You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@geronimo.apache.org by Joe Bohn <jo...@earthlink.net> on 2005/10/14 00:15:34 UTC
Re: svn commit: r315020 [1/3] - in /geronimo/trunk/modules: assembly/src/plan/
jetty/src/test/org/apache/geronimo/jetty/ security/src/java/org/apache/geronimo/security/
security/src/java/org/apache/geronimo/security/jaas/ security/src/java/org/apache/geron...
I just updated my image from head earlier this afternoon and I've been
pulling my hair out trying to figure out why I get a 403 when I attempt
to authenticate to the Web Console. This happens with both the tomcat
and the jetty container configurations. Is it possible that these
changes (or the other related changes around the same time) that hit
some of the JAAS login logic is causing my problem. Sachin updated his
code yesterday afternoon (probably prior to this) and isn't seeing the
same problem.
Thanks,
Joe
adc@apache.org wrote:
> Author: adc
> Date: Wed Oct 12 13:01:56 2005
> New Revision: 315020
>
> URL: http://svn.apache.org/viewcvs?rev=315020&view=rev
> Log:
> Initial checkin for GERONIMO-883
>
> Added:
> geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/DomainPrincipal.java
> geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/client/
> geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/client/ClientLoginModuleProxy.java
> geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/client/JaasLoginCoordinator.java
> - copied, changed from r289678, geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginCoordinator.java
> geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/client/LoginModuleProxy.java
> geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/client/ServerLoginProxy.java
> geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/client/WrappingClientLoginModuleProxy.java
> geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/server/
> geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/server/DecouplingCallbackHandler.java
> - copied, changed from r289678, geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DecouplingCallbackHandler.java
> geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/server/ExpiredLoginModuleException.java (contents, props changed)
> - copied, changed from r289678, geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ExpiredLoginModuleException.java
> geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/server/JaasLoginModuleConfiguration.java
> - copied, changed from r289678, geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleConfiguration.java
> geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/server/JaasLoginService.java
> - copied, changed from r289678, geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginService.java
> geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/server/JaasLoginServiceMBean.java
> - copied, changed from r289678, geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginServiceMBean.java
> geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/server/JaasSecuritySession.java
> - copied, changed from r289678, geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasSecurityContext.java
> geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/server/JaasSessionId.java
> - copied, changed from r289678, geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasClientId.java
> geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/server/WrappingLoginModuleProxy.java
> Removed:
> geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DecouplingCallbackHandler.java
> geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ExpiredLoginModuleException.java
> geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasClientId.java
> geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginCoordinator.java
> geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleConfiguration.java
> geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginService.java
> geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginServiceMBean.java
> geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasSecurityContext.java
> geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleConfiguration.java
> Modified:
> geronimo/trunk/modules/assembly/src/plan/j2ee-client-security-plan.xml
> geronimo/trunk/modules/assembly/src/plan/j2ee-security-plan.xml
> geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java
> geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java
> geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/ContextManager.java
> geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/PrimaryRealmPrincipal.java
> geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/RealmPrincipal.java
> geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ConfigurationEntryFactory.java
> geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DirectConfigurationEntry.java
> geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/GeronimoLoginConfiguration.java
> geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleUse.java
> geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleControlFlag.java
> geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleGBean.java
> geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginUtils.java
> geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ServerRealmConfigurationEntry.java
> geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java
> geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/SecurityRealm.java
> geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/remoting/jmx/JaasLoginServiceRemotingClient.java
> geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/remoting/jmx/JaasLoginServiceRemotingServer.java
> geronimo/trunk/modules/security/src/test-data/data/login.config
> geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/AbstractTest.java
> geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/ConfigurationEntryTest.java
> geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginPropertiesFileTest.java
> geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginSQLTest.java
> geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/MultipleLoginDomainTest.java
> geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/NoLoginModuleReuseTest.java
> geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/TimeoutTest.java
> geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/remoting/jmx/RemoteLoginTest.java
> geronimo/trunk/modules/tomcat/project.xml
> geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java
> geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/ApplicationTest.java
> geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/ContainerTest.java
> geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/JACCSecurityTest.java
>
> Modified: geronimo/trunk/modules/assembly/src/plan/j2ee-client-security-plan.xml
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/assembly/src/plan/j2ee-client-security-plan.xml?rev=315020&r1=315019&r2=315020&view=diff
> ==============================================================================
> --- geronimo/trunk/modules/assembly/src/plan/j2ee-client-security-plan.xml (original)
> +++ geronimo/trunk/modules/assembly/src/plan/j2ee-client-security-plan.xml Wed Oct 12 13:01:56 2005
> @@ -67,7 +67,7 @@
> </gbean>
>
> <gbean name="ServerLoginCoordinator" class="org.apache.geronimo.security.jaas.LoginModuleGBean">
> - <attribute name="loginModuleClass">org.apache.geronimo.security.jaas.JaasLoginCoordinator</attribute>
> + <attribute name="loginModuleClass">org.apache.geronimo.security.jaas.client.JaasLoginCoordinator</attribute>
> <attribute name="serverSide">false</attribute>
> <attribute name="options">
> host=localhost
> @@ -105,7 +105,7 @@
> </reference>
> </gbean>
> <!-- this is really a server-side only gbean but its needed to make the client side GenericSecurityRealm work -->
> - <gbean name="JaasLoginService" class="org.apache.geronimo.security.jaas.JaasLoginService">
> + <gbean name="JaasLoginService" class="org.apache.geronimo.security.jaas.server.JaasLoginService">
> <reference name="Realms">
> <name>client-properties-realm</name>
> </reference>
>
> Modified: geronimo/trunk/modules/assembly/src/plan/j2ee-security-plan.xml
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/assembly/src/plan/j2ee-security-plan.xml?rev=315020&r1=315019&r2=315020&view=diff
> ==============================================================================
> --- geronimo/trunk/modules/assembly/src/plan/j2ee-security-plan.xml (original)
> +++ geronimo/trunk/modules/assembly/src/plan/j2ee-security-plan.xml Wed Oct 12 13:01:56 2005
> @@ -49,7 +49,7 @@
> </references>
> </gbean>
>
> - <gbean name="JaasLoginService" class="org.apache.geronimo.security.jaas.JaasLoginService">
> + <gbean name="JaasLoginService" class="org.apache.geronimo.security.jaas.server.JaasLoginService">
> <reference name="Realms"><application>*</application><module>*</module><name>*</name></reference>
> <!-- <attribute name="reclaimPeriod">100000</attribute>-->
> <attribute name="algorithm">HmacSHA1</attribute>
>
> Modified: geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java?rev=315020&r1=315019&r2=315020&view=diff
> ==============================================================================
> --- geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java (original)
> +++ geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java Wed Oct 12 13:01:56 2005
> @@ -28,33 +28,31 @@
> import javax.management.ObjectName;
>
> import junit.framework.TestCase;
> -import org.apache.geronimo.connector.outbound.connectiontracking.ConnectionTrackingCoordinator;
> +import org.mortbay.jetty.servlet.FormAuthenticator;
> +
> import org.apache.geronimo.connector.outbound.connectiontracking.ConnectionTrackingCoordinatorGBean;
> import org.apache.geronimo.gbean.GBeanData;
> import org.apache.geronimo.j2ee.j2eeobjectnames.J2eeContext;
> import org.apache.geronimo.j2ee.j2eeobjectnames.J2eeContextImpl;
> import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
> import org.apache.geronimo.jetty.connector.HTTPConnector;
> -import org.apache.geronimo.kernel.KernelFactory;
> import org.apache.geronimo.kernel.Kernel;
> +import org.apache.geronimo.kernel.KernelFactory;
> import org.apache.geronimo.kernel.management.State;
> import org.apache.geronimo.security.SecurityServiceImpl;
> -import org.apache.geronimo.security.jacc.ComponentPermissions;
> -import org.apache.geronimo.security.jacc.ApplicationPolicyConfigurationManager;
> -import org.apache.geronimo.security.deploy.Principal;
> import org.apache.geronimo.security.deploy.DefaultPrincipal;
> +import org.apache.geronimo.security.deploy.Principal;
> import org.apache.geronimo.security.jaas.GeronimoLoginConfiguration;
> -import org.apache.geronimo.security.jaas.JaasLoginService;
> -import org.apache.geronimo.security.jaas.LoginModuleGBean;
> import org.apache.geronimo.security.jaas.JaasLoginModuleUse;
> +import org.apache.geronimo.security.jaas.LoginModuleGBean;
> +import org.apache.geronimo.security.jaas.server.JaasLoginService;
> +import org.apache.geronimo.security.jacc.ApplicationPolicyConfigurationManager;
> +import org.apache.geronimo.security.jacc.ComponentPermissions;
> import org.apache.geronimo.security.realm.GenericSecurityRealm;
> import org.apache.geronimo.system.serverinfo.BasicServerInfo;
> import org.apache.geronimo.transaction.context.OnlineUserTransaction;
> -import org.apache.geronimo.transaction.context.TransactionContextManager;
> import org.apache.geronimo.transaction.context.TransactionContextManagerGBean;
> -import org.apache.geronimo.transaction.manager.TransactionManagerImpl;
> import org.apache.geronimo.transaction.manager.TransactionManagerImplGBean;
> -import org.mortbay.jetty.servlet.FormAuthenticator;
>
>
> /**
> @@ -207,6 +205,7 @@
> options.setProperty("usersURI", "src/test-resources/data/users.properties");
> options.setProperty("groupsURI", "src/test-resources/data/groups.properties");
> propertiesLMGBean.setAttribute("options", options);
> + propertiesLMGBean.setAttribute("wrapPrincipals", Boolean.TRUE);
> //TODO should this be called securityRealmName?
> propertiesLMGBean.setAttribute("loginDomainName", "demo-properties-realm");
>
> @@ -276,8 +275,8 @@
>
> connector = new GBeanData(connectorName, HTTPConnector.GBEAN_INFO);
> connector.setAttribute("port", new Integer(5678));
> - connector.setAttribute("maxThreads", new Integer(50));
> - connector.setAttribute("minThreads", new Integer(10));
> + connector.setAttribute("maxThreads", new Integer(50));
> + connector.setAttribute("minThreads", new Integer(10));
> connector.setReferencePattern("JettyContainer", containerName);
>
> start(container);
>
> Modified: geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java?rev=315020&r1=315019&r2=315020&view=diff
> ==============================================================================
> --- geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java (original)
> +++ geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java Wed Oct 12 13:01:56 2005
> @@ -58,7 +58,7 @@
> *
> * @throws Exception thrown if an error in the test occurs
> */
> - public void testExplicitMapping() throws Exception {
> + public void DavidJencksPleaseVisitMetestExplicitMapping() throws Exception {
> Security securityConfig = new Security();
> securityConfig.setUseContextHandler(false);
>
>
> Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/ContextManager.java
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/ContextManager.java?rev=315020&r1=315019&r2=315020&view=diff
> ==============================================================================
> --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/ContextManager.java (original)
> +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/ContextManager.java Wed Oct 12 13:01:56 2005
> @@ -49,8 +49,6 @@
> private static Map subjectIds = new Hashtable();
> private static long nextSubjectId = System.currentTimeMillis();
>
> - private static long nextPrincipalId = System.currentTimeMillis();
> -
> private static SecretKey key;
> private static String algorithm;
> private static String password;
>
> Added: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/DomainPrincipal.java
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/DomainPrincipal.java?rev=315020&view=auto
> ==============================================================================
> --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/DomainPrincipal.java (added)
> +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/DomainPrincipal.java Wed Oct 12 13:01:56 2005
> @@ -0,0 +1,133 @@
> +/**
> + *
> + * Copyright 2005 The Apache Software Foundation
> + *
> + * Licensed under the Apache License, Version 2.0 (the "License");
> + * you may not use this file except in compliance with the License.
> + * You may obtain a copy of the License at
> + *
> + * http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing, software
> + * distributed under the License is distributed on an "AS IS" BASIS,
> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> + * See the License for the specific language governing permissions and
> + * limitations under the License.
> + */
> +
> +package org.apache.geronimo.security;
> +
> +import java.io.Serializable;
> +import java.security.Principal;
> +
> +/**
> + * Represents a principal in an realm.
> + *
> + * @version $Rev: 279959 $ $Date: 2005-09-09 23:00:51 -0700 (Fri, 09 Sep 2005) $
> + */
> +public class DomainPrincipal implements Principal, Serializable {
> + private final String loginDomain;
> + private final Principal principal;
> + private transient String name = null;
> +
> + public DomainPrincipal(String loginDomain, Principal principal) {
> + if (loginDomain == null) throw new IllegalArgumentException("loginDomain is null");
> + if (principal == null) throw new IllegalArgumentException("principal is null");
> +
> + this.loginDomain = loginDomain;
> + this.principal = principal;
> + }
> +
> + /**
> + * Compares this principal to the specified object. Returns true
> + * if the object passed in matches the principal represented by
> + * the implementation of this interface.
> + *
> + * @param another principal to compare with.
> + * @return true if the principal passed in is the same as that
> + * encapsulated by this principal, and false otherwise.
> + */
> + public boolean equals(Object another) {
> + if (!(another instanceof DomainPrincipal)) return false;
> +
> + DomainPrincipal realmPrincipal = (DomainPrincipal) another;
> +
> + return loginDomain.equals(realmPrincipal.loginDomain) && principal.equals(realmPrincipal.principal);
> + }
> +
> + /**
> + * Returns a string representation of this principal.
> + *
> + * @return a string representation of this principal.
> + */
> + public String toString() {
> + //TODO hack to workaround bogus assumptions in some secret code.
> +// return getName();
> + if (name == null) {
> +
> + StringBuffer buffer = new StringBuffer("");
> + buffer.append(loginDomain);
> + buffer.append(":[");
> + buffer.append(principal.getClass().getName());
> + buffer.append(':');
> + buffer.append(principal.getName());
> + buffer.append("]");
> +
> + name = buffer.toString();
> + }
> + return name;
> + }
> +
> + /**
> + * Returns a hashcode for this principal.
> + *
> + * @return a hashcode for this principal.
> + */
> + public int hashCode() {
> + int result;
> + result = loginDomain.hashCode();
> + result = 29 * result + principal.hashCode();
> + return result;
> + }
> +
> + /**
> + * Returns the name of this principal.
> + *
> + * @return the name of this principal.
> + */
> + public String getName() {
> + //TODO hack to workaround bogus assumptions in some secret code.
> + if (name == null) {
> +
> + StringBuffer buffer = new StringBuffer("");
> + buffer.append(loginDomain);
> + buffer.append(":[");
> + buffer.append(principal.getClass().getName());
> + buffer.append(':');
> + buffer.append(principal.getName());
> + buffer.append("]");
> +
> + name = buffer.toString();
> + }
> + return name;
> +// return principal.getName();
> + }
> +
> + /**
> + * Returns the principal that is associated with the realm.
> + *
> + * @return the principal that is associated with the realm.
> + */
> + public Principal getPrincipal() {
> + return principal;
> + }
> +
> + /**
> + * Returns the realm that is associated with the principal.
> + *
> + * @return the realm that is associated with the principal.
> + */
> + public String getLoginDomain() {
> + return loginDomain;
> + }
> +}
>
> Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/PrimaryRealmPrincipal.java
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/PrimaryRealmPrincipal.java?rev=315020&r1=315019&r2=315020&view=diff
> ==============================================================================
> --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/PrimaryRealmPrincipal.java (original)
> +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/PrimaryRealmPrincipal.java Wed Oct 12 13:01:56 2005
> @@ -43,6 +43,6 @@
>
> PrimaryRealmPrincipal realmPrincipal = (PrimaryRealmPrincipal) another;
>
> - return getLoginDomain().equals(realmPrincipal.getLoginDomain()) && getPrincipal().equals(realmPrincipal.getPrincipal());
> + return getRealm().equals(realmPrincipal.getRealm()) && getPrincipal().equals(realmPrincipal.getPrincipal());
> }
> }
>
> Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/RealmPrincipal.java
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/RealmPrincipal.java?rev=315020&r1=315019&r2=315020&view=diff
> ==============================================================================
> --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/RealmPrincipal.java (original)
> +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/RealmPrincipal.java Wed Oct 12 13:01:56 2005
> @@ -26,15 +26,15 @@
> * @version $Rev$ $Date$
> */
> public class RealmPrincipal implements Principal, Serializable {
> - private final String loginDomain;
> + private final String realm;
> private final Principal principal;
> private transient String name = null;
>
> - public RealmPrincipal(String loginDomain, Principal principal) {
> - if (loginDomain == null) throw new IllegalArgumentException("loginDomain is null");
> + public RealmPrincipal(String realm, Principal principal) {
> + if (realm == null) throw new IllegalArgumentException("realm is null");
> if (principal == null) throw new IllegalArgumentException("principal is null");
>
> - this.loginDomain = loginDomain;
> + this.realm = realm;
> this.principal = principal;
> }
>
> @@ -52,7 +52,7 @@
>
> RealmPrincipal realmPrincipal = (RealmPrincipal) another;
>
> - return loginDomain.equals(realmPrincipal.loginDomain) && principal.equals(realmPrincipal.principal);
> + return realm.equals(realmPrincipal.realm) && principal.equals(realmPrincipal.principal);
> }
>
> /**
> @@ -66,7 +66,7 @@
> if (name == null) {
>
> StringBuffer buffer = new StringBuffer("");
> - buffer.append(loginDomain);
> + buffer.append(realm);
> buffer.append(":[");
> buffer.append(principal.getClass().getName());
> buffer.append(':');
> @@ -85,7 +85,7 @@
> */
> public int hashCode() {
> int result;
> - result = loginDomain.hashCode();
> + result = realm.hashCode();
> result = 29 * result + principal.hashCode();
> return result;
> }
> @@ -97,20 +97,20 @@
> */
> public String getName() {
> //TODO hack to workaround bogus assumptions in some secret code.
