,
+ AutoMapAssistant assistant) throws Exception, IllegalAccessException, InstantiationException, ClassNotFoundException {
assert uri != null;
assert componentContext != null;
@@ -163,6 +180,17 @@
interceptor = new ComponentContextBeforeAfter(interceptor, index++, componentContext);
interceptor = new ThreadClassloaderBeforeAfter(interceptor, index++, index++, this.classLoader);
interceptor = new WebApplicationContextBeforeAfter(interceptor, index++, this);
+//JACC
+ if (securityConfig != null) {
+ //set the JAASJettyRealm as our realm.
+ JAASJettyRealm realm = new JAASJettyRealm(realmName, loginDomainName);
+ setRealm(realm);
+ this.securityInterceptor = new SecurityContextBeforeAfter(interceptor, index++, index++, policyContextID, securityConfig, loginDomainName, assistant, authenticator, securityRoles, uncheckedPermissions, excludedPermissions, rolePermissions, realm);
+ interceptor = securityInterceptor;
+ } else {
+ securityInterceptor = null;
+ }
+//end JACC
chain = interceptor;
contextLength = index;
@@ -216,24 +244,27 @@
super.stop();
return;
}
+ jettyContainer.removeContext(this);
+ if (securityInterceptor != null) {
+ securityInterceptor.stop();
+ }
Object context = enterContextScope(null, null);
try {
super.doStop();
} finally {
leaveContextScope(null, null, context);
}
- jettyContainer.removeContext(this);
log.info("JettyWebAppContext stopped");
}
public void doFail() {
try {
+ //this will call doStop
super.stop();
} catch (InterruptedException e) {
}
- jettyContainer.removeContext(this);
log.info("JettyWebAppContext failed");
}
@@ -314,6 +345,9 @@
handler.mapPathToServlet(urlPattern, servletName);
}
}
+ if (securityInterceptor != null) {
+ securityInterceptor.registerServletHolder(webRoleRefPermissions);
+ }
Object context = enterContextScope(null, null);
try {
servletHolder.start();
@@ -322,6 +356,14 @@
}
}
+ public boolean checkSecurityConstraints(String pathInContext, HttpRequest request, HttpResponse response) throws HttpException, IOException {
+ if (securityInterceptor != null) {
+ return securityInterceptor.checkSecurityConstraints(pathInContext, request, response);
+ }
+ return super.checkSecurityConstraints(pathInContext, request, response);
+ }
+
+
public static final GBeanInfo GBEAN_INFO;
static {
@@ -361,6 +403,17 @@
infoBuilder.addInterface(JettyServletRegistration.class);
+ infoBuilder.addAttribute("policyContextID", String.class, true);
+ infoBuilder.addAttribute("loginDomainName", String.class, true);
+ infoBuilder.addAttribute("securityConfig", Security.class, true);
+
+ infoBuilder.addAttribute("securityRoles", Set.class, true);
+ infoBuilder.addAttribute("uncheckedPermissions", PermissionCollection.class, true);
+ infoBuilder.addAttribute("excludedPermissions", PermissionCollection.class, true);
+ infoBuilder.addAttribute("rolePermissions", Map.class, true);
+
+ infoBuilder.addReference("SecurityRealm", AutoMapAssistant.class);
+
infoBuilder.setConstructor(new String[]{
"uri",
"componentContext",
@@ -385,9 +438,19 @@
"tagLibMap",
"sessionTimeoutSeconds",
+ "policyContextID",
+ "loginDomainName",
+ "securityConfig",
+
+ "securityRoles",
+ "uncheckedPermissions",
+ "excludedPermissions",
+ "rolePermissions",
+
"TransactionContextManager",
"TrackedConnectionAssociator",
- "JettyContainer"
+ "JettyContainer",
+ "SecurityRealm",
});
GBEAN_INFO = infoBuilder.getBeanInfo();
Deleted: /geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java?view=auto&rev=122775
==============================================================================
Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java?view=diff&rev=122776&p1=geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java&r1=122775&p2=geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java&r2=122776
==============================================================================
--- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java (original)
+++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java Sun Dec 19 11:11:07 2004
@@ -16,27 +16,49 @@
*/
package org.apache.geronimo.jetty.interceptor;
+import java.io.IOException;
+import java.security.AccessControlContext;
+import java.security.AccessControlException;
