You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by dj...@apache.org on 2009/08/13 09:31:28 UTC
svn commit: r803799 - in /geronimo/server/trunk/plugins:
axis/geronimo-axis-builder/src/main/java/org/apache/geronimo/axis/builder/
axis/geronimo-axis/src/main/java/org/apache/geronimo/axis/server/
axis2/geronimo-axis2-ejb/src/main/java/org/apache/gero...
Author: djencks
Date: Thu Aug 13 07:31:27 2009
New Revision: 803799
URL: http://svn.apache.org/viewvc?rev=803799&view=rev
Log:
GERONIMO-4645 use jacc ejb ws auth for jetty6, simplify SOAPHandler interface
Modified:
geronimo/server/trunk/plugins/axis/geronimo-axis-builder/src/main/java/org/apache/geronimo/axis/builder/AxisModuleBuilderExtension.java
geronimo/server/trunk/plugins/axis/geronimo-axis/src/main/java/org/apache/geronimo/axis/server/EjbWebServiceGBean.java
geronimo/server/trunk/plugins/axis2/geronimo-axis2-ejb/src/main/java/org/apache/geronimo/axis2/ejb/EJBWebServiceGBean.java
geronimo/server/trunk/plugins/cxf/geronimo-cxf-ejb/src/main/java/org/apache/geronimo/cxf/ejb/EJBWebServiceGBean.java
geronimo/server/trunk/plugins/jaxws/geronimo-jaxws-ejb-builder/src/main/java/org/apache/geronimo/jaxws/builder/JAXWSEJBModuleBuilderExtension.java
geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/JettyContainerImpl.java
geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/JettyEJBWebServiceContext.java
geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/handler/JettySecurityHandler.java
geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/test/java/org/apache/geronimo/jetty6/ContainerTest.java
geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyContainerImpl.java
geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/JaccSecurityHandler.java
geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/ContainerTest.java
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatContainer.java
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/ContainerTest.java
geronimo/server/trunk/plugins/webservices/geronimo-webservices/src/main/java/org/apache/geronimo/webservices/SoapHandler.java
Modified: geronimo/server/trunk/plugins/axis/geronimo-axis-builder/src/main/java/org/apache/geronimo/axis/builder/AxisModuleBuilderExtension.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/axis/geronimo-axis-builder/src/main/java/org/apache/geronimo/axis/builder/AxisModuleBuilderExtension.java?rev=803799&r1=803798&r2=803799&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/axis/geronimo-axis-builder/src/main/java/org/apache/geronimo/axis/builder/AxisModuleBuilderExtension.java (original)
+++ geronimo/server/trunk/plugins/axis/geronimo-axis-builder/src/main/java/org/apache/geronimo/axis/builder/AxisModuleBuilderExtension.java Thu Aug 13 07:31:27 2009
@@ -211,17 +211,10 @@
ejbWebServiceGBean.setReferencePattern("ConfigurationFactory",
new AbstractNameQuery(null, Collections.singletonMap("name", wsSecurity.getSecurityRealmName().trim()),
ConfigurationFactory.class.getName()));
- ejbWebServiceGBean.setAttribute("transportGuarantee", wsSecurity.getTransportGuarantee().toString());
ejbWebServiceGBean.setAttribute("authMethod", wsSecurity.getAuthMethod().value());
if (wsSecurity.getRealmName() != null) {
ejbWebServiceGBean.setAttribute("realmName", wsSecurity.getRealmName().trim());
}
- List<String> methods = wsSecurity.getHttpMethod();
- if (methods != null && !methods.isEmpty()) {
- String[] protectedMethods = new String[methods.size()];
- protectedMethods = methods.toArray(protectedMethods);
- ejbWebServiceGBean.setAttribute("protectedMethods", protectedMethods);
- }
Properties properties = wsSecurity.getProperties();
ejbWebServiceGBean.setAttribute("properties", properties);
String policyContextID = sessionName.toString();