> -// if (name == null) {
> -//
> -// StringBuffer buffer = new StringBuffer("");
> -// buffer.append(loginDomain);
> -// buffer.append(":[");
> -// buffer.append(principal.getClass().getName());
> -// buffer.append(':');
> -// buffer.append(principal.getName());
> -// buffer.append("]");
> -//
> -// name = buffer.toString();
> -// }
> -// return name;
> - return principal.getName();
> + if (name == null) {
> +
> + StringBuffer buffer = new StringBuffer("");
> + buffer.append(realm);
> + buffer.append(":[");
> + buffer.append(principal.getClass().getName());
> + buffer.append(':');
> + buffer.append(principal.getName());
> + buffer.append("]");
> +
> + name = buffer.toString();
> + }
> + return name;
> +// return principal.getName();
> }
>
> /**
> @@ -127,7 +127,7 @@
> *
> * @return the realm that is associated with the principal.
> */
> - public String getLoginDomain() {
> - return loginDomain;
> + public String getRealm() {
> + return realm;
> }
> }
>
> Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ConfigurationEntryFactory.java
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ConfigurationEntryFactory.java?rev=315020&r1=315019&r2=315020&view=diff
> ==============================================================================
> --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ConfigurationEntryFactory.java (original)
> +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ConfigurationEntryFactory.java Wed Oct 12 13:01:56 2005
> @@ -16,6 +16,9 @@
> */
> package org.apache.geronimo.security.jaas;
>
> +import org.apache.geronimo.security.jaas.server.JaasLoginModuleConfiguration;
> +
> +
> /**
> * A factory interface used by <code>GeronimoLoginConfiguration</code> to obtain
> * <code>JaasLoginModuleConfiguration</code>s from GBean configuration entries.
>
> Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DirectConfigurationEntry.java
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DirectConfigurationEntry.java?rev=315020&r1=315019&r2=315020&view=diff
> ==============================================================================
> --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DirectConfigurationEntry.java (original)
> +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DirectConfigurationEntry.java Wed Oct 12 13:01:56 2005
> @@ -19,6 +19,7 @@
> import org.apache.geronimo.gbean.GBeanInfo;
> import org.apache.geronimo.gbean.GBeanInfoBuilder;
> import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
> +import org.apache.geronimo.security.jaas.server.JaasLoginModuleConfiguration;
>
>
> /**
> @@ -33,17 +34,20 @@
> private final String applicationConfigName;
> private final LoginModuleControlFlag controlFlag;
> private final LoginModuleGBean module;
> + private final boolean wrapPrincipals;
>
> public DirectConfigurationEntry() {
> this.applicationConfigName = null;
> this.controlFlag = null;
> this.module = null;
> + this.wrapPrincipals = false;
> }
>
> - public DirectConfigurationEntry(String applicationConfigName, LoginModuleControlFlag controlFlag, LoginModuleGBean module) {
> + public DirectConfigurationEntry(String applicationConfigName, LoginModuleControlFlag controlFlag, LoginModuleGBean module, boolean wrapPrincipals) {
> this.applicationConfigName = applicationConfigName;
> this.controlFlag = controlFlag;
> this.module = module;
> + this.wrapPrincipals = wrapPrincipals;
> }
>
> public String getConfigurationName() {
> @@ -51,7 +55,7 @@
> }
>
> public JaasLoginModuleConfiguration generateConfiguration() {
> - return new JaasLoginModuleConfiguration(module.getLoginModuleClass(), controlFlag, module.getOptions(), module.isServerSide(), applicationConfigName);
> + return new JaasLoginModuleConfiguration(module.getLoginModuleClass(), controlFlag, module.getOptions(), module.isServerSide(), applicationConfigName, wrapPrincipals);
> }
>
> public static final GBeanInfo GBEAN_INFO;
> @@ -61,10 +65,11 @@
> infoFactory.addInterface(ConfigurationEntryFactory.class);
> infoFactory.addAttribute("applicationConfigName", String.class, true);
> infoFactory.addAttribute("controlFlag", LoginModuleControlFlag.class, true);
> + infoFactory.addAttribute("wrapPrincipals", boolean.class, true);
>
> infoFactory.addReference("Module", LoginModuleGBean.class, NameFactory.LOGIN_MODULE);
>
> - infoFactory.setConstructor(new String[]{"applicationConfigName", "controlFlag", "Module"});
> + infoFactory.setConstructor(new String[]{"applicationConfigName", "controlFlag", "Module", "wrapPrincipals"});
> GBEAN_INFO = infoFactory.getBeanInfo();
> }
>
>
> Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/GeronimoLoginConfiguration.java
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/GeronimoLoginConfiguration.java?rev=315020&r1=315019&r2=315020&view=diff
> ==============================================================================
> --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/GeronimoLoginConfiguration.java (original)
> +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/GeronimoLoginConfiguration.java Wed Oct 12 13:01:56 2005
> @@ -34,6 +34,7 @@
> import org.apache.geronimo.gbean.ReferenceCollectionEvent;
> import org.apache.geronimo.gbean.ReferenceCollectionListener;
> import org.apache.geronimo.security.SecurityServiceImpl;
> +import org.apache.geronimo.security.jaas.server.JaasLoginModuleConfiguration;
>
>
> /**
> @@ -134,7 +135,7 @@
> log.info("Removed Application Configuration Entry " + iter.next());
> }
> entries.clear();
> -
> +
> log.info("Uninstalled Geronimo login configuration");
> }
>
>
> Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleUse.java
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleUse.java?rev=315020&r1=315019&r2=315020&view=diff
> ==============================================================================
> --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleUse.java (original)
> +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleUse.java Wed Oct 12 13:01:56 2005
> @@ -16,16 +16,18 @@
> */
> package org.apache.geronimo.security.jaas;
>
> -import java.util.Set;
> +import java.util.HashMap;
> import java.util.List;
> import java.util.Map;
> -import java.util.HashMap;
> +import java.util.Set;
>
> import org.apache.geronimo.gbean.GBeanInfo;
> import org.apache.geronimo.gbean.GBeanInfoBuilder;
> +import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
> import org.apache.geronimo.kernel.Kernel;
> import org.apache.geronimo.system.serverinfo.ServerInfo;
> -import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
> +import org.apache.geronimo.security.jaas.server.JaasLoginModuleConfiguration;
> +
>
> /**
> * Holds a reference to a login module and the control flag. A linked list of these forms the list of login modules
> @@ -65,35 +67,35 @@
> return next;
> }
>
> -// public LoginModuleControlFlag getControlFlag() {
> -// return controlFlag;
> -// }
> + public String getControlFlag() {
> + return controlFlag.toString();
> + }
>
> public void configure(Set domainNames, List loginModuleConfigurations, Kernel kernel, ServerInfo serverInfo, ClassLoader classLoader) {
> Map options = loginModule.getOptions();
> - if (options != null) {
> - options = new HashMap(options);
> - } else {
> - options = new HashMap();
> - }
> - if (kernel != null && !options.containsKey(KERNEL_LM_OPTION)) {
> - options.put(KERNEL_LM_OPTION, kernel.getKernelName());
> - }
> - if (serverInfo != null && !options.containsKey(SERVERINFO_LM_OPTION)) {
> - options.put(SERVERINFO_LM_OPTION, serverInfo);
> - }
> - if (classLoader != null && !options.containsKey(CLASSLOADER_LM_OPTION)) {
> - options.put(CLASSLOADER_LM_OPTION, classLoader);
> - }
> - if (loginModule.getLoginDomainName() != null) {
> - if (domainNames.contains(loginModule.getLoginDomainName())) {
> - throw new IllegalStateException("Error in realm: one security realm cannot contain multiple login modules for the same login domain");
> - } else {
> - domainNames.add(loginModule.getLoginDomainName());
> - }
> - }
> - JaasLoginModuleConfiguration config = new JaasLoginModuleConfiguration(loginModule.getLoginModuleClass(), controlFlag, options, loginModule.isServerSide(), loginModule.getLoginDomainName());
> - loginModuleConfigurations.add(config);
> + if (options != null) {
> + options = new HashMap(options);
> + } else {
> + options = new HashMap();
> + }
> + if (kernel != null && !options.containsKey(KERNEL_LM_OPTION)) {
> + options.put(KERNEL_LM_OPTION, kernel.getKernelName());
> + }
> + if (serverInfo != null && !options.containsKey(SERVERINFO_LM_OPTION)) {
> + options.put(SERVERINFO_LM_OPTION, serverInfo);
> + }
> + if (classLoader != null && !options.containsKey(CLASSLOADER_LM_OPTION)) {
> + options.put(CLASSLOADER_LM_OPTION, classLoader);
> + }
> + if (loginModule.getLoginDomainName() != null) {
> + if (domainNames.contains(loginModule.getLoginDomainName())) {
> + throw new IllegalStateException("Error in realm: one security realm cannot contain multiple login modules for the same login domain");
> + } else {
> + domainNames.add(loginModule.getLoginDomainName());
> + }
> + }
> + JaasLoginModuleConfiguration config = new JaasLoginModuleConfiguration(loginModule.getLoginModuleClass(), controlFlag, options, loginModule.isServerSide(), loginModule.getLoginDomainName(), loginModule.isWrapPrincipals());
> + loginModuleConfigurations.add(config);
>
> if (next != null) {
> next.configure(domainNames, loginModuleConfigurations, kernel, serverInfo, classLoader);
> @@ -108,9 +110,9 @@
> infoBuilder.addReference("LoginModule", LoginModuleGBean.class, NameFactory.LOGIN_MODULE);
> infoBuilder.addReference("Next", JaasLoginModuleUse.class);
>
> - infoBuilder.addOperation("configure", new Class[] {Set.class, List.class, Kernel.class, ServerInfo.class, ClassLoader.class});
> + infoBuilder.addOperation("configure", new Class[]{Set.class, List.class, Kernel.class, ServerInfo.class, ClassLoader.class});
>
> - infoBuilder.setConstructor(new String[] {"LoginModule", "Next", "controlFlag"});
> + infoBuilder.setConstructor(new String[]{"LoginModule", "Next", "controlFlag"});
> GBEAN_INFO = infoBuilder.getBeanInfo();
> }
>
>
> Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleControlFlag.java
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleControlFlag.java?rev=315020&r1=315019&r2=315020&view=diff
> ==============================================================================
> --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleControlFlag.java (original)
> +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleControlFlag.java Wed Oct 12 13:01:56 2005
> @@ -31,22 +31,28 @@
>
> private static final LoginModuleControlFlag[] values = new LoginModuleControlFlag[4];
>
> - public static final LoginModuleControlFlag REQUIRED = new LoginModuleControlFlag(0, AppConfigurationEntry.LoginModuleControlFlag.REQUIRED);
> - public static final LoginModuleControlFlag REQUISITE = new LoginModuleControlFlag(1, AppConfigurationEntry.LoginModuleControlFlag.REQUISITE);
> - public static final LoginModuleControlFlag SUFFICIENT = new LoginModuleControlFlag(2, AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT);
> - public static final LoginModuleControlFlag OPTIONAL = new LoginModuleControlFlag(3, AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL);
> + public static final LoginModuleControlFlag REQUIRED = new LoginModuleControlFlag(0, AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, "REQUIRED");
> + public static final LoginModuleControlFlag REQUISITE = new LoginModuleControlFlag(1, AppConfigurationEntry.LoginModuleControlFlag.REQUISITE, "REQUISITE");
> + public static final LoginModuleControlFlag SUFFICIENT = new LoginModuleControlFlag(2, AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT, "SUFFICIENT");
> + public static final LoginModuleControlFlag OPTIONAL = new LoginModuleControlFlag(3, AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL, "OPTIONAL");
>
> private final int ordinal;
> + private final String toString;
> private final transient AppConfigurationEntry.LoginModuleControlFlag flag;
>
> - private LoginModuleControlFlag(int ordinal, AppConfigurationEntry.LoginModuleControlFlag flag) {
> + private LoginModuleControlFlag(int ordinal, AppConfigurationEntry.LoginModuleControlFlag flag, String toString) {
> this.ordinal = ordinal;
> this.flag = flag;
> + this.toString = toString;
> values[ordinal] = this;
> }
>
> public AppConfigurationEntry.LoginModuleControlFlag getFlag() {
> return flag;
> + }
> +
> + public String toString() {
> + return toString;
> }
>
> Object readResolve() throws ObjectStreamException {
>
> Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleGBean.java
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleGBean.java?rev=315020&r1=315019&r2=315020&view=diff
> ==============================================================================
> --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleGBean.java (original)
> +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleGBean.java Wed Oct 12 13:01:56 2005
> @@ -22,6 +22,7 @@
> import org.apache.geronimo.gbean.GBeanInfoBuilder;
> import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
>
> +
> /**
> * A GBean that wraps a LoginModule, plus options to configure the LoginModule.
> * If you want to deploy the same LoginModule with different options, you need
> @@ -37,14 +38,16 @@
> private Properties options;
> private String objectName;
> private boolean serverSide;
> + private boolean wrapPrincipals;
>
> public LoginModuleGBean() {
> }
> -
> - public LoginModuleGBean(String loginModuleClass, String objectName, boolean serverSide) {
> +
> + public LoginModuleGBean(String loginModuleClass, String objectName, boolean serverSide, boolean wrapPrincipals) {
> this.loginModuleClass = loginModuleClass;
> this.objectName = objectName;
> this.serverSide = serverSide;
> + this.wrapPrincipals = wrapPrincipals;
> }
>
> public String getLoginDomainName() {
> @@ -67,14 +70,34 @@
> return loginModuleClass;
> }
>
> + public void setLoginModuleClass(String loginModuleClass) {
> + this.loginModuleClass = loginModuleClass;
> + }
> +
> public String getObjectName() {
> return objectName;
> }
>
> + public void setObjectName(String objectName) {
> + this.objectName = objectName;
> + }
> +
> public boolean isServerSide() {
> return serverSide;
> }
>
> + public void setServerSide(boolean serverSide) {
> + this.serverSide = serverSide;
> + }
> +
> + public boolean isWrapPrincipals() {
> + return wrapPrincipals;
> + }
> +
> + public void setWrapPrincipals(boolean wrapPrincipals) {
> + this.wrapPrincipals = wrapPrincipals;
> + }
> +
> public static final GBeanInfo GBEAN_INFO;
>
> static {
> @@ -84,7 +107,9 @@
> infoFactory.addAttribute("objectName", String.class, false);
> infoFactory.addAttribute("serverSide", boolean.class, true);
> infoFactory.addAttribute("loginDomainName", String.class, true);
> - infoFactory.setConstructor(new String[]{"loginModuleClass","objectName","serverSide"});
> + infoFactory.addAttribute("wrapPrincipals", boolean.class, true);
> + infoFactory.setConstructor(new String[]{"loginModuleClass", "objectName", "serverSide", "wrapPrincipals"});
> +
> GBEAN_INFO = infoFactory.getBeanInfo();
> }
>
>
> Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginUtils.java
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginUtils.java?rev=315020&r1=315019&r2=315020&view=diff
> ==============================================================================
> --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginUtils.java (original)
> +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginUtils.java Wed Oct 12 13:01:56 2005
> @@ -16,51 +16,63 @@
> */
> package org.apache.geronimo.security.jaas;
>
> -import javax.security.auth.login.LoginException;
> +import java.io.Externalizable;
> +import java.io.Serializable;
> +import java.rmi.Remote;
> +import java.util.HashMap;
> +import java.util.HashSet;
> +import java.util.Iterator;
> +import java.util.Map;
> +import java.util.Set;
> +import javax.security.auth.Subject;
> +
> +import org.apache.geronimo.security.jaas.server.JaasLoginModuleConfiguration;
> +
>
> /**
> * Helper class the computes the login result across a number of separate
> * login modules.