+import java.security.Permission;
+import java.security.PermissionCollection;
+import java.security.Permissions;
+import java.security.Principal;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
+import javax.security.jacc.PolicyConfiguration;
+import javax.security.jacc.PolicyConfigurationFactory;
import javax.security.jacc.PolicyContext;
import javax.security.jacc.PolicyContextException;
+import javax.security.jacc.WebResourcePermission;
+import javax.security.jacc.WebRoleRefPermission;
+import javax.security.jacc.WebUserDataPermission;
import org.apache.geronimo.common.GeronimoSecurityException;
+import org.apache.geronimo.jetty.JAASJettyPrincipal;
import org.apache.geronimo.security.ContextManager;
-import org.apache.geronimo.security.RealmPrincipal;
import org.apache.geronimo.security.IdentificationPrincipal;
+import org.apache.geronimo.security.PrimaryRealmPrincipal;
+import org.apache.geronimo.security.RealmPrincipal;
import org.apache.geronimo.security.SubjectId;
+import org.apache.geronimo.security.deploy.DefaultPrincipal;
import org.apache.geronimo.security.deploy.Realm;
import org.apache.geronimo.security.deploy.Role;
import org.apache.geronimo.security.deploy.Security;
import org.apache.geronimo.security.jacc.RoleMappingConfiguration;
+import org.apache.geronimo.security.realm.AutoMapAssistant;
import org.apache.geronimo.security.util.ConfigurationUtil;
+import org.mortbay.http.Authenticator;
+import org.mortbay.http.HttpException;
import org.mortbay.http.HttpRequest;
import org.mortbay.http.HttpResponse;
+import org.mortbay.http.SecurityConstraint;
+import org.mortbay.http.UserRealm;
+import org.mortbay.jetty.servlet.FormAuthenticator;
+import org.mortbay.jetty.servlet.ServletHttpRequest;
/**
* @version $Rev: $ $Date: $
@@ -49,12 +71,98 @@
private final String policyContextID;
private final static ThreadLocal currentWebAppContext = new ThreadLocal();
private final Map roleDesignates = new HashMap();
+ private final JAASJettyPrincipal defaultPrincipal;
- public SecurityContextBeforeAfter(BeforeAfter next, int policyContextIDIndex, int webAppContextIndex, String policyContextID) {
+ private final String formLoginPath;
+ private final PolicyConfigurationFactory factory;
+ private final PolicyConfiguration policyConfiguration;
+
+ private final PermissionCollection checked = new Permissions();
+ private final PermissionCollection excludedPermissions;
+ private final Authenticator authenticator;
+
+ private final UserRealm realm;
+
+ public SecurityContextBeforeAfter(BeforeAfter next,
+ int policyContextIDIndex,
+ int webAppContextIndex,
+ String policyContextID,
+ Security securityConfig,
+ String loginDomainName,
+ AutoMapAssistant assistant,
+ Authenticator authenticator,
+ Set securityRoles,
+ PermissionCollection uncheckedPermissions,
+ PermissionCollection excludedPermissions,
+ Map rolePermissions,
+ UserRealm realm) throws PolicyContextException, ClassNotFoundException {
this.next = next;
this.policyContextIDIndex = policyContextIDIndex;
this.webAppContextIndex = webAppContextIndex;
this.policyContextID = policyContextID;
+
+ this.defaultPrincipal = generateDefaultPrincipal(securityConfig, loginDomainName, assistant);
+
+ if (authenticator instanceof FormAuthenticator) {
+ String formLoginPath = ((FormAuthenticator) authenticator).getLoginPage();
+ if (formLoginPath.indexOf('?') > 0) {
+ formLoginPath = formLoginPath.substring(0, formLoginPath.indexOf('?'));
+ }
+ this.formLoginPath = formLoginPath;
+ } else {
+ formLoginPath = null;
+ }
+
+ this.authenticator = authenticator;
+ /**
+ * Register our default principal with the ContextManager
+ */
+ Subject defaultSubject = defaultPrincipal.getSubject();
+ ContextManager.registerSubject(defaultSubject);
+ SubjectId id = ContextManager.getSubjectId(defaultSubject);
+ defaultSubject.getPrincipals().add(new IdentificationPrincipal(id));
+
+// log.debug("Default subject " + id + " for JACC policy '" + policyContextID + "' registered.");
+
+ /**
+ * Get the JACC policy configuration that's associated with this
+ * web application and configure it with the geronimo security
+ * configuration. The work for this is done by the class
+ * JettyXMLConfiguration.