Modified: geronimo/server/trunk/plugins/axis/geronimo-axis/src/main/java/org/apache/geronimo/axis/server/EjbWebServiceGBean.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/axis/geronimo-axis/src/main/java/org/apache/geronimo/axis/server/EjbWebServiceGBean.java?rev=803799&r1=803798&r2=803799&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/axis/geronimo-axis/src/main/java/org/apache/geronimo/axis/server/EjbWebServiceGBean.java (original)
+++ geronimo/server/trunk/plugins/axis/geronimo-axis/src/main/java/org/apache/geronimo/axis/server/EjbWebServiceGBean.java Thu Aug 13 07:31:27 2009
@@ -47,9 +47,7 @@
@ParamAttribute(name = "policyContextID") String policyContextID,
@ParamReference(name = "ConfigurationFactory") ConfigurationFactory configurationFactory,
@ParamAttribute(name = "realmName") String realmName,
- @ParamAttribute(name = "transportGuarantee") String transportGuarantee,
@ParamAttribute(name = "authMethod") String authMethod,
- @ParamAttribute(name = "protectedMethods") String[] protectedMethods,
@ParamAttribute(name = "virtualHosts") String[] virtualHosts,
@ParamAttribute(name = "properties") Properties properties) throws Exception {
this.location = location;
@@ -82,9 +80,7 @@
policyContextID,
configurationFactory,
realmName,
- transportGuarantee,
authMethod,
- protectedMethods,
properties,
classLoader);
}
Modified: geronimo/server/trunk/plugins/axis2/geronimo-axis2-ejb/src/main/java/org/apache/geronimo/axis2/ejb/EJBWebServiceGBean.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/axis2/geronimo-axis2-ejb/src/main/java/org/apache/geronimo/axis2/ejb/EJBWebServiceGBean.java?rev=803799&r1=803798&r2=803799&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/axis2/geronimo-axis2-ejb/src/main/java/org/apache/geronimo/axis2/ejb/EJBWebServiceGBean.java (original)
+++ geronimo/server/trunk/plugins/axis2/geronimo-axis2-ejb/src/main/java/org/apache/geronimo/axis2/ejb/EJBWebServiceGBean.java Thu Aug 13 07:31:27 2009
@@ -58,9 +58,7 @@
@ParamAttribute(name="policyContextID")String policyContextID,
@ParamReference(name="ConfigurationFactory")ConfigurationFactory configurationFactory,
@ParamAttribute(name="realmName")String realmName,
- @ParamAttribute(name="transportGuarantee")String transportGuarantee,
@ParamAttribute(name="authMethod")String authMethod,
- @ParamAttribute(name="protectedMethods")String[] protectedMethods,
@ParamAttribute(name="virtualHosts")String[] virtualHosts,
@ParamAttribute(name="properties")Properties properties) throws Exception {
@@ -89,9 +87,7 @@
policyContextID,
configurationFactory,
realmName,
- transportGuarantee,
- authMethod,
- protectedMethods,
+ authMethod,
properties,
classLoader);
}
Modified: geronimo/server/trunk/plugins/cxf/geronimo-cxf-ejb/src/main/java/org/apache/geronimo/cxf/ejb/EJBWebServiceGBean.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/cxf/geronimo-cxf-ejb/src/main/java/org/apache/geronimo/cxf/ejb/EJBWebServiceGBean.java?rev=803799&r1=803798&r2=803799&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/cxf/geronimo-cxf-ejb/src/main/java/org/apache/geronimo/cxf/ejb/EJBWebServiceGBean.java (original)
+++ geronimo/server/trunk/plugins/cxf/geronimo-cxf-ejb/src/main/java/org/apache/geronimo/cxf/ejb/EJBWebServiceGBean.java Thu Aug 13 07:31:27 2009
@@ -59,9 +59,7 @@
@ParamAttribute(name="policyContextID")String policyContextID,
@ParamReference(name="ConfigurationFactory")ConfigurationFactory configurationFactory,
@ParamAttribute(name="realmName")String realmName,
- @ParamAttribute(name="transportGuarantee")String transportGuarantee,
@ParamAttribute(name="authMethod")String authMethod,
- @ParamAttribute(name="protectedMethods")String[] protectedMethods,
@ParamAttribute(name="virtualHosts")String[] virtualHosts,
@ParamAttribute(name="properties")Properties properties) throws Exception {