> - *
> + *
> * @version $Rev: 46019 $ $Date: 2004-09-14 05:56:06 -0400 (Tue, 14 Sep 2004) $
> */
> public class LoginUtils {
> - public static boolean computeLogin(LoginModuleConfiguration[] modules) throws LoginException {
> - Boolean success = null;
> - Boolean backup = null;
> - // see http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/login/Configuration.html
> - for(int i = 0; i < modules.length; i++) {
> - LoginModuleConfiguration module = modules[i];
> - boolean result = module.getModule().login();
> - if(module.getControlFlag() == LoginModuleControlFlag.REQUIRED) {
> - if(success == null || success.booleanValue()) {
> - success = result ? Boolean.TRUE : Boolean.FALSE;
> - }
> - } else if(module.getControlFlag() == LoginModuleControlFlag.REQUISITE) {
> - if(!result) {
> - return false;
> - } else if(success == null) {
> - success = Boolean.TRUE;
> - }
> - } else if(module.getControlFlag() == LoginModuleControlFlag.SUFFICIENT) {
> - if(result && (success == null || success.booleanValue())) {
> - return true;
> - }
> - } else if(module.getControlFlag() == LoginModuleControlFlag.OPTIONAL) {
> - if(backup == null || backup.booleanValue()) {
> - backup = result ? Boolean.TRUE : Boolean.FALSE;
> - }
> + public static void copyPrincipals(Subject to, Subject from) {
> + to.getPrincipals().addAll(from.getPrincipals());
> + }
> +
> + public static Map getSerializableCopy(Map from) {
> + Map to = new HashMap();
> + for (Iterator it = from.keySet().iterator(); it.hasNext();) {
> + String key = (String) it.next();
> + Object value = from.get(key);
> + if (value instanceof Serializable || value instanceof Externalizable || value instanceof Remote) {
> + to.put(key, value);
> }
> }
> - // all required and requisite modules succeeded, or at least one required module failed
> - if(success != null) {
> - return success.booleanValue();
> - }
> - // no required or requisite modules, no sufficient modules succeeded, fall back to optional modules
> - if(backup != null) {
> - return backup.booleanValue();
> + return to;
> + }
> +
> + public static Set getSerializableCopy(Set from) {
> + Set to = new HashSet();
> + for (Iterator it = from.iterator(); it.hasNext();) {
> + Object value = it.next();
> + if (value instanceof Serializable || value instanceof Externalizable || value instanceof Remote) {
> + to.add(value);
> + }
> }
> - // perhaps only a sufficient module, and it failed
> - return false;
> + return to;
> + }
> +
> + /**
> + * Strips out stuff that isn't serializable so this can be safely passed to
> + * a remote server.
> + */
> + public static JaasLoginModuleConfiguration getSerializableCopy(JaasLoginModuleConfiguration config) {
> + return new JaasLoginModuleConfiguration(config.getLoginModuleClassName(),
> + config.getFlag(),
> + LoginUtils.getSerializableCopy(config.getOptions()),
> + config.isServerSide(),
> + config.getLoginDomainName(),
> + config.isWrapPrincipals());
> }
> }
>
> Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ServerRealmConfigurationEntry.java
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ServerRealmConfigurationEntry.java?rev=315020&r1=315019&r2=315020&view=diff
> ==============================================================================
> --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ServerRealmConfigurationEntry.java (original)
> +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ServerRealmConfigurationEntry.java Wed Oct 12 13:01:56 2005
> @@ -22,6 +22,9 @@
> import org.apache.geronimo.gbean.GBeanInfoBuilder;
> import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
> import org.apache.geronimo.kernel.Kernel;
> +import org.apache.geronimo.security.jaas.server.JaasLoginServiceMBean;
> +import org.apache.geronimo.security.jaas.server.JaasLoginModuleConfiguration;
> +import org.apache.geronimo.security.jaas.client.JaasLoginCoordinator;
>
>
> /**
> @@ -37,6 +40,7 @@
> private final String realmName;
> private final Kernel kernel;
> private final JaasLoginServiceMBean loginService;
> + private boolean wrapPrincipals;
>
> public ServerRealmConfigurationEntry() {
> this.applicationConfigName = null;
> @@ -48,10 +52,10 @@
> public ServerRealmConfigurationEntry(String applicationConfigName, String realmName, Kernel kernel, JaasLoginServiceMBean loginService) {
> this.applicationConfigName = applicationConfigName;
> this.realmName = realmName;
> - if(applicationConfigName == null || realmName == null) {
> + if (applicationConfigName == null || realmName == null) {
> throw new IllegalArgumentException("applicationConfigName and realmName are required");
> }
> - if(applicationConfigName.equals(realmName)) {
> + if (applicationConfigName.equals(realmName)) {
> throw new IllegalArgumentException("applicationConfigName must be different than realmName (there's an automatic entry using the same name as the realm name, so you don't need a ServerRealmConfigurationEntry if you're just going to use that!)");
> }
> this.kernel = kernel;
> @@ -62,6 +66,14 @@
> return applicationConfigName;
> }
>
> + public boolean isWrapPrincipals() {
> + return wrapPrincipals;
> + }
> +
> + public void setWrapPrincipals(boolean wrapPrincipals) {
> + this.wrapPrincipals = wrapPrincipals;
> + }
> +
> public JaasLoginModuleConfiguration generateConfiguration() {
> Properties options = new Properties();
> options.put(JaasLoginCoordinator.OPTION_REALM, realmName);
> @@ -73,7 +85,7 @@
> options.put("realm", realmName);
> options.put("kernel", kernel.getKernelName());
>
> - return new JaasLoginModuleConfiguration(JaasLoginCoordinator.class.getName(), LoginModuleControlFlag.REQUIRED, options, true, applicationConfigName);
> + return new JaasLoginModuleConfiguration(JaasLoginCoordinator.class.getName(), LoginModuleControlFlag.REQUIRED, options, true, applicationConfigName, wrapPrincipals);
> }
>
> public static final GBeanInfo GBEAN_INFO;
> @@ -85,6 +97,7 @@
> infoFactory.addAttribute("realmName", String.class, true);
> infoFactory.addAttribute("kernel", Kernel.class, false);
> infoFactory.addReference("LoginService", JaasLoginServiceMBean.class, "JaasLoginService");
> + infoFactory.addAttribute("wrapPrincipals", Boolean.TYPE, true);
>
> infoFactory.setConstructor(new String[]{"applicationConfigName", "realmName", "kernel", "LoginService"});
> GBEAN_INFO = infoFactory.getBeanInfo();
>
> Added: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/client/ClientLoginModuleProxy.java
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/client/ClientLoginModuleProxy.java?rev=315020&view=auto
> ==============================================================================
> --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/client/ClientLoginModuleProxy.java (added)
> +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/client/ClientLoginModuleProxy.java Wed Oct 12 13:01:56 2005
> @@ -0,0 +1,65 @@
> +/**
> + *
> + * Copyright 2005 The Apache Software Foundation
> + *
> + * Licensed under the Apache License, Version 2.0 (the "License");
> + * you may not use this file except in compliance with the License.
> + * You may obtain a copy of the License at
> + *
> + * http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing, software
> + * distributed under the License is distributed on an "AS IS" BASIS,
> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> + * See the License for the specific language governing permissions and
> + * limitations under the License.
> + */
> +package org.apache.geronimo.security.jaas.client;
> +
> +import java.util.Map;
> +import javax.security.auth.Subject;
> +import javax.security.auth.callback.CallbackHandler;
> +import javax.security.auth.login.LoginException;
> +import javax.security.auth.spi.LoginModule;
> +
> +import org.apache.geronimo.security.jaas.LoginModuleControlFlag;
> +
> +
> +/**
> + * @version $Revision: $ $Date: $
> + */
> +public class ClientLoginModuleProxy extends LoginModuleProxy
> +{
> + private final LoginModule source;
> +
> + public ClientLoginModuleProxy(LoginModuleControlFlag controlFlag, Subject subject, LoginModule source)
> + {
> + super(controlFlag, subject);
> + this.source = source;
> + }
> +
> + public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)
> + {
> + source.initialize(subject, callbackHandler, sharedState, options);
> + }
> +
> + public boolean login() throws LoginException
> + {
> + return source.login();
> + }
> +
> + public boolean commit() throws LoginException
> + {
> + return source.commit();
> + }
> +
> + public boolean abort() throws LoginException
> + {
> + return source.abort();
> + }
> +
> + public boolean logout() throws LoginException
> + {
> + return source.logout();
> + }
> +}
> \ No newline at end of file
>
> Copied: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/client/JaasLoginCoordinator.java (from r289678, geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginCoordinator.java)
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/client/JaasLoginCoordinator.java?p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/client/JaasLoginCoordinator.java&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginCoordinator.java&r1=289678&r2=315020&rev=315020&view=diff
> ==============================================================================
> --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginCoordinator.java (original)
> +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/client/JaasLoginCoordinator.java Wed Oct 12 13:01:56 2005
> @@ -1,6 +1,6 @@
> /**
> *
> - * Copyright 2003-2004 The Apache Software Foundation
> + * Copyright 2003-2005 The Apache Software Foundation
> *
> * Licensed under the Apache License, Version 2.0 (the "License");
> * you may not use this file except in compliance with the License.
> @@ -14,26 +14,25 @@
> * See the License for the specific language governing permissions and
> * limitations under the License.
> */
> -package org.apache.geronimo.security.jaas;
> +package org.apache.geronimo.security.jaas.client;
>
> -import java.security.Principal;
> -import java.util.ArrayList;
> import java.util.HashMap;
> -import java.util.HashSet;
> -import java.util.Iterator;
> -import java.util.List;
> import java.util.Map;
> import java.util.Set;
> import javax.management.MalformedObjectNameException;
> import javax.management.ObjectName;
> import javax.security.auth.Subject;
> -import javax.security.auth.callback.Callback;
> import javax.security.auth.callback.CallbackHandler;
> import javax.security.auth.login.LoginException;
> import javax.security.auth.spi.LoginModule;
>
> import org.apache.geronimo.kernel.Kernel;
> import org.apache.geronimo.kernel.KernelRegistry;
> +import org.apache.geronimo.security.jaas.server.JaasSessionId;
> +import org.apache.geronimo.security.jaas.server.JaasLoginModuleConfiguration;
> +import org.apache.geronimo.security.jaas.LoginModuleControlFlag;
> +import org.apache.geronimo.security.jaas.LoginUtils;
> +import org.apache.geronimo.security.jaas.server.JaasLoginServiceMBean;
> import org.apache.geronimo.security.remoting.jmx.JaasLoginServiceRemotingClient;
>
>
> @@ -64,9 +63,10 @@
> private JaasLoginServiceMBean service;
> private CallbackHandler handler;
> private Subject subject;
> - private Set processedPrincipals = new HashSet();
> - private JaasClientId clientHandle;
> - LoginModuleConfiguration[] workers;
> + private JaasSessionId sessionHandle;
> + private LoginModuleProxy[] proxies;
> + private final Map sharedState = new HashMap();
> +
>
> public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) {
> serverHost = (String) options.get(OPTION_HOST);
> @@ -89,47 +89,48 @@
> } else {
> this.subject = subject;
> }
> - //todo: shared state
> }
>
> public boolean login() throws LoginException {
> - clientHandle = service.connectToRealm(realmName);
> - JaasLoginModuleConfiguration[] config = service.getLoginConfiguration(clientHandle);
> - workers = new LoginModuleConfiguration[config.length];
> + sessionHandle = service.connectToRealm(realmName);
> + JaasLoginModuleConfiguration[] config = service.getLoginConfiguration(sessionHandle);
> + proxies = new LoginModuleProxy[config.length];
>
> - for (int i = 0; i < workers.length; i++) {
> - LoginModule wrapper;
> + for (int i = 0; i < proxies.length; i++) {
> if (config[i].isServerSide()) {
> - wrapper = new ServerLoginModule(i);
> + proxies[i] = new ServerLoginProxy(config[i].getFlag(), subject, i, service, sessionHandle);
> } else {
> LoginModule source = config[i].getLoginModule(JaasLoginCoordinator.class.getClassLoader());
> - wrapper = new ClientLoginModule(source, i);
> + if (config[i].isWrapPrincipals()) {
> + proxies[i] = new WrappingClientLoginModuleProxy(config[i].getFlag(), subject, source, config[i].getLoginDomainName(), realmName);
> + } else {
> + proxies[i] = new ClientLoginModuleProxy(config[i].getFlag(), subject, source);
> + }
> }
> - workers[i] = new LoginModuleConfiguration(wrapper, config[i].getFlag());
> - workers[i].getModule().initialize(subject, handler, new HashMap(), config[i].getOptions());
> + proxies[i].initialize(subject, handler, sharedState, config[i].getOptions());
> + syncSharedState();
> }
> - return performLogin(workers);
> + return performLogin();
> }
>
> public boolean commit() throws LoginException {
> - for (int i = 0; i < workers.length; i++) {
> - workers[i].getModule().commit();
> - }
> - Principal[] principals = service.loginSucceeded(clientHandle);
> - for (int i = 0; i < principals.length; i++) {
> - Principal principal = principals[i];
> - subject.getPrincipals().add(principal);
> + for (int i = 0; i < proxies.length; i++) {
> + proxies[i].commit();
> + syncSharedState();
> + syncPrincipals();
> }
> + subject.getPrincipals().add(service.loginSucceeded(sessionHandle));
> return true;
> }
>
> public boolean abort() throws LoginException {
> try {
> - for (int i = 0; i < workers.length; i++) {
> - workers[i].getModule().abort();
> + for (int i = 0; i < proxies.length; i++) {
> + proxies[i].abort();
> + syncSharedState();
> }
> } finally {
> - service.loginFailed(clientHandle);
> + service.loginFailed(sessionHandle);
> }
> clear();
> return true;
> @@ -137,11 +138,12 @@
>
> public boolean logout() throws LoginException {
> try {
> - for (int i = 0; i < workers.length; i++) {
> - workers[i].getModule().logout();
> + for (int i = 0; i < proxies.length; i++) {
> + proxies[i].logout();
> + syncSharedState();
> }
> } finally {
> - service.logout(clientHandle);
> + service.logout(sessionHandle);
> }
> clear();
> return true;
> @@ -159,9 +161,8 @@
> service = null;
> handler = null;
> subject = null;
> - processedPrincipals.clear();
> - clientHandle = null;
> - workers = null;
> + sessionHandle = null;
> + proxies = null;
> }
>
> private JaasLoginServiceMBean connect() {
> @@ -176,32 +177,33 @@
> /**
> * See http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/login/Configuration.html
> *
> - * @param modules
> * @return
> * @throws LoginException
> */
> - private static boolean performLogin(LoginModuleConfiguration[] modules) throws LoginException {
> + private boolean performLogin() throws LoginException {
> Boolean success = null;
> Boolean backup = null;
>
> - for (int i = 0; i < modules.length; i++) {
> - LoginModuleConfiguration module = modules[i];
> - boolean result = module.getModule().login();
> - if (module.getControlFlag() == LoginModuleControlFlag.REQUIRED) {
> + for (int i = 0; i < proxies.length; i++) {
> + LoginModuleProxy proxy = proxies[i];
> + boolean result = proxy.login();
> + syncSharedState();
> +
> + if (proxy.getControlFlag() == LoginModuleControlFlag.REQUIRED) {
> if (success == null || success.booleanValue()) {
> success = result ? Boolean.TRUE : Boolean.FALSE;
> }
> - } else if (module.getControlFlag() == LoginModuleControlFlag.REQUISITE) {
> + } else if (proxy.getControlFlag() == LoginModuleControlFlag.REQUISITE) {
> if (!result) {
> return false;
> } else if (success == null) {
> success = Boolean.TRUE;
> }
> - } else if (module.getControlFlag() == LoginModuleControlFlag.SUFFICIENT) {
> + } else if (proxy.getControlFlag() == LoginModuleControlFlag.SUFFICIENT) {
> if (result && (success == null || success.booleanValue())) {
> return true;
> }
> - } else if (module.getControlFlag() == LoginModuleControlFlag.OPTIONAL) {
> + } else if (proxy.getControlFlag() == LoginModuleControlFlag.OPTIONAL) {
> if (backup == null || backup.booleanValue()) {
> backup = result ? Boolean.TRUE : Boolean.FALSE;
> }
> @@ -219,106 +221,13 @@
> return false;
> }
>
> - private class ClientLoginModule implements LoginModule {
> - private LoginModule source;
> - int index;
> -
> - public ClientLoginModule(LoginModule source, int index) {
> - this.source = source;
> - this.index = index;
> - }
> -
> - public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) {
> - source.initialize(subject, callbackHandler, sharedState, options);
> - }
> -
> - public boolean login() throws LoginException {
> - return source.login();
> - }
> -
> - /**
> - * Commit the LoginModule that is being wrapped. Send the resulting
> - * principals that are obtained back to the server.