+ */
+ factory = PolicyConfigurationFactory.getPolicyConfigurationFactory();
+
+ policyConfiguration = factory.getPolicyConfiguration(policyContextID, true);
+ configure(uncheckedPermissions, excludedPermissions, rolePermissions);
+ addRoleMappings(securityRoles, loginDomainName, securityConfig, (RoleMappingConfiguration) policyConfiguration);
+ policyConfiguration.commit();
+ this.excludedPermissions = excludedPermissions;
+
+ Set allRolePermissions = new HashSet();
+ for (Iterator iterator = rolePermissions.entrySet().iterator(); iterator.hasNext();) {
+ Map.Entry entry = (Map.Entry) iterator.next();
+ Set permissionsForRole = (Set) entry.getValue();
+ allRolePermissions.addAll(permissionsForRole);
+ }
+ for (Iterator iterator = allRolePermissions.iterator(); iterator.hasNext();) {
+ Permission permission = (Permission) iterator.next();
+ checked.add(permission);
+ }
+
+ this.realm = realm;
+// log.info("JettyWebAppJACCContext started with JACC policy '" + policyContextID + "'");
+ }
+
+ public void registerServletHolder(Map webRoleRefPermissions) throws PolicyContextException {
+ PolicyConfiguration policyConfiguration = factory.getPolicyConfiguration(policyContextID, false);
+ for (Iterator iterator = webRoleRefPermissions.entrySet().iterator(); iterator.hasNext();) {
+ Map.Entry entry = (Map.Entry) iterator.next();
+ String roleName = (String) entry.getValue();
+ WebRoleRefPermission webRoleRefPermission = (WebRoleRefPermission) entry.getKey();
+ policyConfiguration.addToRole(roleName, webRoleRefPermission);
+ }
+ policyConfiguration.commit();
+
}
public void before(Object[] context, HttpRequest httpRequest, HttpResponse httpResponse) {
@@ -102,6 +210,167 @@
private void setRoleDesignate(String roleName, Subject subject) {
roleDesignates.put(roleName, subject);
}
+
+ //security check methods, delegated from WebAppContext
+
+ /**
+ * Check the security constraints using JACC.
+ *
+ * @param pathInContext path in context
+ * @param request HTTP request
+ * @param response HTTP response
+ * @return true if the path in context passes the security check,
+ * false if it fails or a redirection has occured during authentication.
+ */
+ public boolean checkSecurityConstraints(String pathInContext, HttpRequest request, HttpResponse response) throws HttpException, IOException {
+ if (formLoginPath != null) {
+ String pathToBeTested = (pathInContext.indexOf('?') > 0 ? pathInContext.substring(0, pathInContext.indexOf('?')) : pathInContext);
+
+ if (pathToBeTested.equals(formLoginPath)) {
+ return true;
+ }
+ }
+
+ try {
+ Principal user = obtainUser(pathInContext, request, response);
+
+ if (user == null) {
+ return false;
+ }
+ if (user == SecurityConstraint.__NOBODY) {
+ return true;
+ }
+
+ AccessControlContext acc = ContextManager.getCurrentContext();
+ ServletHttpRequest servletHttpRequest = (ServletHttpRequest) request.getWrapper();
+
+ /**
+ * JACC v1.0 secion 4.1.1
+ */
+ acc.checkPermission(new WebUserDataPermission(servletHttpRequest));
+
+ /**
+ * JACC v1.0 secion 4.1.2
+ */
+ acc.checkPermission(new WebResourcePermission(servletHttpRequest));
+ } catch (HttpException he) {
+ response.sendError(he.getCode(), he.getReason());
+ return false;
+ } catch (AccessControlException ace) {
+ response.sendError(HttpResponse.__403_Forbidden);
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Obtain an authenticated user, if one is required. Otherwise return the
+ * default principal.