if (ejbDeploymentContext == null || webContainers == null || webContainers.isEmpty() || portInfo == null) {
@@ -98,9 +96,7 @@
policyContextID,
configurationFactory,
realmName,
- transportGuarantee,
- authMethod,
- protectedMethods,
+ authMethod,
properties,
classLoader);
}
Modified: geronimo/server/trunk/plugins/jaxws/geronimo-jaxws-ejb-builder/src/main/java/org/apache/geronimo/jaxws/builder/JAXWSEJBModuleBuilderExtension.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jaxws/geronimo-jaxws-ejb-builder/src/main/java/org/apache/geronimo/jaxws/builder/JAXWSEJBModuleBuilderExtension.java?rev=803799&r1=803798&r2=803799&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jaxws/geronimo-jaxws-ejb-builder/src/main/java/org/apache/geronimo/jaxws/builder/JAXWSEJBModuleBuilderExtension.java (original)
+++ geronimo/server/trunk/plugins/jaxws/geronimo-jaxws-ejb-builder/src/main/java/org/apache/geronimo/jaxws/builder/JAXWSEJBModuleBuilderExtension.java Thu Aug 13 07:31:27 2009
@@ -218,18 +218,11 @@
ejbWebServiceGBean.setReferencePattern("ConfigurationFactory",
new AbstractNameQuery(null, Collections.singletonMap("name", wsSecurity.getSecurityRealmName().trim()),
ConfigurationFactory.class.getName()));
- ejbWebServiceGBean.setAttribute("transportGuarantee", wsSecurity.getTransportGuarantee().toString());
String authMethod = wsSecurity.getAuthMethod().value();
ejbWebServiceGBean.setAttribute("authMethod", authMethod);
if (wsSecurity.getRealmName() != null) {
ejbWebServiceGBean.setAttribute("realmName", wsSecurity.getRealmName().trim());
}
- List<String> methods = wsSecurity.getHttpMethod();
- if (methods != null && !methods.isEmpty()) {
- String[] protectedMethods = new String[methods.size()];
- protectedMethods = methods.toArray(protectedMethods);
- ejbWebServiceGBean.setAttribute("protectedMethods", protectedMethods);
- }
String policyContextID = sessionName.toString();
ejbWebServiceGBean.setAttribute("policyContextID", policyContextID);
ejbWebServiceGBean.setAttribute("properties", properties);
Modified: geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/JettyContainerImpl.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/JettyContainerImpl.java?rev=803799&r1=803798&r2=803799&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/JettyContainerImpl.java (original)
+++ geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/JettyContainerImpl.java Thu Aug 13 07:31:27 2009
@@ -216,13 +216,11 @@
String policyContextID,
ConfigurationFactory configurationFactory,
String realmName,
- String transportGuarantee,
- String authMethod,
- String[] protectedMethods,
+ String authMethod,
Properties properties,
ClassLoader classLoader) throws Exception {
InternalJAASJettyRealm internalJAASJettyRealm = configurationFactory == null ? null : new InternalJAASJettyRealm(configurationFactory);
- JettyEJBWebServiceContext webServiceContext = new JettyEJBWebServiceContext(contextPath, webServiceContainer, internalJAASJettyRealm, realmName, transportGuarantee, authMethod, protectedMethods, classLoader);
+ JettyEJBWebServiceContext webServiceContext = new JettyEJBWebServiceContext(contextPath, webServiceContainer, internalJAASJettyRealm, realmName, authMethod, classLoader, null, policyContextID);
webServiceContext.setVirtualHosts(virtualHosts);
addContext(webServiceContext);
webServiceContext.start();
Modified: geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/JettyEJBWebServiceContext.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/JettyEJBWebServiceContext.java?rev=803799&r1=803798&r2=803799&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/JettyEJBWebServiceContext.java (original)
+++ geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/JettyEJBWebServiceContext.java Thu Aug 13 07:31:27 2009
@@ -21,17 +21,19 @@
import java.io.OutputStream;
import java.net.URI;