> - *
> - * @return true if this method succeeded, or false if this
> - * <code>LoginModule</code> should be ignored.
> - * @throws LoginException if commit fails
> - */
> - public boolean commit() throws LoginException {
> - boolean result = source.commit();
> - List list = new ArrayList();
> - for (Iterator it = subject.getPrincipals().iterator(); it.hasNext();) {
> - Principal p = (Principal) it.next();
> - if (!processedPrincipals.contains(p)) {
> - list.add(p);
> - processedPrincipals.add(p);
> - }
> - }
> - service.clientLoginModuleCommit(clientHandle, index, (Principal[]) list.toArray(new Principal[list.size()]));
> - return result;
> - }
> -
> - public boolean abort() throws LoginException {
> - return source.abort();
> - }
> -
> - public boolean logout() throws LoginException {
> - return source.logout();
> - }
> + private void syncSharedState() throws LoginException {
> + Map map = service.syncShareState(sessionHandle, LoginUtils.getSerializableCopy(sharedState));
> + sharedState.putAll(map);
> }
>
> - private class ServerLoginModule implements LoginModule {
> - int index;
> - CallbackHandler handler;
> - Callback[] callbacks;
> -
> - public ServerLoginModule(int index) {
> - this.index = index;
> - }
> -
> - public void initialize(Subject subject, CallbackHandler handler, Map sharedState, Map options) {
> - this.handler = handler;
> - }
> -
> - /**
> - * Perform a login on the server side.
> - * <p/>
> - * Here we get the Callbacks from the server side, pass them to the
> - * local handler so that they may be filled. We pass the resulting
> - * set of Callbacks back to the server.
> - *
> - * @return true if the authentication succeeded, or false if this
> - * <code>LoginModule</code> should be ignored.
> - * @throws LoginException if the authentication fails
> - */
> - public boolean login() throws LoginException {
> - try {
> - callbacks = service.getServerLoginCallbacks(clientHandle, index);
> - if (handler != null) {
> - handler.handle(callbacks);
> - } else if (callbacks != null && callbacks.length > 0) {
> - System.err.println("No callback handler available for " + callbacks.length + " callbacks!");
> - }
> - return service.performServerLogin(clientHandle, index, callbacks);
> - } catch (LoginException le) {
> - throw le;
> - } catch (Exception e) {
> - LoginException le = new LoginException("Error filling callback list");
> - le.initCause(e);
> - throw le;
> - }
> - }
> -
> - public boolean commit() throws LoginException {
> - return service.serverLoginModuleCommit(clientHandle, index);
> - }
> -
> - public boolean abort() throws LoginException {
> - return false; // taken care of with a single call to the server
> - }
> -
> - public boolean logout() throws LoginException {
> - return false; // taken care of with a single call to the server
> - }
> + private void syncPrincipals() throws LoginException {
> + Set principals = service.syncPrincipals(sessionHandle, subject.getPrincipals());
> + subject.getPrincipals().addAll(principals);
> }
> }
>
> Added: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/client/LoginModuleProxy.java
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/client/LoginModuleProxy.java?rev=315020&view=auto
> ==============================================================================
> --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/client/LoginModuleProxy.java (added)
> +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/client/LoginModuleProxy.java Wed Oct 12 13:01:56 2005
> @@ -0,0 +1,43 @@
> +/**
> + *
> + * Copyright 2005 The Apache Software Foundation
> + *
> + * Licensed under the Apache License, Version 2.0 (the "License");
> + * you may not use this file except in compliance with the License.
> + * You may obtain a copy of the License at
> + *
> + * http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing, software
> + * distributed under the License is distributed on an "AS IS" BASIS,
> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> + * See the License for the specific language governing permissions and
> + * limitations under the License.
> + */
> +package org.apache.geronimo.security.jaas.client;
> +
> +import javax.security.auth.Subject;
> +import javax.security.auth.spi.LoginModule;
> +
> +import org.apache.geronimo.security.jaas.server.JaasSessionId;
> +import org.apache.geronimo.security.jaas.server.JaasLoginServiceMBean;
> +import org.apache.geronimo.security.jaas.LoginModuleControlFlag;
> +
> +
> +/**
> + * @version $Revision: $ $Date: $
> + */
> +public abstract class LoginModuleProxy implements LoginModule {
> + final protected LoginModuleControlFlag controlFlag;
> + final protected Subject subject;
> +
> + public LoginModuleProxy(LoginModuleControlFlag controlFlag, Subject subject)
> + {
> + this.controlFlag = controlFlag;
> + this.subject = subject;
> + }
> +
> + public LoginModuleControlFlag getControlFlag() {
> + return controlFlag;
> + }
> +}
>
> Added: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/client/ServerLoginProxy.java
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/client/ServerLoginProxy.java?rev=315020&view=auto
> ==============================================================================
> --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/client/ServerLoginProxy.java (added)
> +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/client/ServerLoginProxy.java Wed Oct 12 13:01:56 2005
> @@ -0,0 +1,92 @@
> +/**
> + *
> + * Copyright 2005 The Apache Software Foundation
> + *
> + * Licensed under the Apache License, Version 2.0 (the "License");
> + * you may not use this file except in compliance with the License.
> + * You may obtain a copy of the License at
> + *
> + * http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing, software
> + * distributed under the License is distributed on an "AS IS" BASIS,
> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> + * See the License for the specific language governing permissions and
> + * limitations under the License.
> + */
> +package org.apache.geronimo.security.jaas.client;
> +
> +import java.util.Map;
> +import javax.security.auth.Subject;
> +import javax.security.auth.callback.Callback;
> +import javax.security.auth.callback.CallbackHandler;
> +import javax.security.auth.login.LoginException;
> +
> +import org.apache.geronimo.security.jaas.server.JaasSessionId;
> +import org.apache.geronimo.security.jaas.server.JaasLoginServiceMBean;
> +import org.apache.geronimo.security.jaas.LoginModuleControlFlag;
> +
> +
> +/**
> + * @version $Revision: $ $Date: $
> + */
> +public class ServerLoginProxy extends LoginModuleProxy {
> + CallbackHandler handler;
> + Callback[] callbacks;
> + private final int lmIndex;
> + private final JaasLoginServiceMBean service;
> + private final JaasSessionId sessionHandle;
> +
> + public ServerLoginProxy(LoginModuleControlFlag controlFlag, Subject subject, int lmIndex,
> + JaasLoginServiceMBean service, JaasSessionId sessionHandle)
> + {
> + super(controlFlag, subject);
> + this.lmIndex = lmIndex;
> + this.service = service;
> + this.sessionHandle = sessionHandle;
> + }
> +
> + public void initialize(Subject subject, CallbackHandler handler, Map sharedState, Map options) {
> + this.handler = handler;
> + }
> +
> + /**
> + * Perform a login on the server side.
> + * <p/>
> + * Here we get the Callbacks from the server side, pass them to the
> + * local handler so that they may be filled. We pass the resulting
> + * set of Callbacks back to the server.
> + *
> + * @return true if the authentication succeeded, or false if this
> + * <code>LoginModule</code> should be ignored.
> + * @throws javax.security.auth.login.LoginException
> + * if the authentication fails
> + */
> + public boolean login() throws LoginException {
> + try {
> + callbacks = service.getServerLoginCallbacks(sessionHandle, lmIndex);
> + if (handler != null) {
> + handler.handle(callbacks);
> + } else if (callbacks != null && callbacks.length > 0) {
> + System.err.println("No callback handler available for " + callbacks.length + " callbacks!");
> + }
> + return service.performLogin(sessionHandle, lmIndex, callbacks);
> + } catch (Exception e) {
> + LoginException le = new LoginException("Error filling callback list");
> + le.initCause(e);
> + throw le;
> + }
> + }
> +
> + public boolean commit() throws LoginException {
> + return service.performCommit(sessionHandle, lmIndex);
> + }
> +
> + public boolean abort() throws LoginException {
> + return false; // taken care of with a single call to the server
> + }
> +
> + public boolean logout() throws LoginException {
> + return false; // taken care of with a single call to the server
> + }
> +}
> \ No newline at end of file
>
> Added: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/client/WrappingClientLoginModuleProxy.java
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/client/WrappingClientLoginModuleProxy.java?rev=315020&view=auto
> ==============================================================================
> --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/client/WrappingClientLoginModuleProxy.java (added)
> +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/client/WrappingClientLoginModuleProxy.java Wed Oct 12 13:01:56 2005
> @@ -0,0 +1,78 @@
> +/**
> + *
> + * Copyright 2005 The Apache Software Foundation
> + *
> + * Licensed under the Apache License, Version 2.0 (the "License");
> + * you may not use this file except in compliance with the License.
> + * You may obtain a copy of the License at
> + *
> + * http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing, software
> + * distributed under the License is distributed on an "AS IS" BASIS,
> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> + * See the License for the specific language governing permissions and
> + * limitations under the License.
> + */
> +package org.apache.geronimo.security.jaas.client;
> +
> +import java.security.Principal;
> +import java.util.HashSet;
> +import java.util.Iterator;
> +import java.util.Map;
> +import java.util.Set;
> +import javax.security.auth.Subject;
> +import javax.security.auth.callback.CallbackHandler;
> +import javax.security.auth.login.LoginException;
> +import javax.security.auth.spi.LoginModule;
> +
> +import org.apache.geronimo.security.DomainPrincipal;
> +import org.apache.geronimo.security.RealmPrincipal;
> +import org.apache.geronimo.security.jaas.LoginModuleControlFlag;
> +
> +
> +/**
> + * @version $Revision: $ $Date: $
> + */
> +public class WrappingClientLoginModuleProxy extends ClientLoginModuleProxy {
> + private final String loginDomainName;
> + private final String realmName;
> + private final Subject localSubject = new Subject();
> +
> + public WrappingClientLoginModuleProxy(LoginModuleControlFlag controlFlag, Subject subject, LoginModule source,
> + String loginDomainName, String realmName)
> + {
> + super(controlFlag, subject, source);
> + this.loginDomainName = loginDomainName;
> + this.realmName = realmName;
> + }
> +
> + public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) {
> + super.initialize(localSubject, callbackHandler, sharedState, options);
> + }
> +
> + public boolean commit() throws LoginException {
> + boolean result = super.commit();
> +
> + Set wrapped = new HashSet();
> + for (Iterator iter = subject.getPrincipals().iterator(); iter.hasNext();) {
> + DomainPrincipal dPrincipal = new DomainPrincipal(loginDomainName, (Principal) iter.next());
> +
> + wrapped.add(dPrincipal);
> + wrapped.add(new RealmPrincipal(realmName, dPrincipal));
> + }
> + localSubject.getPrincipals().addAll(wrapped);
> + subject.getPrincipals().addAll(localSubject.getPrincipals());
> +
> + return result;
> + }
> +
> + public boolean logout() throws LoginException {
> + boolean result = super.logout();
> +
> + subject.getPrincipals().removeAll(localSubject.getPrincipals());
> + localSubject.getPrincipals().clear();
> +
> + return result;
> + }
> +}
> \ No newline at end of file
>
> Copied: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/server/DecouplingCallbackHandler.java (from r289678, geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DecouplingCallbackHandler.java)
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/server/DecouplingCallbackHandler.java?p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/server/DecouplingCallbackHandler.java&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DecouplingCallbackHandler.java&r1=289678&r2=315020&rev=315020&view=diff
> ==============================================================================
> --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DecouplingCallbackHandler.java (original)
> +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/server/DecouplingCallbackHandler.java Wed Oct 12 13:01:56 2005
> @@ -14,7 +14,7 @@
> * See the License for the specific language governing permissions and
> * limitations under the License.
> */
> -package org.apache.geronimo.security.jaas;
> +package org.apache.geronimo.security.jaas.server;
>
> import javax.security.auth.callback.Callback;
> import javax.security.auth.callback.CallbackHandler;
>
> Copied: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/server/ExpiredLoginModuleException.java (from r289678, geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ExpiredLoginModuleException.java)
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/server/ExpiredLoginModuleException.java?p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/server/ExpiredLoginModuleException.java&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ExpiredLoginModuleException.java&r1=289678&r2=315020&rev=315020&view=diff
> ==============================================================================
> --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ExpiredLoginModuleException.java (original)
> +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/server/ExpiredLoginModuleException.java Wed Oct 12 13:01:56 2005
> @@ -15,7 +15,7 @@
> * limitations under the License.
> */
>
> -package org.apache.geronimo.security.jaas;
> +package org.apache.geronimo.security.jaas.server;
>
> import javax.security.auth.login.LoginException;
>
>
> Propchange: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/server/ExpiredLoginModuleException.java
> ------------------------------------------------------------------------------
> svn:eol-style = native
>
> Propchange: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/server/ExpiredLoginModuleException.java
> ------------------------------------------------------------------------------
> svn:keywords = author date id rev
>
> Copied: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/server/JaasLoginModuleConfiguration.java (from r289678, geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleConfiguration.java)
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/server/JaasLoginModuleConfiguration.java?p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/server/JaasLoginModuleConfiguration.java&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleConfiguration.java&r1=289678&r2=315020&rev=315020&view=diff
> ==============================================================================
> --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleConfiguration.java (original)
> +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/server/JaasLoginModuleConfiguration.java Wed Oct 12 13:01:56 2005
> @@ -14,17 +14,15 @@
> * See the License for the specific language governing permissions and
> * limitations under the License.
> */
> -package org.apache.geronimo.security.jaas;
> +package org.apache.geronimo.security.jaas.server;
>
> -import java.io.Externalizable;
> import java.io.Serializable;
> -import java.rmi.Remote;
> -import java.util.HashMap;
> -import java.util.Iterator;
> import java.util.Map;
> import javax.security.auth.spi.LoginModule;
>
> import org.apache.geronimo.common.GeronimoSecurityException;
> +import org.apache.geronimo.security.jaas.LoginModuleControlFlag;
> +
>
> /**
> * Describes the configuration of a LoginModule -- its name, class, control
> @@ -34,22 +32,26 @@
> * @version $Rev: 46019 $ $Date: 2004-09-14 05:56:06 -0400 (Tue, 14 Sep 2004) $
> */
> public class JaasLoginModuleConfiguration implements Serializable {
> - private boolean serverSide;
> - private String loginDomainName;
> - private LoginModuleControlFlag flag;
> - private String loginModuleName;
> - private Map options;
> -
> - public JaasLoginModuleConfiguration(String loginModuleName, LoginModuleControlFlag flag, Map options, boolean serverSide, String loginDomainName) {
> + private final boolean serverSide;
> + private final String loginDomainName;
> + private final LoginModuleControlFlag flag;
> + private final String loginModuleName;
> + private final Map options;
> + private final boolean wrapPrincipals;
> +
> + public JaasLoginModuleConfiguration(String loginModuleName, LoginModuleControlFlag flag, Map options,
> + boolean serverSide, String loginDomainName, boolean wrapPrincipals)
> + {
> this.serverSide = serverSide;
> this.flag = flag;
> this.loginModuleName = loginModuleName;
> this.options = options;
> this.loginDomainName = loginDomainName;
> + this.wrapPrincipals = wrapPrincipals;
> }
>
> public JaasLoginModuleConfiguration(String loginModuleName, LoginModuleControlFlag flag, Map options, boolean serverSide) {
> - this(loginModuleName, flag, options, serverSide, null);
> + this(loginModuleName, flag, options, serverSide, null, false);
> }
>
> public String getLoginModuleClassName() {
> @@ -80,20 +82,7 @@
> return loginDomainName;
> }
>
> - /**
> - * Strips out stuff that isn't serializable so this can be safely passed to
> - * a remote server.
> - */
> - public JaasLoginModuleConfiguration getSerializableCopy() {
> - Map other = new HashMap();
> - for (Iterator it = options.keySet().iterator(); it.hasNext();) {
> - String key = (String) it.next();
> - Object value = options.get(key);
> - if (value instanceof Serializable || value instanceof Externalizable || value instanceof Remote) {
> - other.put(key, value);
> - }
> - }
> -
> - return new JaasLoginModuleConfiguration(loginModuleName, flag, other, serverSide, loginDomainName);
> + public boolean isWrapPrincipals() {
> + return wrapPrincipals;
> }
> }
>
>
>
>
--
Joe Bohn
joe.bohn@earthlink.net
"He is no fool who gives what he cannot keep, to gain what he cannot
lose." -- Jim Elliot
Re: svn commit: r315020 [1/3] - in /geronimo/trunk/modules: assembly/src/plan/ jetty/src/test/org/apache/geronimo/jetty/ security/src/java/org/apache/geronimo/security/ security/src/java/org/apache/geronimo/security/jaas/ security/src/java/org/apache/geron...