+ * <p/>
+ * Also set the current caller for JACC security checks for the default
+ * principal. This is automatically done by <code>JAASJettyRealm</code>.
+ *
+ * @param pathInContext path in context
+ * @param request HTTP request
+ * @param response HTTP response
+ * @return <code>null</code> if there is no authenticated user at the moment
+ * and security checking should not proceed and servlet handling should also
+ * not proceed, e.g. redirect. <code>SecurityConstraint.__NOBODY</code> if
+ * security checking should not proceed and servlet handling should proceed,
+ * e.g. login page.
+ */
+ private Principal obtainUser(String pathInContext, HttpRequest request, HttpResponse response) throws IOException, IOException {
+ ServletHttpRequest servletHttpRequest = (ServletHttpRequest) request.getWrapper();
+ WebResourcePermission resourcePermission = new WebResourcePermission(servletHttpRequest);
+ WebUserDataPermission dataPermission = new WebUserDataPermission(servletHttpRequest);
+ boolean unauthenticated = !(checked.implies(resourcePermission) || checked.implies(dataPermission));
+ boolean forbidden = excludedPermissions.implies(resourcePermission) || excludedPermissions.implies(dataPermission);
+
+// Authenticator authenticator = getAuthenticator();
+ Principal user = null;
+ if (!unauthenticated && !forbidden) {
+ if (realm == null) {
+// log.warn("Realm Not Configured");
+ throw new HttpException(HttpResponse.__500_Internal_Server_Error, "Realm Not Configured");
+ }
+
+
+ // Handle pre-authenticated request
+ if (authenticator != null) {
+ // User authenticator.
+ user = authenticator.authenticate(realm, pathInContext, request, response);
+ } else {
+ // don't know how authenticate
+// log.warn("Mis-configured Authenticator for " + request.getPath());
+ throw new HttpException(HttpResponse.__500_Internal_Server_Error, "Mis-configured Authenticator for " + request.getPath());
+ }
+
+ return user;
+ } else if (authenticator instanceof FormAuthenticator && pathInContext.endsWith(FormAuthenticator.__J_SECURITY_CHECK)) {
+ /**
+ * This could be a post request to __J_SECURITY_CHECK.
+ */
+ if (realm == null) {
+// log.warn("Realm Not Configured");
+ throw new HttpException(HttpResponse.__500_Internal_Server_Error, "Realm Not Configured");
+ }
+ return authenticator.authenticate(realm, pathInContext, request, response);
+ }
+
+ /**
+ * No authentication is required. Return the defaultPrincipal.
+ */
+ ContextManager.setCurrentCaller(defaultPrincipal.getSubject());
+ return defaultPrincipal;
+ }
+
+
+ //configuration methods
+ /**
+ * Generate the default principal from the security config.
+ *
+ * @param securityConfig The Geronimo security configuration.
+ * @param loginDomainName
+ * @return the default principal
+ */
+ protected JAASJettyPrincipal generateDefaultPrincipal(Security securityConfig, String loginDomainName, AutoMapAssistant assistant) throws GeronimoSecurityException {
+
+ DefaultPrincipal defaultPrincipal = securityConfig.getDefaultPrincipal();
+ if (defaultPrincipal == null) {
+ if (assistant != null) {
+ org.apache.geronimo.security.deploy.Principal principal = assistant.obtainDefaultPrincipal();
+ defaultPrincipal = new DefaultPrincipal();
+ defaultPrincipal.setPrincipal(principal);
+ defaultPrincipal.setRealmName(assistant.getRealmName());
+ }
+
+ }
+ if (defaultPrincipal == null) throw new GeronimoSecurityException("Unable to generate default principal");
+
+ return generateDefaultPrincipal(securityConfig, defaultPrincipal, loginDomainName);
+ }
+
+ protected JAASJettyPrincipal generateDefaultPrincipal(Security securityConfig, DefaultPrincipal defaultPrincipal, String loginDomainName) throws GeronimoSecurityException {
+ JAASJettyPrincipal result = new JAASJettyPrincipal("default");
+ Subject defaultSubject = new Subject();
+
+ RealmPrincipal realmPrincipal = ConfigurationUtil.generateRealmPrincipal(defaultPrincipal.getPrincipal(), loginDomainName, defaultPrincipal.getRealmName());