import java.net.URISyntaxException;
+import java.security.AccessControlContext;
+import java.security.AccessControlException;
import java.util.HashMap;
-import java.util.HashSet;
import java.util.Map;
-import java.util.Set;
+import javax.security.auth.Subject;
import javax.security.jacc.PolicyContext;
+import javax.security.jacc.WebUserDataPermission;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-
import org.apache.geronimo.security.ContextManager;
+import org.apache.geronimo.security.jacc.PolicyContextHandlerHttpServletRequest;
import org.apache.geronimo.webservices.WebServiceContainer;
import org.mortbay.jetty.HttpException;
import org.mortbay.jetty.Request;
@@ -72,35 +74,17 @@
private final WebServiceContainer webServiceContainer;
private final Authenticator authenticator;
private final JAASJettyRealm realm;
- private final boolean isConfidentialTransportGuarantee;
- private final boolean isIntegralTransportGuarantee;
private final ClassLoader classLoader;
- private final Set<String> secureMethods;
+ private final AccessControlContext defaultAcc;
+ private final String policyContextID;
- public JettyEJBWebServiceContext(String contextPath, WebServiceContainer webServiceContainer, InternalJAASJettyRealm internalJAASJettyRealm, String realmName, String transportGuarantee, String authMethod, String[] protectedMethods, ClassLoader classLoader) {
+ public JettyEJBWebServiceContext(String contextPath, WebServiceContainer webServiceContainer, InternalJAASJettyRealm internalJAASJettyRealm, String realmName, String authMethod, ClassLoader classLoader, Subject defaultSubject, String policyContextID) {
this.contextPath = contextPath;
this.webServiceContainer = webServiceContainer;
- this.secureMethods = initSecureMethods(protectedMethods);
this.setContextPath(contextPath);
-
+
if (internalJAASJettyRealm != null) {
realm = new JAASJettyRealm(realmName, internalJAASJettyRealm);
- //TODO
- //not used???
- //setUserRealm(realm);
-// this.realm = realm;
- if ("NONE".equals(transportGuarantee)) {
- isConfidentialTransportGuarantee = false;
- isIntegralTransportGuarantee = false;
- } else if ("INTEGRAL".equals(transportGuarantee)) {
- isConfidentialTransportGuarantee = false;
- isIntegralTransportGuarantee = true;
- } else if ("CONFIDENTIAL".equals(transportGuarantee)) {
- isConfidentialTransportGuarantee = true;
- isIntegralTransportGuarantee = false;
- } else {
- throw new IllegalArgumentException("Invalid transport-guarantee: " + transportGuarantee);
- }
if ("BASIC".equals(authMethod)) {
authenticator = new BasicAuthenticator();
} else if ("DIGEST".equals(authMethod)) {
@@ -115,60 +99,43 @@
} else {
realm = null;
authenticator = null;
- isConfidentialTransportGuarantee = false;
- isIntegralTransportGuarantee = false;
}
this.classLoader = classLoader;
- }
-
- private Set<String> initSecureMethods(String[] protectedMethods) {
- if (protectedMethods == null) {
- return null;
- }
- Set<String> methods = null;
- for (String method : protectedMethods) {
- if (method == null) {
- continue;
- }
- method = method.trim();
- if (method.length() == 0) {
- continue;
- }
- method = method.toUpperCase();
-
- if (methods == null) {
- methods = new HashSet<String>();
- }
- methods.add(method);
+ if (defaultSubject == null) {
+ defaultSubject = ContextManager.EMPTY;
}
- return methods;
+ defaultAcc = ContextManager.registerSubjectShort(defaultSubject, null, null);
+ this.policyContextID = policyContextID;
}
-
+
public String getName() {
//need a better name
return contextPath;
}
public void handle(String target, HttpServletRequest req, HttpServletResponse res, int dispatch)
- throws IOException, ServletException
- {
+ throws IOException, ServletException {
//TODO
//do we need to check that this request should be handled by this handler?