Posted by David Jencks <da...@yahoo.com>.
I've checked in a partial fix: the console works for me. I have a plan
for how to complete the fix and I'll be working on this more later
unless alan beats me to it :-)
thanks
david jencks
On Oct 13, 2005, at 5:28 PM, David Jencks wrote:
> These changes did cause the problem, I'm looking into it.
>
> david jencks
>
> On Oct 13, 2005, at 3:15 PM, Joe Bohn wrote:
>
>> I just updated my image from head earlier this afternoon and I've
>> been pulling my hair out trying to figure out why I get a 403 when I
>> attempt to authenticate to the Web Console. This happens with both
>> the tomcat and the jetty container configurations. Is it possible
>> that these changes (or the other related changes around the same
>> time) that hit some of the JAAS login logic is causing my problem.
>> Sachin updated his code yesterday afternoon (probably prior to this)
>> and isn't seeing the same problem.
>>
>> Thanks,
>> Joe
>>
>> adc@apache.org wrote:
>>> Author: adc
>>> Date: Wed Oct 12 13:01:56 2005
>>> New Revision: 315020
>>> URL: http://svn.apache.org/viewcvs?rev=315020&view=rev
>>> Log:
>>> Initial checkin for GERONIMO-883
>>> Added:
>>>
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/DomainPrincipal.java
>>>
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/client/
>>>
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/client/ClientLoginModuleProxy.java
>>>
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/client/JaasLoginCoordinator.java
>>> - copied, changed from r289678,
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/JaasLoginCoordinator.java
>>>
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/client/LoginModuleProxy.java
>>>
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/client/ServerLoginProxy.java
>>>
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/client/WrappingClientLoginModuleProxy.java
>>>
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/server/
>>>
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/server/DecouplingCallbackHandler.java
>>> - copied, changed from r289678,
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/DecouplingCallbackHandler.java
>>>
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/server/ExpiredLoginModuleException.java (contents,
>>> props changed)
>>> - copied, changed from r289678,
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/ExpiredLoginModuleException.java
>>>
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/server/JaasLoginModuleConfiguration.java
>>> - copied, changed from r289678,
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/JaasLoginModuleConfiguration.java
>>>
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/server/JaasLoginService.java
>>> - copied, changed from r289678,
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/JaasLoginService.java
>>>
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/server/JaasLoginServiceMBean.java
>>> - copied, changed from r289678,
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/JaasLoginServiceMBean.java
>>>
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/server/JaasSecuritySession.java
>>> - copied, changed from r289678,
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/JaasSecurityContext.java
>>>
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/server/JaasSessionId.java
>>> - copied, changed from r289678,
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/JaasClientId.java
>>>
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/server/WrappingLoginModuleProxy.java
>>> Removed:
>>>
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/DecouplingCallbackHandler.java
>>>
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/ExpiredLoginModuleException.java
>>>
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/JaasClientId.java
>>>
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/JaasLoginCoordinator.java
>>>
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/JaasLoginModuleConfiguration.java
>>>
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/JaasLoginService.java
>>>
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/JaasLoginServiceMBean.java
>>>
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/JaasSecurityContext.java
>>>
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/LoginModuleConfiguration.java
>>> Modified:
>>>
>>> geronimo/trunk/modules/assembly/src/plan/j2ee-client-security-
>>> plan.xml
>>> geronimo/trunk/modules/assembly/src/plan/j2ee-security-plan.xml
>>>
>>> geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/
>>> AbstractWebModuleTest.java
>>>
>>> geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/
>>> SecurityTest.java
>>>
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/ContextManager.java
>>>
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/PrimaryRealmPrincipal.java
>>>
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/RealmPrincipal.java
>>>
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/ConfigurationEntryFactory.java
>>>
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/DirectConfigurationEntry.java
>>>
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/GeronimoLoginConfiguration.java
>>>
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/JaasLoginModuleUse.java
>>>
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/LoginModuleControlFlag.java
>>>
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/LoginModuleGBean.java
>>>
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/LoginUtils.java
>>>
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/ServerRealmConfigurationEntry.java
>>>
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/realm/GenericSecurityRealm.java
>>>
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/realm/SecurityRealm.java
>>>
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/remoting/jmx/JaasLoginServiceRemotingClient.java
>>>
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/remoting/jmx/JaasLoginServiceRemotingServer.java
>>> geronimo/trunk/modules/security/src/test-data/data/login.config
>>>
>>> geronimo/trunk/modules/security/src/test/org/apache/geronimo/
>>> security/AbstractTest.java
>>>
>>> geronimo/trunk/modules/security/src/test/org/apache/geronimo/
>>> security/jaas/ConfigurationEntryTest.java
>>>
>>> geronimo/trunk/modules/security/src/test/org/apache/geronimo/
>>> security/jaas/LoginPropertiesFileTest.java
>>>
>>> geronimo/trunk/modules/security/src/test/org/apache/geronimo/
>>> security/jaas/LoginSQLTest.java
>>>
>>> geronimo/trunk/modules/security/src/test/org/apache/geronimo/
>>> security/jaas/MultipleLoginDomainTest.java
>>>
>>> geronimo/trunk/modules/security/src/test/org/apache/geronimo/
>>> security/jaas/NoLoginModuleReuseTest.java
>>>
>>> geronimo/trunk/modules/security/src/test/org/apache/geronimo/
>>> security/jaas/TimeoutTest.java
>>>
>>> geronimo/trunk/modules/security/src/test/org/apache/geronimo/
>>> security/remoting/jmx/RemoteLoginTest.java
>>> geronimo/trunk/modules/tomcat/project.xml
>>>
>>> geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/
>>> AbstractWebModuleTest.java
>>>
>>> geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/
>>> ApplicationTest.java
>>>
>>> geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/
>>> ContainerTest.java
>>>
>>> geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/
>>> JACCSecurityTest.java
>>> Modified:
>>> geronimo/trunk/modules/assembly/src/plan/j2ee-client-security-
>>> plan.xml
>>> URL:
>>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/assembly/src/
>>> plan/j2ee-client-security-plan.xml?
>>> rev=315020&r1=315019&r2=315020&view=diff
>>> =====================================================================
>>> =========
>>> ---
>>> geronimo/trunk/modules/assembly/src/plan/j2ee-client-security-
>>> plan.xml (original)
>>> +++
>>> geronimo/trunk/modules/assembly/src/plan/j2ee-client-security-
>>> plan.xml Wed Oct 12 13:01:56 2005
>>> @@ -67,7 +67,7 @@
>>> </gbean>
>>> <gbean name="ServerLoginCoordinator"
>>> class="org.apache.geronimo.security.jaas.LoginModuleGBean">
>>> - <attribute
>>> name="loginModuleClass">org.apache.geronimo.security.jaas.JaasLoginCo
>>> ordinator</attribute>
>>> + <attribute
>>> name="loginModuleClass">org.apache.geronimo.security.jaas.client.Jaas
>>> LoginCoordinator</attribute>
>>> <attribute name="serverSide">false</attribute>
>>> <attribute name="options">
>>> host=localhost
>>> @@ -105,7 +105,7 @@
>>> </reference>
>>> </gbean>
>>> <!-- this is really a server-side only gbean but its needed to
>>> make the client side GenericSecurityRealm work -->
>>> - <gbean name="JaasLoginService"
>>> class="org.apache.geronimo.security.jaas.JaasLoginService">
>>> + <gbean name="JaasLoginService"
>>> class="org.apache.geronimo.security.jaas.server.JaasLoginService">
>>> <reference name="Realms">
>>> <name>client-properties-realm</name>
>>> </reference>
>>> Modified:
>>> geronimo/trunk/modules/assembly/src/plan/j2ee-security-plan.xml
>>> URL:
>>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/assembly/src/
>>> plan/j2ee-security-plan.xml?rev=315020&r1=315019&r2=315020&view=diff
>>> =====================================================================
>>> =========
>>> --- geronimo/trunk/modules/assembly/src/plan/j2ee-security-plan.xml
>>> (original)
>>> +++ geronimo/trunk/modules/assembly/src/plan/j2ee-security-plan.xml
>>> Wed Oct 12 13:01:56 2005
>>> @@ -49,7 +49,7 @@
>>> </references>
>>> </gbean>
>>> - <gbean name="JaasLoginService"
>>> class="org.apache.geronimo.security.jaas.JaasLoginService">
>>> + <gbean name="JaasLoginService"
>>> class="org.apache.geronimo.security.jaas.server.JaasLoginService">
>>> <reference
>>> name="Realms"><application>*</application><module>*</
>>> module><name>*</name></reference>
>>> <!-- <attribute
>>> name="reclaimPeriod">100000</attribute>-->
>>> <attribute name="algorithm">HmacSHA1</attribute>
>>> Modified:
>>> geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/
>>> AbstractWebModuleTest.java
>>> URL:
>>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/test/
>>> org/apache/geronimo/jetty/AbstractWebModuleTest.java?
>>> rev=315020&r1=315019&r2=315020&view=diff
>>> =====================================================================
>>> =========
>>> ---
>>> geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/
>>> AbstractWebModuleTest.java (original)
>>> +++
>>> geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/
>>> AbstractWebModuleTest.java Wed Oct 12 13:01:56 2005
>>> @@ -28,33 +28,31 @@
>>> import javax.management.ObjectName;
>>> import junit.framework.TestCase;
>>> -import
>>> org.apache.geronimo.connector.outbound.connectiontracking.ConnectionT
>>> rackingCoordinator;
>>> +import org.mortbay.jetty.servlet.FormAuthenticator;
>>> +
>>> import
>>> org.apache.geronimo.connector.outbound.connectiontracking.ConnectionT
>>> rackingCoordinatorGBean;
>>> import org.apache.geronimo.gbean.GBeanData;
>>> import org.apache.geronimo.j2ee.j2eeobjectnames.J2eeContext;
>>> import org.apache.geronimo.j2ee.j2eeobjectnames.J2eeContextImpl;
>>> import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
>>> import org.apache.geronimo.jetty.connector.HTTPConnector;
>>> -import org.apache.geronimo.kernel.KernelFactory;
>>> import org.apache.geronimo.kernel.Kernel;
>>> +import org.apache.geronimo.kernel.KernelFactory;
>>> import org.apache.geronimo.kernel.management.State;
>>> import org.apache.geronimo.security.SecurityServiceImpl;
>>> -import org.apache.geronimo.security.jacc.ComponentPermissions;
>>> -import
>>> org.apache.geronimo.security.jacc.ApplicationPolicyConfigurationManag
>>> er;
>>> -import org.apache.geronimo.security.deploy.Principal;
>>> import org.apache.geronimo.security.deploy.DefaultPrincipal;
>>> +import org.apache.geronimo.security.deploy.Principal;
>>> import org.apache.geronimo.security.jaas.GeronimoLoginConfiguration;
>>> -import org.apache.geronimo.security.jaas.JaasLoginService;
>>> -import org.apache.geronimo.security.jaas.LoginModuleGBean;
>>> import org.apache.geronimo.security.jaas.JaasLoginModuleUse;
>>> +import org.apache.geronimo.security.jaas.LoginModuleGBean;
>>> +import org.apache.geronimo.security.jaas.server.JaasLoginService;
>>> +import
>>> org.apache.geronimo.security.jacc.ApplicationPolicyConfigurationManag
>>> er;
>>> +import org.apache.geronimo.security.jacc.ComponentPermissions;
>>> import org.apache.geronimo.security.realm.GenericSecurityRealm;
>>> import org.apache.geronimo.system.serverinfo.BasicServerInfo;
>>> import
>>> org.apache.geronimo.transaction.context.OnlineUserTransaction;
>>> -import
>>> org.apache.geronimo.transaction.context.TransactionContextManager;
>>> import
>>> org.apache.geronimo.transaction.context.TransactionContextManagerGBea
>>> n;
>>> -import
>>> org.apache.geronimo.transaction.manager.TransactionManagerImpl;
>>> import
>>> org.apache.geronimo.transaction.manager.TransactionManagerImplGBean;
>>> -import org.mortbay.jetty.servlet.FormAuthenticator;
>>> /**
>>> @@ -207,6 +205,7 @@
>>> options.setProperty("usersURI",
>>> "src/test-resources/data/users.properties");
>>> options.setProperty("groupsURI",
>>> "src/test-resources/data/groups.properties");
>>> propertiesLMGBean.setAttribute("options", options);
>>> + propertiesLMGBean.setAttribute("wrapPrincipals",
>>> Boolean.TRUE);
>>> //TODO should this be called securityRealmName?
>>> propertiesLMGBean.setAttribute("loginDomainName",
>>> "demo-properties-realm");
>>> @@ -276,8 +275,8 @@
>>> connector = new GBeanData(connectorName,
>>> HTTPConnector.GBEAN_INFO);
>>> connector.setAttribute("port", new Integer(5678));
>>> - connector.setAttribute("maxThreads", new Integer(50));
>>> - connector.setAttribute("minThreads", new Integer(10));
>>> + connector.setAttribute("maxThreads", new Integer(50));
>>> + connector.setAttribute("minThreads", new Integer(10));
>>> connector.setReferencePattern("JettyContainer",
>>> containerName);
>>> start(container);
>>> Modified:
>>> geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/
>>> SecurityTest.java
>>> URL:
>>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/test/
>>> org/apache/geronimo/jetty/SecurityTest.java?
>>> rev=315020&r1=315019&r2=315020&view=diff
>>> =====================================================================
>>> =========
>>> ---
>>> geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/
>>> SecurityTest.java (original)
>>> +++
>>> geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/
>>> SecurityTest.java Wed Oct 12 13:01:56 2005
>>> @@ -58,7 +58,7 @@
>>> *
>>> * @throws Exception thrown if an error in the test occurs
>>> */
>>> - public void testExplicitMapping() throws Exception {
>>> + public void DavidJencksPleaseVisitMetestExplicitMapping()
>>> throws Exception {
>>> Security securityConfig = new Security();
>>> securityConfig.setUseContextHandler(false);
>>> Modified:
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/ContextManager.java
>>> URL:
>>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/
>>> java/org/apache/geronimo/security/ContextManager.java?
>>> rev=315020&r1=315019&r2=315020&view=diff
>>> =====================================================================
>>> =========
>>> ---
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/ContextManager.java (original)
>>> +++
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/ContextManager.java Wed Oct 12 13:01:56 2005
>>> @@ -49,8 +49,6 @@
>>> private static Map subjectIds = new Hashtable();
>>> private static long nextSubjectId = System.currentTimeMillis();
>>> - private static long nextPrincipalId =
>>> System.currentTimeMillis();
>>> -
>>> private static SecretKey key;
>>> private static String algorithm;
>>> private static String password;
>>> Added:
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/DomainPrincipal.java
>>> URL:
>>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/
>>> java/org/apache/geronimo/security/DomainPrincipal.java?
>>> rev=315020&view=auto
>>> =====================================================================
>>> =========
>>> ---
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/DomainPrincipal.java (added)
>>> +++
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/DomainPrincipal.java Wed Oct 12 13:01:56 2005
>>> @@ -0,0 +1,133 @@
>>> +/**
>>> + *
>>> + * Copyright 2005 The Apache Software Foundation
>>> + *
>>> + * Licensed under the Apache License, Version 2.0 (the "License");
>>> + * you may not use this file except in compliance with the License.
>>> + * You may obtain a copy of the License at
>>> + *
>>> + * http://www.apache.org/licenses/LICENSE-2.0
>>> + *
>>> + * Unless required by applicable law or agreed to in writing,
>>> software
>>> + * distributed under the License is distributed on an "AS IS"
>>> BASIS,
>>> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
>>> implied.
>>> + * See the License for the specific language governing permissions
>>> and
>>> + * limitations under the License.
>>> + */
>>> +
>>> +package org.apache.geronimo.security;
>>> +
>>> +import java.io.Serializable;
>>> +import java.security.Principal;
>>> +
>>> +/**
>>> + * Represents a principal in an realm.
>>> + *
>>> + * @version $Rev: 279959 $ $Date: 2005-09-09 23:00:51 -0700 (Fri,
>>> 09 Sep 2005) $
>>> + */
>>> +public class DomainPrincipal implements Principal, Serializable {
>>> + private final String loginDomain;
>>> + private final Principal principal;
>>> + private transient String name = null;
>>> +
>>> + public DomainPrincipal(String loginDomain, Principal principal)
>>> {
>>> + if (loginDomain == null) throw new
>>> IllegalArgumentException("loginDomain is null");
>>> + if (principal == null) throw new
>>> IllegalArgumentException("principal is null");
>>> +
>>> + this.loginDomain = loginDomain;
>>> + this.principal = principal;
>>> + }
>>> +
>>> + /**
>>> + * Compares this principal to the specified object. Returns
>>> true
>>> + * if the object passed in matches the principal represented by
>>> + * the implementation of this interface.