+ if (realmPrincipal == null) {
+ throw new GeronimoSecurityException("Unable to create realm principal");
+ }
+ PrimaryRealmPrincipal primaryRealmPrincipal = ConfigurationUtil.generatePrimaryRealmPrincipal(defaultPrincipal.getPrincipal(), loginDomainName, defaultPrincipal.getRealmName());
+ if (primaryRealmPrincipal == null) {
+ throw new GeronimoSecurityException("Unable to create primary realm principal");
+ }
+
+ defaultSubject.getPrincipals().add(realmPrincipal);
+ defaultSubject.getPrincipals().add(primaryRealmPrincipal);
+
+ result.setSubject(defaultSubject);
+
+ return result;
+ }
+
public void addRoleMappings(Set securityRoles, String loginDomainName, Security security, RoleMappingConfiguration roleMapper) throws PolicyContextException, GeronimoSecurityException {
@@ -158,7 +427,28 @@
}
- public void stop() {
+ private void configure(PermissionCollection uncheckedPermissions,
+ PermissionCollection excludedPermissions,
+ Map rolePermissions) throws GeronimoSecurityException {
+ try {
+ policyConfiguration.addToExcludedPolicy(excludedPermissions);
+ policyConfiguration.addToUncheckedPolicy(uncheckedPermissions);
+ for (Iterator iterator = rolePermissions.entrySet().iterator(); iterator.hasNext();) {
+ Map.Entry entry = (Map.Entry) iterator.next();
+ String roleName = (String) entry.getKey();
+ Set permissions = (Set) entry.getValue();
+ for (Iterator iterator1 = permissions.iterator(); iterator1.hasNext();) {
+ Permission permission = (Permission) iterator1.next();
+ policyConfiguration.addToRole(roleName, permission);
+ }
+ }
+ } catch (PolicyContextException e) {
+ throw new GeronimoSecurityException(e);
+ }
+ }
+
+
+ public void stop() throws PolicyContextException {
for (Iterator iter = roleDesignates.keySet().iterator(); iter.hasNext();) {
String roleName = (String) iter.next();
Subject roleDesignate = (Subject) roleDesignates.get(roleName);
@@ -166,5 +456,12 @@
ContextManager.unregisterSubject(roleDesignate);
// log.debug("Role designate " + ContextManager.getSubjectId(roleDesignate) + " for role '" + roleName + "' for JACC policy '" + policyContextID + "' unregistered.");
}
+ ContextManager.unregisterSubject(defaultPrincipal.getSubject());
+
+ if (policyConfiguration != null) {
+ policyConfiguration.delete();
+ }
+
+
}
}
Modified: geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java?view=diff&rev=122776&p1=geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java&r1=122775&p2=geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java&r2=122776
==============================================================================
--- geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java (original)
+++ geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java Sun Dec 19 11:11:07 2004
@@ -26,6 +26,7 @@
import java.util.Properties;
import java.util.Set;
import javax.management.ObjectName;
+import javax.management.MalformedObjectNameException;
import junit.framework.TestCase;
import org.apache.geronimo.connector.outbound.connectiontracking.ConnectionTrackingCoordinator;
@@ -124,7 +125,7 @@
}
protected void setUpSecureAppContext(Security securityConfig, PermissionCollection uncheckedPermissions, PermissionCollection excludedPermissions, Map rolePermissions, Set securityRoles) throws Exception {
- GBeanData app = new GBeanData(webModuleName, JettyWebAppJACCContext.GBEAN_INFO);
+ GBeanData app = new GBeanData(webModuleName, JettyWebAppContext.GBEAN_INFO);
app.setAttribute("loginDomainName", "demo-properties-realm");
app.setAttribute("securityConfig", securityConfig);
app.setAttribute("uncheckedPermissions", uncheckedPermissions);
@@ -150,6 +151,7 @@
app.setReferencePattern("TransactionContextManager", tcmName);
app.setReferencePattern("TrackedConnectionAssociator", ctcName);
app.setReferencePattern("JettyContainer", containerName);
+ app.setReferencePattern("SecurityRealm", propertiesRealmName);
app.setAttribute("contextPath", "/test");
@@ -167,7 +169,6 @@
securityServiceName = new ObjectName("geronimo.security:type=SecurityService");