- if (! target.startsWith(contextPath)) {
+ if (!target.startsWith(contextPath)) {
return;
}
-
- PolicyContext.setHandlerData((realm == null) ? null : req);
+
Thread currentThread = Thread.currentThread();
ClassLoader oldClassLoader = currentThread.getContextClassLoader();
currentThread.setContextClassLoader(classLoader);
+ String oldPolicyContextID = PolicyContext.getContextID();
+ PolicyContext.setContextID(policyContextID);
+ HttpServletRequest oldRequest = PolicyContextHandlerHttpServletRequest.pushContextData(req);
try {
handle(req, res);
} finally {
+ PolicyContextHandlerHttpServletRequest.popContextData(oldRequest);
+ PolicyContext.setContextID(oldPolicyContextID);
currentThread.setContextClassLoader(oldClassLoader);
}
}
-
+
private void handle(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException {
Request jettyRequest = (Request) req;
Response jettyResponse = (Response) res;
@@ -181,20 +148,17 @@
// TODO: add support for context
request.setAttribute(WebServiceContainer.SERVLET_CONTEXT, null);
- if (secureMethods == null || secureMethods.contains(req.getMethod())) {
- if (isConfidentialTransportGuarantee) {
- if (!jettyRequest.isSecure()) {
- throw new HttpException(403, null);
- }
- } else if (isIntegralTransportGuarantee) {
- if (!jettyRequest.getConnection().isIntegral(jettyRequest)) {
- throw new HttpException(403, null);
- }
+ WebUserDataPermission udp = new WebUserDataPermission(req);
+ if (realm != null) {
+ try {
+ defaultAcc.checkPermission(udp);
+ } catch (AccessControlException e) {
+ throw new HttpException(HttpServletResponse.SC_FORBIDDEN);
}
if (authenticator != null) {
String pathInContext = org.mortbay.util.URIUtil.canonicalPath(req.getContextPath());
if (authenticator.authenticate(realm, pathInContext, jettyRequest, jettyResponse) == null) {
- throw new HttpException(403, null);
+ throw new HttpException(HttpServletResponse.SC_FORBIDDEN, null);
}
} else {
//EJB will figure out correct defaultSubject shortly
@@ -210,24 +174,24 @@
} catch (IOException e) {
throw e;
} catch (Exception e) {
- throw (HttpException) new HttpException(500, "Could not fetch wsdl!").initCause(e);
+ throw (HttpException) new HttpException(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Could not fetch wsdl!").initCause(e);
}
- } else {
+ } else {
try {
webServiceContainer.invoke(request, response);
jettyRequest.setHandled(true);
} catch (IOException e) {
throw e;
} catch (Exception e) {
- throw (HttpException) new HttpException(500, "Could not process message!").initCause(e);
+ throw (HttpException) new HttpException(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Could not process message!").initCause(e);
}
}
}
private boolean isWSDLRequest(HttpServletRequest req) {
- return ("GET".equals(req.getMethod()) && (req.getParameter("wsdl") != null || req.getParameter("xsd") != null));
+ return ("GET".equals(req.getMethod()) && (req.getParameter("wsdl") != null || req.getParameter("xsd") != null));
}
-
+
public String getContextPath() {
return contextPath;
}
@@ -270,8 +234,8 @@
}
public int getMethod() {
- Integer method = (Integer) methods.get(request.getMethod());
- return method == null ? UNSUPPORTED : method.intValue();