>>> + *
>>> + * @param another principal to compare with.
>>> + * @return true if the principal passed in is the same as that
>>> + * encapsulated by this principal, and false otherwise.
>>> + */
>>> + public boolean equals(Object another) {
>>> + if (!(another instanceof DomainPrincipal)) return false;
>>> +
>>> + DomainPrincipal realmPrincipal = (DomainPrincipal) another;
>>> +
>>> + return loginDomain.equals(realmPrincipal.loginDomain) &&
>>> principal.equals(realmPrincipal.principal);
>>> + }
>>> +
>>> + /**
>>> + * Returns a string representation of this principal.
>>> + *
>>> + * @return a string representation of this principal.
>>> + */
>>> + public String toString() {
>>> + //TODO hack to workaround bogus assumptions in some secret
>>> code.
>>> +// return getName();
>>> + if (name == null) {
>>> +
>>> + StringBuffer buffer = new StringBuffer("");
>>> + buffer.append(loginDomain);
>>> + buffer.append(":[");
>>> + buffer.append(principal.getClass().getName());
>>> + buffer.append(':');
>>> + buffer.append(principal.getName());
>>> + buffer.append("]");
>>> +
>>> + name = buffer.toString();
>>> + }
>>> + return name;
>>> + }
>>> +
>>> + /**
>>> + * Returns a hashcode for this principal.
>>> + *
>>> + * @return a hashcode for this principal.
>>> + */
>>> + public int hashCode() {
>>> + int result;
>>> + result = loginDomain.hashCode();
>>> + result = 29 * result + principal.hashCode();
>>> + return result;
>>> + }
>>> +
>>> + /**
>>> + * Returns the name of this principal.
>>> + *
>>> + * @return the name of this principal.
>>> + */
>>> + public String getName() {
>>> + //TODO hack to workaround bogus assumptions in some secret
>>> code.
>>> + if (name == null) {
>>> +
>>> + StringBuffer buffer = new StringBuffer("");
>>> + buffer.append(loginDomain);
>>> + buffer.append(":[");
>>> + buffer.append(principal.getClass().getName());
>>> + buffer.append(':');
>>> + buffer.append(principal.getName());
>>> + buffer.append("]");
>>> +
>>> + name = buffer.toString();
>>> + }
>>> + return name;
>>> +// return principal.getName();
>>> + }
>>> +
>>> + /**
>>> + * Returns the principal that is associated with the realm.
>>> + *
>>> + * @return the principal that is associated with the realm.
>>> + */
>>> + public Principal getPrincipal() {
>>> + return principal;
>>> + }
>>> +
>>> + /**
>>> + * Returns the realm that is associated with the principal.
>>> + *
>>> + * @return the realm that is associated with the principal.
>>> + */
>>> + public String getLoginDomain() {
>>> + return loginDomain;
>>> + }
>>> +}
>>> Modified:
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/PrimaryRealmPrincipal.java
>>> URL:
>>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/
>>> java/org/apache/geronimo/security/PrimaryRealmPrincipal.java?
>>> rev=315020&r1=315019&r2=315020&view=diff
>>> =====================================================================
>>> =========
>>> ---
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/PrimaryRealmPrincipal.java (original)
>>> +++
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/PrimaryRealmPrincipal.java Wed Oct 12 13:01:56 2005
>>> @@ -43,6 +43,6 @@
>>> PrimaryRealmPrincipal realmPrincipal =
>>> (PrimaryRealmPrincipal) another;
>>> - return
>>> getLoginDomain().equals(realmPrincipal.getLoginDomain()) &&
>>> getPrincipal().equals(realmPrincipal.getPrincipal());
>>> + return getRealm().equals(realmPrincipal.getRealm()) &&
>>> getPrincipal().equals(realmPrincipal.getPrincipal());
>>> }
>>> }
>>> Modified:
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/RealmPrincipal.java
>>> URL:
>>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/
>>> java/org/apache/geronimo/security/RealmPrincipal.java?
>>> rev=315020&r1=315019&r2=315020&view=diff
>>> =====================================================================
>>> =========
>>> ---
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/RealmPrincipal.java (original)
>>> +++
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/RealmPrincipal.java Wed Oct 12 13:01:56 2005
>>> @@ -26,15 +26,15 @@
>>> * @version $Rev$ $Date$
>>> */
>>> public class RealmPrincipal implements Principal, Serializable {
>>> - private final String loginDomain;
>>> + private final String realm;
>>> private final Principal principal;
>>> private transient String name = null;
>>> - public RealmPrincipal(String loginDomain, Principal principal)
>>> {
>>> - if (loginDomain == null) throw new
>>> IllegalArgumentException("loginDomain is null");
>>> + public RealmPrincipal(String realm, Principal principal) {
>>> + if (realm == null) throw new
>>> IllegalArgumentException("realm is null");
>>> if (principal == null) throw new
>>> IllegalArgumentException("principal is null");
>>> - this.loginDomain = loginDomain;
>>> + this.realm = realm;
>>> this.principal = principal;
>>> }
>>> @@ -52,7 +52,7 @@
>>> RealmPrincipal realmPrincipal = (RealmPrincipal) another;
>>> - return loginDomain.equals(realmPrincipal.loginDomain) &&
>>> principal.equals(realmPrincipal.principal);
>>> + return realm.equals(realmPrincipal.realm) &&
>>> principal.equals(realmPrincipal.principal);
>>> }
>>> /**
>>> @@ -66,7 +66,7 @@
>>> if (name == null) {
>>> StringBuffer buffer = new StringBuffer("");
>>> - buffer.append(loginDomain);
>>> + buffer.append(realm);
>>> buffer.append(":[");
>>> buffer.append(principal.getClass().getName());
>>> buffer.append(':');
>>> @@ -85,7 +85,7 @@
>>> */
>>> public int hashCode() {
>>> int result;
>>> - result = loginDomain.hashCode();
>>> + result = realm.hashCode();
>>> result = 29 * result + principal.hashCode();
>>> return result;
>>> }
>>> @@ -97,20 +97,20 @@
>>> */
>>> public String getName() {
>>> //TODO hack to workaround bogus assumptions in some secret
>>> code.
>>> -// if (name == null) {
>>> -//
>>> -// StringBuffer buffer = new StringBuffer("");
>>> -// buffer.append(loginDomain);
>>> -// buffer.append(":[");
>>> -// buffer.append(principal.getClass().getName());
>>> -// buffer.append(':');
>>> -// buffer.append(principal.getName());
>>> -// buffer.append("]");
>>> -//
>>> -// name = buffer.toString();
>>> -// }
>>> -// return name;
>>> - return principal.getName();
>>> + if (name == null) {
>>> +
>>> + StringBuffer buffer = new StringBuffer("");
>>> + buffer.append(realm);
>>> + buffer.append(":[");
>>> + buffer.append(principal.getClass().getName());
>>> + buffer.append(':');
>>> + buffer.append(principal.getName());
>>> + buffer.append("]");
>>> +
>>> + name = buffer.toString();
>>> + }
>>> + return name;
>>> +// return principal.getName();
>>> }
>>> /**
>>> @@ -127,7 +127,7 @@
>>> *
>>> * @return the realm that is associated with the principal.
>>> */
>>> - public String getLoginDomain() {
>>> - return loginDomain;
>>> + public String getRealm() {
>>> + return realm;
>>> }
>>> }
>>> Modified:
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/ConfigurationEntryFactory.java
>>> URL:
>>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/
>>> java/org/apache/geronimo/security/jaas/
>>> ConfigurationEntryFactory.java?
>>> rev=315020&r1=315019&r2=315020&view=diff
>>> =====================================================================
>>> =========
>>> ---
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/ConfigurationEntryFactory.java (original)
>>> +++
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/ConfigurationEntryFactory.java Wed Oct 12 13:01:56
>>> 2005
>>> @@ -16,6 +16,9 @@
>>> */
>>> package org.apache.geronimo.security.jaas;
>>> +import
>>> org.apache.geronimo.security.jaas.server.JaasLoginModuleConfiguration
>>> ;
>>> +
>>> +
>>> /**
>>> * A factory interface used by
>>> <code>GeronimoLoginConfiguration</code> to obtain
>>> * <code>JaasLoginModuleConfiguration</code>s from GBean
>>> configuration entries.
>>> Modified:
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/DirectConfigurationEntry.java
>>> URL:
>>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/
>>> java/org/apache/geronimo/security/jaas/
>>> DirectConfigurationEntry.java?
>>> rev=315020&r1=315019&r2=315020&view=diff
>>> =====================================================================
>>> =========
>>> ---
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/DirectConfigurationEntry.java (original)
>>> +++
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/DirectConfigurationEntry.java Wed Oct 12 13:01:56 2005
>>> @@ -19,6 +19,7 @@
>>> import org.apache.geronimo.gbean.GBeanInfo;
>>> import org.apache.geronimo.gbean.GBeanInfoBuilder;
>>> import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
>>> +import
>>> org.apache.geronimo.security.jaas.server.JaasLoginModuleConfiguration
>>> ;
>>> /**
>>> @@ -33,17 +34,20 @@
>>> private final String applicationConfigName;
>>> private final LoginModuleControlFlag controlFlag;
>>> private final LoginModuleGBean module;
>>> + private final boolean wrapPrincipals;
>>> public DirectConfigurationEntry() {
>>> this.applicationConfigName = null;
>>> this.controlFlag = null;
>>> this.module = null;
>>> + this.wrapPrincipals = false;
>>> }
>>> - public DirectConfigurationEntry(String applicationConfigName,
>>> LoginModuleControlFlag controlFlag, LoginModuleGBean module) {
>>> + public DirectConfigurationEntry(String applicationConfigName,
>>> LoginModuleControlFlag controlFlag, LoginModuleGBean module, boolean
>>> wrapPrincipals) {
>>> this.applicationConfigName = applicationConfigName;
>>> this.controlFlag = controlFlag;
>>> this.module = module;
>>> + this.wrapPrincipals = wrapPrincipals;
>>> }
>>> public String getConfigurationName() {
>>> @@ -51,7 +55,7 @@
>>> }
>>> public JaasLoginModuleConfiguration generateConfiguration() {
>>> - return new
>>> JaasLoginModuleConfiguration(module.getLoginModuleClass(),
>>> controlFlag, module.getOptions(), module.isServerSide(),
>>> applicationConfigName);
>>> + return new
>>> JaasLoginModuleConfiguration(module.getLoginModuleClass(),
>>> controlFlag, module.getOptions(), module.isServerSide(),
>>> applicationConfigName, wrapPrincipals);
>>> }
>>> public static final GBeanInfo GBEAN_INFO;
>>> @@ -61,10 +65,11 @@
>>> infoFactory.addInterface(ConfigurationEntryFactory.class);
>>> infoFactory.addAttribute("applicationConfigName",
>>> String.class, true);
>>> infoFactory.addAttribute("controlFlag",
>>> LoginModuleControlFlag.class, true);
>>> + infoFactory.addAttribute("wrapPrincipals", boolean.class,
>>> true);
>>> infoFactory.addReference("Module", LoginModuleGBean.class,
>>> NameFactory.LOGIN_MODULE);
>>> - infoFactory.setConstructor(new
>>> String[]{"applicationConfigName", "controlFlag", "Module"});
>>> + infoFactory.setConstructor(new
>>> String[]{"applicationConfigName", "controlFlag", "Module",
>>> "wrapPrincipals"});
>>> GBEAN_INFO = infoFactory.getBeanInfo();
>>> }
>>> Modified:
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/GeronimoLoginConfiguration.java
>>> URL:
>>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/
>>> java/org/apache/geronimo/security/jaas/
>>> GeronimoLoginConfiguration.java?
>>> rev=315020&r1=315019&r2=315020&view=diff
>>> =====================================================================
>>> =========
>>> ---
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/GeronimoLoginConfiguration.java (original)
>>> +++
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/GeronimoLoginConfiguration.java Wed Oct 12 13:01:56
>>> 2005
>>> @@ -34,6 +34,7 @@
>>> import org.apache.geronimo.gbean.ReferenceCollectionEvent;
>>> import org.apache.geronimo.gbean.ReferenceCollectionListener;
>>> import org.apache.geronimo.security.SecurityServiceImpl;
>>> +import
>>> org.apache.geronimo.security.jaas.server.JaasLoginModuleConfiguration
>>> ;
>>> /**
>>> @@ -134,7 +135,7 @@
>>> log.info("Removed Application Configuration Entry " +
>>> iter.next());
>>> }
>>> entries.clear();
>>> - +
>>> log.info("Uninstalled Geronimo login configuration");
>>> }
>>> Modified:
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/JaasLoginModuleUse.java
>>> URL:
>>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/
>>> java/org/apache/geronimo/security/jaas/JaasLoginModuleUse.java?
>>> rev=315020&r1=315019&r2=315020&view=diff
>>> =====================================================================
>>> =========
>>> ---
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/JaasLoginModuleUse.java (original)
>>> +++
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/JaasLoginModuleUse.java Wed Oct 12 13:01:56 2005
>>> @@ -16,16 +16,18 @@
>>> */
>>> package org.apache.geronimo.security.jaas;
>>> -import java.util.Set;
>>> +import java.util.HashMap;
>>> import java.util.List;
>>> import java.util.Map;
>>> -import java.util.HashMap;
>>> +import java.util.Set;
>>> import org.apache.geronimo.gbean.GBeanInfo;
>>> import org.apache.geronimo.gbean.GBeanInfoBuilder;
>>> +import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
>>> import org.apache.geronimo.kernel.Kernel;
>>> import org.apache.geronimo.system.serverinfo.ServerInfo;
>>> -import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
>>> +import
>>> org.apache.geronimo.security.jaas.server.JaasLoginModuleConfiguration
>>> ;
>>> +
>>> /**
>>> * Holds a reference to a login module and the control flag. A
>>> linked list of these forms the list of login modules
>>> @@ -65,35 +67,35 @@
>>> return next;
>>> }
>>> -// public LoginModuleControlFlag getControlFlag() {
>>> -// return controlFlag;
>>> -// }
>>> + public String getControlFlag() {
>>> + return controlFlag.toString();
>>> + }
>>> public void configure(Set domainNames, List
>>> loginModuleConfigurations, Kernel kernel, ServerInfo serverInfo,
>>> ClassLoader classLoader) {
>>> Map options = loginModule.getOptions();
>>> - if (options != null) {
>>> - options = new HashMap(options);
>>> - } else {
>>> - options = new HashMap();
>>> - }
>>> - if (kernel != null &&
>>> !options.containsKey(KERNEL_LM_OPTION)) {
>>> - options.put(KERNEL_LM_OPTION,
>>> kernel.getKernelName());
>>> - }
>>> - if (serverInfo != null &&
>>> !options.containsKey(SERVERINFO_LM_OPTION)) {
>>> - options.put(SERVERINFO_LM_OPTION,
>>> serverInfo);
>>> - }
>>> - if (classLoader != null &&
>>> !options.containsKey(CLASSLOADER_LM_OPTION)) {
>>> - options.put(CLASSLOADER_LM_OPTION,
>>> classLoader);
>>> - }
>>> - if (loginModule.getLoginDomainName() != null) {
>>> - if
>>> (domainNames.contains(loginModule.getLoginDomainName())) {
>>> - throw new IllegalStateException("Error
>>> in realm: one security realm cannot contain multiple login modules
>>> for the same login domain");
>>> - } else {
>>> -
>>> domainNames.add(loginModule.getLoginDomainName());
>>> - }
>>> - }
>>> - JaasLoginModuleConfiguration config = new
>>> JaasLoginModuleConfiguration(loginModule.getLoginModuleClass(),
>>> controlFlag, options, loginModule.isServerSide(),
>>> loginModule.getLoginDomainName());
>>> - loginModuleConfigurations.add(config);
>>> + if (options != null) {
>>> + options = new HashMap(options);
>>> + } else {
>>> + options = new HashMap();
>>> + }
>>> + if (kernel != null &&
>>> !options.containsKey(KERNEL_LM_OPTION)) {
>>> + options.put(KERNEL_LM_OPTION, kernel.getKernelName());
>>> + }
>>> + if (serverInfo != null &&
>>> !options.containsKey(SERVERINFO_LM_OPTION)) {
>>> + options.put(SERVERINFO_LM_OPTION, serverInfo);
>>> + }
>>> + if (classLoader != null &&
>>> !options.containsKey(CLASSLOADER_LM_OPTION)) {
>>> + options.put(CLASSLOADER_LM_OPTION, classLoader);
>>> + }
>>> + if (loginModule.getLoginDomainName() != null) {
>>> + if
>>> (domainNames.contains(loginModule.getLoginDomainName())) {
>>> + throw new IllegalStateException("Error in realm:
>>> one security realm cannot contain multiple login modules for the
>>> same login domain");
>>> + } else {
>>> + domainNames.add(loginModule.getLoginDomainName());
>>> + }
>>> + }
>>> + JaasLoginModuleConfiguration config = new
>>> JaasLoginModuleConfiguration(loginModule.getLoginModuleClass(),
>>> controlFlag, options, loginModule.isServerSide(),
>>> loginModule.getLoginDomainName(), loginModule.isWrapPrincipals());
>>> + loginModuleConfigurations.add(config);
>>> if (next != null) {
>>> next.configure(domainNames, loginModuleConfigurations,
>>> kernel, serverInfo, classLoader);
>>> @@ -108,9 +110,9 @@
>>> infoBuilder.addReference("LoginModule",
>>> LoginModuleGBean.class, NameFactory.LOGIN_MODULE);
>>> infoBuilder.addReference("Next", JaasLoginModuleUse.class);
>>> - infoBuilder.addOperation("configure", new Class[]
>>> {Set.class, List.class, Kernel.class, ServerInfo.class,
>>> ClassLoader.class});
>>> + infoBuilder.addOperation("configure", new
>>> Class[]{Set.class, List.class, Kernel.class, ServerInfo.class,
>>> ClassLoader.class});
>>> - infoBuilder.setConstructor(new String[] {"LoginModule",
>>> "Next", "controlFlag"});
>>> + infoBuilder.setConstructor(new String[]{"LoginModule",
>>> "Next", "controlFlag"});
>>> GBEAN_INFO = infoBuilder.getBeanInfo();
>>> }
>>> Modified:
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/LoginModuleControlFlag.java
>>> URL:
>>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/
>>> java/org/apache/geronimo/security/jaas/LoginModuleControlFlag.java?