securityServiceGBean = new GBeanData(securityServiceName, SecurityServiceImpl.GBEAN_INFO);
- securityServiceGBean.setReferencePatterns("Realms", Collections.singleton(new ObjectName("geronimo.security:type=SecurityRealm,*")));
securityServiceGBean.setReferencePatterns("Mappers", Collections.singleton(new ObjectName("geronimo.security:type=SecurityRealm,*")));
securityServiceGBean.setAttribute("policyConfigurationFactory", "org.apache.geronimo.security.jacc.GeronimoPolicyConfigurationFactory");
Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java?view=diff&rev=122776&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java&r1=122775&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java&r2=122776
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java Sun Dec 19 11:11:07 2004
@@ -19,11 +19,11 @@
import java.security.Policy;
import java.util.Collection;
-import java.util.Collections;
import java.util.Iterator;
import javax.security.jacc.PolicyConfigurationFactory;
import javax.security.jacc.PolicyContextException;
+import EDU.oswego.cs.dl.util.concurrent.ConcurrentHashMap;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.geronimo.gbean.GBeanInfo;
@@ -37,7 +37,6 @@
import org.apache.geronimo.security.jacc.PolicyContextHandlerHttpServletRequest;
import org.apache.geronimo.security.jacc.PolicyContextHandlerSOAPMessage;
import org.apache.geronimo.security.realm.AutoMapAssistant;
-import org.apache.geronimo.security.realm.SecurityRealm;
import org.apache.geronimo.security.util.ConfigurationUtil;
@@ -50,8 +49,7 @@
private final Log log = LogFactory.getLog(SecurityService.class);
- private final Collection realms;
- private final Collection mappers;
+ private final ConcurrentHashMap mappersMap = new ConcurrentHashMap();
/**
* Permissions that protect access to sensitive security information
@@ -59,7 +57,6 @@
public static final GeronimoSecurityPermission CONFIGURE = new GeronimoSecurityPermission("configure");
public SecurityServiceImpl(String policyConfigurationFactory,
- Collection realms,
Collection mappers) throws PolicyContextException, ClassNotFoundException {
/**
* @see "JSR 115 4.6.1" Container Subject Policy Context Handler
@@ -74,39 +71,11 @@
PolicyConfigurationFactory factory = PolicyConfigurationFactory.getPolicyConfigurationFactory();
GeronimoPolicyConfigurationFactory geronimoPolicyConfigurationFactory = (GeronimoPolicyConfigurationFactory) factory;
Policy.setPolicy(new GeronimoPolicy(geronimoPolicyConfigurationFactory));
- if (realms == null) {
- this.realms = Collections.EMPTY_SET;
- } else {
+ if (mappers != null) {
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(CONFIGURE);
}
- this.realms = realms;
- ((ReferenceCollection) realms).addReferenceCollectionListener(new ReferenceCollectionListener() {
-
- public void memberAdded(ReferenceCollectionEvent event) {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null) {
- sm.checkPermission(CONFIGURE);
- }
- }
-
- public void memberRemoved(ReferenceCollectionEvent event) {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null) {
- sm.checkPermission(CONFIGURE);
- }
- }
- });
- }
- if (mappers == null) {
- this.mappers = Collections.EMPTY_SET;
- } else {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null) {
- sm.checkPermission(CONFIGURE);
- }
- this.mappers = mappers;
((ReferenceCollection) mappers).addReferenceCollectionListener(new ReferenceCollectionListener() {
public void memberAdded(ReferenceCollectionEvent event) {
@@ -114,6 +83,8 @@
if (sm != null) {
sm.checkPermission(CONFIGURE);
}
+ AutoMapAssistant assistant = (AutoMapAssistant) event.getMember();
+ mappersMap.put(assistant.getRealmName(), assistant);
}
public void memberRemoved(ReferenceCollectionEvent event) {
@@ -121,64 +92,20 @@
if (sm != null) {
sm.checkPermission(CONFIGURE);
}
+ AutoMapAssistant assistant = (AutoMapAssistant) event.getMember();
+ mappersMap.remove(assistant.getRealmName());
}
});
- }
- log.info("Security service started");