+ Integer method = methods.get(request.getMethod());
+ return method == null ? UNSUPPORTED : method;
}
public String getParameter(String name) {
@@ -301,17 +265,17 @@
return request.getRequestURI();
}
- private static final Map methods = new HashMap();
+ private static final Map<String, Integer> methods = new HashMap<String, Integer>();
static {
- methods.put("OPTIONS", new Integer(OPTIONS));
- methods.put("GET", new Integer(GET));
- methods.put("HEAD", new Integer(HEAD));
- methods.put("POST", new Integer(POST));
- methods.put("PUT", new Integer(PUT));
- methods.put("DELETE", new Integer(DELETE));
- methods.put("TRACE", new Integer(TRACE));
- methods.put("CONNECT", new Integer(CONNECT));
+ methods.put("OPTIONS", OPTIONS);
+ methods.put("GET", GET);
+ methods.put("HEAD", HEAD);
+ methods.put("POST", POST);
+ methods.put("PUT", PUT);
+ methods.put("DELETE", DELETE);
+ methods.put("TRACE", TRACE);
+ methods.put("CONNECT", CONNECT);
}
}
@@ -345,7 +309,7 @@
public int getStatusCode() {
return response.getStatus();
- }
+ }
public void setContentType(String type) {
response.setContentType(type);
@@ -359,9 +323,9 @@
response.setStatus(response.getStatus(), responseString);
}
- public void flushBuffer() throws java.io.IOException{
+ public void flushBuffer() throws java.io.IOException {
response.flushBuffer();
}
}
-
+
}
Modified: geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/handler/JettySecurityHandler.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/handler/JettySecurityHandler.java?rev=803799&r1=803798&r2=803799&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/handler/JettySecurityHandler.java (original)
+++ geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/handler/JettySecurityHandler.java Thu Aug 13 07:31:27 2009
@@ -35,6 +35,7 @@
import org.apache.geronimo.jetty6.JettyContainer;
import org.apache.geronimo.security.Callers;
import org.apache.geronimo.security.ContextManager;
+import org.apache.geronimo.security.jacc.PolicyContextHandlerHttpServletRequest;
import org.mortbay.jetty.HttpException;
import org.mortbay.jetty.Request;
import org.mortbay.jetty.Response;
@@ -101,28 +102,19 @@
ServletException {
String old_policy_id = PolicyContext.getContextID();
Callers oldCallers = ContextManager.getCallers();
+ PolicyContext.setContextID(policyContextID);
+ HttpServletRequest oldRequest = PolicyContextHandlerHttpServletRequest.pushContextData(request);
try {
- PolicyContext.setContextID(policyContextID);
- PolicyContext.setHandlerData(request);
super.handle(target, request, response, dispatch);
} finally {
PolicyContext.setContextID(old_policy_id);
- // Must unset handler data from thread - see GERONIMO-4574
- PolicyContext.setHandlerData(null);
ContextManager.popCallers(oldCallers);
+ PolicyContextHandlerHttpServletRequest.popContextData(oldRequest);
}
}
-// public static Subject getCurrentRoleDesignate(String role) {
-// return ((JettySecurityHandler) (WebAppContext.getCurrentWebAppContext()
-// .getSecurityHandler())).getRoleDesignate(role);
-// }
-//
-// private Subject getRoleDesignate(String roleName) {
-// return (Subject) roleDesignates.get(roleName);
-// }
/**
* Check the security constraints using JACC.