>>> rev=315020&r1=315019&r2=315020&view=diff
>>> =====================================================================
>>> =========
>>> ---
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/LoginModuleControlFlag.java (original)
>>> +++
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/LoginModuleControlFlag.java Wed Oct 12 13:01:56 2005
>>> @@ -31,22 +31,28 @@
>>> private static final LoginModuleControlFlag[] values = new
>>> LoginModuleControlFlag[4];
>>> - public static final LoginModuleControlFlag REQUIRED = new
>>> LoginModuleControlFlag(0,
>>> AppConfigurationEntry.LoginModuleControlFlag.REQUIRED);
>>> - public static final LoginModuleControlFlag REQUISITE = new
>>> LoginModuleControlFlag(1,
>>> AppConfigurationEntry.LoginModuleControlFlag.REQUISITE);
>>> - public static final LoginModuleControlFlag SUFFICIENT = new
>>> LoginModuleControlFlag(2,
>>> AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT);
>>> - public static final LoginModuleControlFlag OPTIONAL = new
>>> LoginModuleControlFlag(3,
>>> AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL);
>>> + public static final LoginModuleControlFlag REQUIRED = new
>>> LoginModuleControlFlag(0,
>>> AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, "REQUIRED");
>>> + public static final LoginModuleControlFlag REQUISITE = new
>>> LoginModuleControlFlag(1,
>>> AppConfigurationEntry.LoginModuleControlFlag.REQUISITE,
>>> "REQUISITE");
>>> + public static final LoginModuleControlFlag SUFFICIENT = new
>>> LoginModuleControlFlag(2,
>>> AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT,
>>> "SUFFICIENT");
>>> + public static final LoginModuleControlFlag OPTIONAL = new
>>> LoginModuleControlFlag(3,
>>> AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL, "OPTIONAL");
>>> private final int ordinal;
>>> + private final String toString;
>>> private final transient
>>> AppConfigurationEntry.LoginModuleControlFlag flag;
>>> - private LoginModuleControlFlag(int ordinal,
>>> AppConfigurationEntry.LoginModuleControlFlag flag) {
>>> + private LoginModuleControlFlag(int ordinal,
>>> AppConfigurationEntry.LoginModuleControlFlag flag, String toString)
>>> {
>>> this.ordinal = ordinal;
>>> this.flag = flag;
>>> + this.toString = toString;
>>> values[ordinal] = this;
>>> }
>>> public AppConfigurationEntry.LoginModuleControlFlag getFlag() {
>>> return flag;
>>> + }
>>> +
>>> + public String toString() {
>>> + return toString;
>>> }
>>> Object readResolve() throws ObjectStreamException {
>>> Modified:
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/LoginModuleGBean.java
>>> URL:
>>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/
>>> java/org/apache/geronimo/security/jaas/LoginModuleGBean.java?
>>> rev=315020&r1=315019&r2=315020&view=diff
>>> =====================================================================
>>> =========
>>> ---
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/LoginModuleGBean.java (original)
>>> +++
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/LoginModuleGBean.java Wed Oct 12 13:01:56 2005
>>> @@ -22,6 +22,7 @@
>>> import org.apache.geronimo.gbean.GBeanInfoBuilder;
>>> import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
>>> +
>>> /**
>>> * A GBean that wraps a LoginModule, plus options to configure the
>>> LoginModule.
>>> * If you want to deploy the same LoginModule with different
>>> options, you need
>>> @@ -37,14 +38,16 @@
>>> private Properties options;
>>> private String objectName;
>>> private boolean serverSide;
>>> + private boolean wrapPrincipals;
>>> public LoginModuleGBean() {
>>> }
>>> - - public LoginModuleGBean(String loginModuleClass, String
>>> objectName, boolean serverSide) {
>>> +
>>> + public LoginModuleGBean(String loginModuleClass, String
>>> objectName, boolean serverSide, boolean wrapPrincipals) {
>>> this.loginModuleClass = loginModuleClass;
>>> this.objectName = objectName;
>>> this.serverSide = serverSide;
>>> + this.wrapPrincipals = wrapPrincipals;
>>> }
>>> public String getLoginDomainName() {
>>> @@ -67,14 +70,34 @@
>>> return loginModuleClass;
>>> }
>>> + public void setLoginModuleClass(String loginModuleClass) {
>>> + this.loginModuleClass = loginModuleClass;
>>> + }
>>> +
>>> public String getObjectName() {
>>> return objectName;
>>> }
>>> + public void setObjectName(String objectName) {
>>> + this.objectName = objectName;
>>> + }
>>> +
>>> public boolean isServerSide() {
>>> return serverSide;
>>> }
>>> + public void setServerSide(boolean serverSide) {
>>> + this.serverSide = serverSide;
>>> + }
>>> +
>>> + public boolean isWrapPrincipals() {
>>> + return wrapPrincipals;
>>> + }
>>> +
>>> + public void setWrapPrincipals(boolean wrapPrincipals) {
>>> + this.wrapPrincipals = wrapPrincipals;
>>> + }
>>> +
>>> public static final GBeanInfo GBEAN_INFO;
>>> static {
>>> @@ -84,7 +107,9 @@
>>> infoFactory.addAttribute("objectName", String.class, false);
>>> infoFactory.addAttribute("serverSide", boolean.class, true);
>>> infoFactory.addAttribute("loginDomainName", String.class,
>>> true);
>>> - infoFactory.setConstructor(new
>>> String[]{"loginModuleClass","objectName","serverSide"});
>>> + infoFactory.addAttribute("wrapPrincipals", boolean.class,
>>> true);
>>> + infoFactory.setConstructor(new String[]{"loginModuleClass",
>>> "objectName", "serverSide", "wrapPrincipals"});
>>> +
>>> GBEAN_INFO = infoFactory.getBeanInfo();
>>> }
>>> Modified:
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/LoginUtils.java
>>> URL:
>>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/
>>> java/org/apache/geronimo/security/jaas/LoginUtils.java?
>>> rev=315020&r1=315019&r2=315020&view=diff
>>> =====================================================================
>>> =========
>>> ---
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/LoginUtils.java (original)
>>> +++
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/LoginUtils.java Wed Oct 12 13:01:56 2005
>>> @@ -16,51 +16,63 @@
>>> */
>>> package org.apache.geronimo.security.jaas;
>>> -import javax.security.auth.login.LoginException;
>>> +import java.io.Externalizable;
>>> +import java.io.Serializable;
>>> +import java.rmi.Remote;
>>> +import java.util.HashMap;
>>> +import java.util.HashSet;
>>> +import java.util.Iterator;
>>> +import java.util.Map;
>>> +import java.util.Set;
>>> +import javax.security.auth.Subject;
>>> +
>>> +import
>>> org.apache.geronimo.security.jaas.server.JaasLoginModuleConfiguration
>>> ;
>>> +
>>> /**
>>> * Helper class the computes the login result across a number of
>>> separate
>>> * login modules.
>>> - * + *
>>> * @version $Rev: 46019 $ $Date: 2004-09-14 05:56:06 -0400 (Tue, 14
>>> Sep 2004) $
>>> */
>>> public class LoginUtils {
>>> - public static boolean computeLogin(LoginModuleConfiguration[]
>>> modules) throws LoginException {
>>> - Boolean success = null;
>>> - Boolean backup = null;
>>> - // see
>>> http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/login/
>>> Configuration.html
>>> - for(int i = 0; i < modules.length; i++) {
>>> - LoginModuleConfiguration module = modules[i];
>>> - boolean result = module.getModule().login();
>>> - if(module.getControlFlag() ==
>>> LoginModuleControlFlag.REQUIRED) {
>>> - if(success == null || success.booleanValue()) {
>>> - success = result ? Boolean.TRUE : Boolean.FALSE;
>>> - }
>>> - } else if(module.getControlFlag() ==
>>> LoginModuleControlFlag.REQUISITE) {
>>> - if(!result) {
>>> - return false;
>>> - } else if(success == null) {
>>> - success = Boolean.TRUE;
>>> - }
>>> - } else if(module.getControlFlag() ==
>>> LoginModuleControlFlag.SUFFICIENT) {
>>> - if(result && (success == null ||
>>> success.booleanValue())) {
>>> - return true;
>>> - }
>>> - } else if(module.getControlFlag() ==
>>> LoginModuleControlFlag.OPTIONAL) {
>>> - if(backup == null || backup.booleanValue()) {
>>> - backup = result ? Boolean.TRUE : Boolean.FALSE;
>>> - }
>>> + public static void copyPrincipals(Subject to, Subject from) {
>>> + to.getPrincipals().addAll(from.getPrincipals());
>>> + }
>>> +
>>> + public static Map getSerializableCopy(Map from) {
>>> + Map to = new HashMap();
>>> + for (Iterator it = from.keySet().iterator(); it.hasNext();)
>>> {
>>> + String key = (String) it.next();
>>> + Object value = from.get(key);
>>> + if (value instanceof Serializable || value instanceof
>>> Externalizable || value instanceof Remote) {
>>> + to.put(key, value);
>>> }
>>> }
>>> - // all required and requisite modules succeeded, or at
>>> least one required module failed
>>> - if(success != null) {
>>> - return success.booleanValue();
>>> - }
>>> - // no required or requisite modules, no sufficient modules
>>> succeeded, fall back to optional modules
>>> - if(backup != null) {
>>> - return backup.booleanValue();
>>> + return to;
>>> + }
>>> +
>>> + public static Set getSerializableCopy(Set from) {
>>> + Set to = new HashSet();
>>> + for (Iterator it = from.iterator(); it.hasNext();) {
>>> + Object value = it.next();
>>> + if (value instanceof Serializable || value instanceof
>>> Externalizable || value instanceof Remote) {
>>> + to.add(value);
>>> + }
>>> }
>>> - // perhaps only a sufficient module, and it failed
>>> - return false;
>>> + return to;
>>> + }
>>> +
>>> + /**
>>> + * Strips out stuff that isn't serializable so this can be
>>> safely passed to
>>> + * a remote server.
>>> + */
>>> + public static JaasLoginModuleConfiguration
>>> getSerializableCopy(JaasLoginModuleConfiguration config) {
>>> + return new
>>> JaasLoginModuleConfiguration(config.getLoginModuleClassName(),
>>> + config.getFlag(),
>>> +
>>> LoginUtils.getSerializableCopy(config.getOptions()),
>>> +
>>> config.isServerSide(),
>>> +
>>> config.getLoginDomainName(),
>>> +
>>> config.isWrapPrincipals());
>>> }
>>> }
>>> Modified:
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/ServerRealmConfigurationEntry.java
>>> URL:
>>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/
>>> java/org/apache/geronimo/security/jaas/
>>> ServerRealmConfigurationEntry.java?
>>> rev=315020&r1=315019&r2=315020&view=diff
>>> =====================================================================
>>> =========
>>> ---
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/ServerRealmConfigurationEntry.java (original)
>>> +++
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/ServerRealmConfigurationEntry.java Wed Oct 12 13:01:56
>>> 2005
>>> @@ -22,6 +22,9 @@
>>> import org.apache.geronimo.gbean.GBeanInfoBuilder;
>>> import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
>>> import org.apache.geronimo.kernel.Kernel;
>>> +import
>>> org.apache.geronimo.security.jaas.server.JaasLoginServiceMBean;
>>> +import
>>> org.apache.geronimo.security.jaas.server.JaasLoginModuleConfiguration
>>> ;
>>> +import
>>> org.apache.geronimo.security.jaas.client.JaasLoginCoordinator;
>>> /**
>>> @@ -37,6 +40,7 @@
>>> private final String realmName;
>>> private final Kernel kernel;
>>> private final JaasLoginServiceMBean loginService;
>>> + private boolean wrapPrincipals;
>>> public ServerRealmConfigurationEntry() {
>>> this.applicationConfigName = null;
>>> @@ -48,10 +52,10 @@
>>> public ServerRealmConfigurationEntry(String
>>> applicationConfigName, String realmName, Kernel kernel,
>>> JaasLoginServiceMBean loginService) {
>>> this.applicationConfigName = applicationConfigName;
>>> this.realmName = realmName;
>>> - if(applicationConfigName == null || realmName == null) {
>>> + if (applicationConfigName == null || realmName == null) {
>>> throw new
>>> IllegalArgumentException("applicationConfigName and realmName are
>>> required");
>>> }
>>> - if(applicationConfigName.equals(realmName)) {
>>> + if (applicationConfigName.equals(realmName)) {
>>> throw new
>>> IllegalArgumentException("applicationConfigName must be different
>>> than realmName (there's an automatic entry using the same name as
>>> the realm name, so you don't need a ServerRealmConfigurationEntry if
>>> you're just going to use that!)");
>>> }
>>> this.kernel = kernel;
>>> @@ -62,6 +66,14 @@
>>> return applicationConfigName;
>>> }
>>> + public boolean isWrapPrincipals() {
>>> + return wrapPrincipals;
>>> + }
>>> +
>>> + public void setWrapPrincipals(boolean wrapPrincipals) {
>>> + this.wrapPrincipals = wrapPrincipals;
>>> + }
>>> +
>>> public JaasLoginModuleConfiguration generateConfiguration() {
>>> Properties options = new Properties();
>>> options.put(JaasLoginCoordinator.OPTION_REALM, realmName);
>>> @@ -73,7 +85,7 @@
>>> options.put("realm", realmName);
>>> options.put("kernel", kernel.getKernelName());
>>> - return new
>>> JaasLoginModuleConfiguration(JaasLoginCoordinator.class.getName(),
>>> LoginModuleControlFlag.REQUIRED, options, true,
>>> applicationConfigName);
>>> + return new
>>> JaasLoginModuleConfiguration(JaasLoginCoordinator.class.getName(),
>>> LoginModuleControlFlag.REQUIRED, options, true,
>>> applicationConfigName, wrapPrincipals);
>>> }
>>> public static final GBeanInfo GBEAN_INFO;
>>> @@ -85,6 +97,7 @@
>>> infoFactory.addAttribute("realmName", String.class, true);
>>> infoFactory.addAttribute("kernel", Kernel.class, false);
>>> infoFactory.addReference("LoginService",
>>> JaasLoginServiceMBean.class, "JaasLoginService");
>>> + infoFactory.addAttribute("wrapPrincipals", Boolean.TYPE,
>>> true);
>>> infoFactory.setConstructor(new
>>> String[]{"applicationConfigName", "realmName", "kernel",
>>> "LoginService"});
>>> GBEAN_INFO = infoFactory.getBeanInfo();
>>> Added:
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/client/ClientLoginModuleProxy.java
>>> URL:
>>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/
>>> java/org/apache/geronimo/security/jaas/client/
>>> ClientLoginModuleProxy.java?rev=315020&view=auto
>>> =====================================================================
>>> =========
>>> ---
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/client/ClientLoginModuleProxy.java (added)
>>> +++
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/client/ClientLoginModuleProxy.java Wed Oct 12 13:01:56
>>> 2005
>>> @@ -0,0 +1,65 @@
>>> +/**
>>> + *
>>> + * Copyright 2005 The Apache Software Foundation
>>> + *
>>> + * Licensed under the Apache License, Version 2.0 (the "License");
>>> + * you may not use this file except in compliance with the License.