- }
-
-// public Collection getRealms() throws GeronimoSecurityException {
-// SecurityManager sm = System.getSecurityManager();
-// if (sm != null) sm.checkPermission(CONFIGURE);
-// return realms;
-// }
-//
-//
-// public void setRealms(Collection realms) {
-// SecurityManager sm = System.getSecurityManager();
-// if (sm != null) sm.checkPermission(CONFIGURE);
-// this.realms = realms;
-// }
-//
-// public Collection getMappers() throws GeronimoSecurityException {
-// SecurityManager sm = System.getSecurityManager();
-// if (sm != null) sm.checkPermission(CONFIGURE);
-// return mappers;
-// }
-//
-//
-// public void setMappers(Collection mappers) {
-// SecurityManager sm = System.getSecurityManager();
-// if (sm != null) sm.checkPermission(CONFIGURE);
-// this.mappers = mappers;
-// }
-
-// public Collection getModuleConfigurations() {
-// return moduleConfigurations;
-// }
-//
-// public void setModuleConfigurations(Collection moduleConfigurations) {
-// this.moduleConfigurations = moduleConfigurations;
-// }
-
- public SecurityRealm getRealm(String name) {
- for (Iterator iter = realms.iterator(); iter.hasNext();) {
- SecurityRealm realm = (SecurityRealm) iter.next();
- if (name.equals(realm.getRealmName())) {
- return realm;
+ for (Iterator iterator = mappers.iterator(); iterator.hasNext();) {
+ AutoMapAssistant assistant = (AutoMapAssistant) iterator.next();
+ mappersMap.put(assistant.getRealmName(), assistant);
}
}
- return null;
+ log.info("Security service started");
}
public AutoMapAssistant getMapper(String name) {
- for (Iterator iter = mappers.iterator(); iter.hasNext();) {
- AutoMapAssistant mapper = (AutoMapAssistant) iter.next();
- if (name.equals(mapper.getRealmName())) {
- return mapper;
- }
- }
- return null;
+ return (AutoMapAssistant) mappersMap.get(name);
}
@@ -189,12 +116,10 @@
infoFactory.addAttribute("policyConfigurationFactory", String.class, true);
- infoFactory.addReference("Realms", SecurityRealm.class);
infoFactory.addReference("Mappers", AutoMapAssistant.class);
- infoFactory.addOperation("getRealm", new Class[]{String.class});
infoFactory.addOperation("getMapper", new Class[]{String.class});
- infoFactory.setConstructor(new String[]{"policyConfigurationFactory", "Realms", "Mappers"});
+ infoFactory.setConstructor(new String[]{"policyConfigurationFactory", "Mappers"});
GBEAN_INFO = infoFactory.getBeanInfo();
}
Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java?view=diff&rev=122776&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java&r1=122775&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java&r2=122776
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java Sun Dec 19 11:11:07 2004
@@ -23,7 +23,6 @@
import java.util.Map;
import java.util.Set;
-import org.apache.geronimo.security.SecurityServiceImpl;
import org.apache.geronimo.security.SecurityService;
Modified: geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java?view=diff&rev=122776&p1=geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java&r1=122775&p2=geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java&r2=122776
==============================================================================
--- geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java (original)
+++ geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java Sun Dec 19 11:11:07 2004
@@ -154,7 +154,6 @@
protected void setUpSecurity() throws Exception {
securityServiceName = new ObjectName("geronimo.security:type=SecurityService");
securityServiceGBean = new GBeanData(securityServiceName, SecurityServiceImpl.GBEAN_INFO);
- securityServiceGBean.setReferencePatterns("Realms", Collections.singleton(new ObjectName("geronimo.security:type=SecurityRealm,*")));
securityServiceGBean.setReferencePatterns("Mappers", Collections.singleton(new ObjectName("geronimo.security:type=SecurityRealm,*")));
securityServiceGBean.setAttribute("policyConfigurationFactory", "org.apache.geronimo.security.jacc.GeronimoPolicyConfigurationFactory");