@@ -153,12 +145,6 @@
} else {
transportType = "NONE";
}
- String substitutedPathInContext = pathInContext;
- if (substitutedPathInContext.indexOf("%3A") > -1)
- substitutedPathInContext = substitutedPathInContext.replaceAll("%3A", "%3A%3A");
- if (substitutedPathInContext.indexOf(":") > -1)
- substitutedPathInContext = substitutedPathInContext.replaceAll(":", "%3A");
-
Authenticator authenticator = getAuthenticator();
boolean isAuthenticated = false;
@@ -194,7 +180,7 @@
/**
* JACC v1.0 section 4.1.1
*/
- WebUserDataPermission wudp = new WebUserDataPermission(substitutedPathInContext, new String[]{request.getMethod()}, transportType);
+ WebUserDataPermission wudp = new WebUserDataPermission(pathInContext, new String[]{request.getMethod()}, transportType);
acc.checkPermission(wudp);
WebResourcePermission webResourcePermission = new WebResourcePermission(request);
Modified: geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/test/java/org/apache/geronimo/jetty6/ContainerTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/test/java/org/apache/geronimo/jetty6/ContainerTest.java?rev=803799&r1=803798&r2=803799&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/test/java/org/apache/geronimo/jetty6/ContainerTest.java (original)
+++ geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/test/java/org/apache/geronimo/jetty6/ContainerTest.java Thu Aug 13 07:31:27 2009
@@ -46,7 +46,7 @@
String contextPath = "/foo/webservice.ws";
MockWebServiceContainer webServiceInvoker = new MockWebServiceContainer();
- container.addWebService(contextPath, null, webServiceInvoker, null, null, null, null, null, null, null, cl);
+ container.addWebService(contextPath, null, webServiceInvoker, null, null, null, null, null, cl);
HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:5678" + contextPath).openConnection();
try {
@@ -71,11 +71,11 @@
String contextPath = "/foo/webservice.ws";
MockWebServiceContainer webServiceInvoker = new MockWebServiceContainer();
- container.addWebService(contextPath, null, webServiceInvoker, null, null, null, null, null, null, null, cl);
+ container.addWebService(contextPath, null, webServiceInvoker, null, null, null, null, null, cl);
String contextPath2 = "/bar/webservice.ws";
MockWebServiceContainer webServiceInvoker2 = new MockWebServiceContainer();
- container.addWebService(contextPath2, null, webServiceInvoker2, null, null, null, null, null, null, null, cl);
+ container.addWebService(contextPath2, null, webServiceInvoker2, null, null, null, null, null, cl);
HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:5678" + contextPath).openConnection();
try {
Modified: geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyContainerImpl.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyContainerImpl.java?rev=803799&r1=803798&r2=803799&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyContainerImpl.java (original)
+++ geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyContainerImpl.java Thu Aug 13 07:31:27 2009
@@ -228,15 +228,14 @@
String contextID,
ConfigurationFactory configurationFactory,
String realmName,
- String transportGuarantee,
String authMethod,
- String[] protectedMethods, //allowed methods?
- Properties properties,
+ Properties properties,
ClassLoader classLoader) throws Exception {
SecurityHandler securityHandler = null;
if (configurationFactory != null) {
BuiltInAuthMethod builtInAuthMethod = BuiltInAuthMethod.getValueOf(authMethod);
JettySecurityHandlerFactory factory = new JettySecurityHandlerFactory(builtInAuthMethod, null, null, realmName, configurationFactory);
+ //TODO use actual default subject here.
securityHandler = factory.buildSecurityHandler(contextID, null, null, false);
}
ServletHandler servletHandler = new EJBServletHandler(webServiceContainer);
Modified: geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/JaccSecurityHandler.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/JaccSecurityHandler.java?rev=803799&r1=803798&r2=803799&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/JaccSecurityHandler.java (original)
+++ geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/JaccSecurityHandler.java Thu Aug 13 07:31:27 2009
@@ -108,16 +108,11 @@
} else {
transportType = "NONE";
}
- String substitutedPathInContext = pathInContext;
- if (substitutedPathInContext.indexOf("%3A") > -1)
- substitutedPathInContext = substitutedPathInContext.replaceAll("%3A", "%3A%3A");
- if (substitutedPathInContext.indexOf(":") > -1)
- substitutedPathInContext = substitutedPathInContext.replaceAll(":", "%3A");
/**
* JACC v1.0 section 4.1.1
*/
- WebUserDataPermission wudp = new WebUserDataPermission(substitutedPathInContext, new String[]{request.getMethod()}, transportType);
+ WebUserDataPermission wudp = new WebUserDataPermission(pathInContext, new String[]{request.getMethod()}, transportType);
defaultAcc.checkPermission(wudp);
return true;
} catch (AccessControlException e) {
Modified: geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/ContainerTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/ContainerTest.java?rev=803799&r1=803798&r2=803799&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/ContainerTest.java (original)
+++ geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/ContainerTest.java Thu Aug 13 07:31:27 2009
@@ -46,7 +46,7 @@
String contextPath = "/foo/webservice.ws";
MockWebServiceContainer webServiceInvoker = new MockWebServiceContainer();
- container.addWebService(contextPath, null, webServiceInvoker, null, null, null, null, null, null, null, cl);
+ container.addWebService(contextPath, null, webServiceInvoker, null, null, null, null, null, cl);
HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:5678" + contextPath).openConnection();
try {
@@ -71,11 +71,11 @@
String contextPath = "/foo/webservice.ws";
MockWebServiceContainer webServiceInvoker = new MockWebServiceContainer();
- container.addWebService(contextPath, null, webServiceInvoker, null, null, null, null, null, null, null, cl);
+ container.addWebService(contextPath, null, webServiceInvoker, null, null, null, null, null, cl);
String contextPath2 = "/bar/webservice.ws";
MockWebServiceContainer webServiceInvoker2 = new MockWebServiceContainer();
- container.addWebService(contextPath2, null, webServiceInvoker2, null, null, null, null, null, null, null, cl);
+ container.addWebService(contextPath2, null, webServiceInvoker2, null, null, null, null, null, cl);
HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:5678" + contextPath).openConnection();
try {
Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatContainer.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatContainer.java?rev=803799&r1=803798&r2=803799&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatContainer.java (original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatContainer.java Thu Aug 13 07:31:27 2009
@@ -378,9 +378,7 @@
String policyContextId,
ConfigurationFactory configurationFactory,
String realmName,
- String transportGuarantee,
- String authMethod,
- String[] protectedMethods,
+ String authMethod,
Properties properties,
ClassLoader classLoader) throws Exception {
Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/ContainerTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/ContainerTest.java?rev=803799&r1=803798&r2=803799&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/ContainerTest.java (original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/ContainerTest.java Thu Aug 13 07:31:27 2009
@@ -35,7 +35,7 @@
String contextPath = "/foo/webservice.ws";
MockWebServiceContainer webServiceInvoker = new MockWebServiceContainer();
- container.addWebService(contextPath, null, webServiceInvoker, null, null, null, null, null, null, null, cl);
+ container.addWebService(contextPath, null, webServiceInvoker, null, null, null, null, null, cl);
HttpURLConnection connection = (HttpURLConnection) new URL(connector.getConnectUrl() + contextPath).openConnection();
try {
BufferedReader reader = new BufferedReader(new InputStreamReader(connection.getInputStream()));
@@ -62,7 +62,7 @@
String contextPath = "/foo/webservice.ws";
MockWebServiceContainer webServiceInvoker = new MockWebServiceContainer();
- container.addWebService(contextPath, null, webServiceInvoker, "ContextID", realm, securityRealmName, "NONE", "BASIC", null, null, cl);
+ container.addWebService(contextPath, null, webServiceInvoker, "ContextID", realm, securityRealmName, "BASIC", null, cl);
//Veryify its secured
HttpURLConnection connection = (HttpURLConnection) new URL(connector.getConnectUrl() + contextPath).openConnection();
Modified: geronimo/server/trunk/plugins/webservices/geronimo-webservices/src/main/java/org/apache/geronimo/webservices/SoapHandler.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/webservices/geronimo-webservices/src/main/java/org/apache/geronimo/webservices/SoapHandler.java?rev=803799&r1=803798&r2=803799&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/webservices/geronimo-webservices/src/main/java/org/apache/geronimo/webservices/SoapHandler.java (original)
+++ geronimo/server/trunk/plugins/webservices/geronimo-webservices/src/main/java/org/apache/geronimo/webservices/SoapHandler.java Thu Aug 13 07:31:27 2009
@@ -31,9 +31,7 @@
String contextID,
ConfigurationFactory configurationFactory,
String realmName,
- String transportGuarantee,
String authMethod,
- String[] protectedMethods,
Properties properties,
ClassLoader classLoader) throws Exception;