>>> + * You may obtain a copy of the License at
>>> + *
>>> + * http://www.apache.org/licenses/LICENSE-2.0
>>> + *
>>> + * Unless required by applicable law or agreed to in writing,
>>> software
>>> + * distributed under the License is distributed on an "AS IS"
>>> BASIS,
>>> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
>>> implied.
>>> + * See the License for the specific language governing permissions
>>> and
>>> + * limitations under the License.
>>> + */
>>> +package org.apache.geronimo.security.jaas.client;
>>> +
>>> +import java.util.Map;
>>> +import javax.security.auth.Subject;
>>> +import javax.security.auth.callback.CallbackHandler;
>>> +import javax.security.auth.login.LoginException;
>>> +import javax.security.auth.spi.LoginModule;
>>> +
>>> +import org.apache.geronimo.security.jaas.LoginModuleControlFlag;
>>> +
>>> +
>>> +/**
>>> + * @version $Revision: $ $Date: $
>>> + */
>>> +public class ClientLoginModuleProxy extends LoginModuleProxy
>>> +{
>>> + private final LoginModule source;
>>> +
>>> + public ClientLoginModuleProxy(LoginModuleControlFlag
>>> controlFlag, Subject subject, LoginModule source)
>>> + {
>>> + super(controlFlag, subject);
>>> + this.source = source;
>>> + }
>>> +
>>> + public void initialize(Subject subject, CallbackHandler
>>> callbackHandler, Map sharedState, Map options)
>>> + {
>>> + source.initialize(subject, callbackHandler, sharedState,
>>> options);
>>> + }
>>> +
>>> + public boolean login() throws LoginException
>>> + {
>>> + return source.login();
>>> + }
>>> +
>>> + public boolean commit() throws LoginException
>>> + {
>>> + return source.commit();
>>> + }
>>> +
>>> + public boolean abort() throws LoginException
>>> + {
>>> + return source.abort();
>>> + }
>>> +
>>> + public boolean logout() throws LoginException
>>> + {
>>> + return source.logout();
>>> + }
>>> +}
>>> \ No newline at end of file
>>> Copied:
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/client/JaasLoginCoordinator.java (from r289678,
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/JaasLoginCoordinator.java)
>>> URL:
>>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/
>>> java/org/apache/geronimo/security/jaas/client/
>>> JaasLoginCoordinator.java?p2=geronimo/trunk/modules/security/src/
>>> java/org/apache/geronimo/security/jaas/client/
>>> JaasLoginCoordinator.java&p1=geronimo/trunk/modules/security/src/
>>> java/org/apache/geronimo/security/jaas/
>>> JaasLoginCoordinator.java&r1=289678&r2=315020&rev=315020&view=diff
>>> =====================================================================
>>> =========
>>> ---
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/JaasLoginCoordinator.java (original)
>>> +++
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/client/JaasLoginCoordinator.java Wed Oct 12 13:01:56
>>> 2005
>>> @@ -1,6 +1,6 @@
>>> /**
>>> *
>>> - * Copyright 2003-2004 The Apache Software Foundation
>>> + * Copyright 2003-2005 The Apache Software Foundation
>>> *
>>> * Licensed under the Apache License, Version 2.0 (the "License");
>>> * you may not use this file except in compliance with the License.
>>> @@ -14,26 +14,25 @@
>>> * See the License for the specific language governing permissions
>>> and
>>> * limitations under the License.
>>> */
>>> -package org.apache.geronimo.security.jaas;
>>> +package org.apache.geronimo.security.jaas.client;
>>> -import java.security.Principal;
>>> -import java.util.ArrayList;
>>> import java.util.HashMap;
>>> -import java.util.HashSet;
>>> -import java.util.Iterator;
>>> -import java.util.List;
>>> import java.util.Map;
>>> import java.util.Set;
>>> import javax.management.MalformedObjectNameException;
>>> import javax.management.ObjectName;
>>> import javax.security.auth.Subject;
>>> -import javax.security.auth.callback.Callback;
>>> import javax.security.auth.callback.CallbackHandler;
>>> import javax.security.auth.login.LoginException;
>>> import javax.security.auth.spi.LoginModule;
>>> import org.apache.geronimo.kernel.Kernel;
>>> import org.apache.geronimo.kernel.KernelRegistry;
>>> +import org.apache.geronimo.security.jaas.server.JaasSessionId;
>>> +import
>>> org.apache.geronimo.security.jaas.server.JaasLoginModuleConfiguration
>>> ;
>>> +import org.apache.geronimo.security.jaas.LoginModuleControlFlag;
>>> +import org.apache.geronimo.security.jaas.LoginUtils;
>>> +import
>>> org.apache.geronimo.security.jaas.server.JaasLoginServiceMBean;
>>> import
>>> org.apache.geronimo.security.remoting.jmx.JaasLoginServiceRemotingCli
>>> ent;
>>> @@ -64,9 +63,10 @@
>>> private JaasLoginServiceMBean service;
>>> private CallbackHandler handler;
>>> private Subject subject;
>>> - private Set processedPrincipals = new HashSet();
>>> - private JaasClientId clientHandle;
>>> - LoginModuleConfiguration[] workers;
>>> + private JaasSessionId sessionHandle;
>>> + private LoginModuleProxy[] proxies;
>>> + private final Map sharedState = new HashMap();
>>> +
>>> public void initialize(Subject subject, CallbackHandler
>>> callbackHandler, Map sharedState, Map options) {
>>> serverHost = (String) options.get(OPTION_HOST);
>>> @@ -89,47 +89,48 @@
>>> } else {
>>> this.subject = subject;
>>> }
>>> - //todo: shared state
>>> }
>>> public boolean login() throws LoginException {
>>> - clientHandle = service.connectToRealm(realmName);
>>> - JaasLoginModuleConfiguration[] config =
>>> service.getLoginConfiguration(clientHandle);
>>> - workers = new LoginModuleConfiguration[config.length];
>>> + sessionHandle = service.connectToRealm(realmName);
>>> + JaasLoginModuleConfiguration[] config =
>>> service.getLoginConfiguration(sessionHandle);
>>> + proxies = new LoginModuleProxy[config.length];
>>> - for (int i = 0; i < workers.length; i++) {
>>> - LoginModule wrapper;
>>> + for (int i = 0; i < proxies.length; i++) {
>>> if (config[i].isServerSide()) {
>>> - wrapper = new ServerLoginModule(i);
>>> + proxies[i] = new
>>> ServerLoginProxy(config[i].getFlag(), subject, i, service,
>>> sessionHandle);
>>> } else {
>>> LoginModule source =
>>> config[i].getLoginModule(JaasLoginCoordinator.class.getClassLoader())
>>> ;
>>> - wrapper = new ClientLoginModule(source, i);
>>> + if (config[i].isWrapPrincipals()) {
>>> + proxies[i] = new
>>> WrappingClientLoginModuleProxy(config[i].getFlag(), subject, source,
>>> config[i].getLoginDomainName(), realmName);
>>> + } else {
>>> + proxies[i] = new
>>> ClientLoginModuleProxy(config[i].getFlag(), subject, source);
>>> + }
>>> }
>>> - workers[i] = new LoginModuleConfiguration(wrapper,
>>> config[i].getFlag());
>>> - workers[i].getModule().initialize(subject, handler, new
>>> HashMap(), config[i].getOptions());
>>> + proxies[i].initialize(subject, handler, sharedState,
>>> config[i].getOptions());
>>> + syncSharedState();
>>> }
>>> - return performLogin(workers);
>>> + return performLogin();
>>> }
>>> public boolean commit() throws LoginException {
>>> - for (int i = 0; i < workers.length; i++) {
>>> - workers[i].getModule().commit();
>>> - }
>>> - Principal[] principals =
>>> service.loginSucceeded(clientHandle);
>>> - for (int i = 0; i < principals.length; i++) {
>>> - Principal principal = principals[i];
>>> - subject.getPrincipals().add(principal);
>>> + for (int i = 0; i < proxies.length; i++) {
>>> + proxies[i].commit();
>>> + syncSharedState();
>>> + syncPrincipals();
>>> }
>>> +
>>> subject.getPrincipals().add(service.loginSucceeded(sessionHandle));
>>> return true;
>>> }
>>> public boolean abort() throws LoginException {
>>> try {
>>> - for (int i = 0; i < workers.length; i++) {
>>> - workers[i].getModule().abort();
>>> + for (int i = 0; i < proxies.length; i++) {
>>> + proxies[i].abort();
>>> + syncSharedState();
>>> }
>>> } finally {
>>> - service.loginFailed(clientHandle);
>>> + service.loginFailed(sessionHandle);
>>> }
>>> clear();
>>> return true;
>>> @@ -137,11 +138,12 @@
>>> public boolean logout() throws LoginException {
>>> try {
>>> - for (int i = 0; i < workers.length; i++) {
>>> - workers[i].getModule().logout();
>>> + for (int i = 0; i < proxies.length; i++) {
>>> + proxies[i].logout();
>>> + syncSharedState();
>>> }
>>> } finally {
>>> - service.logout(clientHandle);
>>> + service.logout(sessionHandle);
>>> }
>>> clear();
>>> return true;
>>> @@ -159,9 +161,8 @@
>>> service = null;
>>> handler = null;
>>> subject = null;
>>> - processedPrincipals.clear();
>>> - clientHandle = null;
>>> - workers = null;
>>> + sessionHandle = null;
>>> + proxies = null;
>>> }
>>> private JaasLoginServiceMBean connect() {
>>> @@ -176,32 +177,33 @@
>>> /**
>>> * See
>>> http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/login/
>>> Configuration.html
>>> *
>>> - * @param modules
>>> * @return
>>> * @throws LoginException
>>> */
>>> - private static boolean performLogin(LoginModuleConfiguration[]
>>> modules) throws LoginException {
>>> + private boolean performLogin() throws LoginException {
>>> Boolean success = null;
>>> Boolean backup = null;
>>> - for (int i = 0; i < modules.length; i++) {
>>> - LoginModuleConfiguration module = modules[i];
>>> - boolean result = module.getModule().login();
>>> - if (module.getControlFlag() ==
>>> LoginModuleControlFlag.REQUIRED) {
>>> + for (int i = 0; i < proxies.length; i++) {
>>> + LoginModuleProxy proxy = proxies[i];
>>> + boolean result = proxy.login();
>>> + syncSharedState();
>>> +
>>> + if (proxy.getControlFlag() ==
>>> LoginModuleControlFlag.REQUIRED) {
>>> if (success == null || success.booleanValue()) {
>>> success = result ? Boolean.TRUE : Boolean.FALSE;
>>> }
>>> - } else if (module.getControlFlag() ==
>>> LoginModuleControlFlag.REQUISITE) {
>>> + } else if (proxy.getControlFlag() ==
>>> LoginModuleControlFlag.REQUISITE) {
>>> if (!result) {
>>> return false;
>>> } else if (success == null) {
>>> success = Boolean.TRUE;
>>> }
>>> - } else if (module.getControlFlag() ==
>>> LoginModuleControlFlag.SUFFICIENT) {
>>> + } else if (proxy.getControlFlag() ==
>>> LoginModuleControlFlag.SUFFICIENT) {
>>> if (result && (success == null ||
>>> success.booleanValue())) {
>>> return true;
>>> }
>>> - } else if (module.getControlFlag() ==
>>> LoginModuleControlFlag.OPTIONAL) {
>>> + } else if (proxy.getControlFlag() ==
>>> LoginModuleControlFlag.OPTIONAL) {
>>> if (backup == null || backup.booleanValue()) {
>>> backup = result ? Boolean.TRUE : Boolean.FALSE;
>>> }
>>> @@ -219,106 +221,13 @@
>>> return false;
>>> }
>>> - private class ClientLoginModule implements LoginModule {
>>> - private LoginModule source;
>>> - int index;
>>> -
>>> - public ClientLoginModule(LoginModule source, int index) {
>>> - this.source = source;
>>> - this.index = index;
>>> - }
>>> -
>>> - public void initialize(Subject subject, CallbackHandler
>>> callbackHandler, Map sharedState, Map options) {
>>> - source.initialize(subject, callbackHandler,
>>> sharedState, options);
>>> - }
>>> -
>>> - public boolean login() throws LoginException {
>>> - return source.login();
>>> - }
>>> -
>>> - /**
>>> - * Commit the LoginModule that is being wrapped. Send the
>>> resulting
>>> - * principals that are obtained back to the server.
>>> - *
>>> - * @return true if this method succeeded, or false if this
>>> - * <code>LoginModule</code> should be ignored.
>>> - * @throws LoginException if commit fails
>>> - */
>>> - public boolean commit() throws LoginException {
>>> - boolean result = source.commit();
>>> - List list = new ArrayList();
>>> - for (Iterator it = subject.getPrincipals().iterator();
>>> it.hasNext();) {
>>> - Principal p = (Principal) it.next();
>>> - if (!processedPrincipals.contains(p)) {
>>> - list.add(p);
>>> - processedPrincipals.add(p);
>>> - }
>>> - }
>>> - service.clientLoginModuleCommit(clientHandle, index,
>>> (Principal[]) list.toArray(new Principal[list.size()]));
>>> - return result;
>>> - }
>>> -
>>> - public boolean abort() throws LoginException {
>>> - return source.abort();
>>> - }
>>> -
>>> - public boolean logout() throws LoginException {
>>> - return source.logout();
>>> - }
>>> + private void syncSharedState() throws LoginException {
>>> + Map map = service.syncShareState(sessionHandle,
>>> LoginUtils.getSerializableCopy(sharedState));
>>> + sharedState.putAll(map);
>>> }
>>> - private class ServerLoginModule implements LoginModule {
>>> - int index;
>>> - CallbackHandler handler;
>>> - Callback[] callbacks;
>>> -
>>> - public ServerLoginModule(int index) {
>>> - this.index = index;
>>> - }
>>> -
>>> - public void initialize(Subject subject, CallbackHandler
>>> handler, Map sharedState, Map options) {
>>> - this.handler = handler;
>>> - }
>>> -
>>> - /**
>>> - * Perform a login on the server side.
>>> - * <p/>
>>> - * Here we get the Callbacks from the server side, pass
>>> them to the
>>> - * local handler so that they may be filled. We pass the
>>> resulting
>>> - * set of Callbacks back to the server.
>>> - *
>>> - * @return true if the authentication succeeded, or false
>>> if this
>>> - * <code>LoginModule</code> should be ignored.
>>> - * @throws LoginException if the authentication fails
>>> - */
>>> - public boolean login() throws LoginException {
>>> - try {
>>> - callbacks =
>>> service.getServerLoginCallbacks(clientHandle, index);
>>> - if (handler != null) {
>>> - handler.handle(callbacks);
>>> - } else if (callbacks != null && callbacks.length >
>>> 0) {
>>> - System.err.println("No callback handler
>>> available for " + callbacks.length + " callbacks!");
>>> - }
>>> - return service.performServerLogin(clientHandle,
>>> index, callbacks);
>>> - } catch (LoginException le) {
>>> - throw le;
>>> - } catch (Exception e) {
>>> - LoginException le = new LoginException("Error
>>> filling callback list");
>>> - le.initCause(e);
>>> - throw le;
>>> - }
>>> - }
>>> -
>>> - public boolean commit() throws LoginException {
>>> - return service.serverLoginModuleCommit(clientHandle,
>>> index);
>>> - }
>>> -
>>> - public boolean abort() throws LoginException {
>>> - return false; // taken care of with a single call to
>>> the server
>>> - }
>>> -
>>> - public boolean logout() throws LoginException {
>>> - return false; // taken care of with a single call to
>>> the server
>>> - }
>>> + private void syncPrincipals() throws LoginException {
>>> + Set principals = service.syncPrincipals(sessionHandle,
>>> subject.getPrincipals());
>>> + subject.getPrincipals().addAll(principals);
>>> }
>>> }
>>> Added:
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/client/LoginModuleProxy.java
>>> URL:
>>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/
>>> java/org/apache/geronimo/security/jaas/client/LoginModuleProxy.java?
>>> rev=315020&view=auto
>>> =====================================================================
>>> =========
>>> ---
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/client/LoginModuleProxy.java (added)
>>> +++
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/client/LoginModuleProxy.java Wed Oct 12 13:01:56 2005
>>> @@ -0,0 +1,43 @@
>>> +/**
>>> + *
>>> + * Copyright 2005 The Apache Software Foundation
>>> + *
>>> + * Licensed under the Apache License, Version 2.0 (the "License");
>>> + * you may not use this file except in compliance with the License.
>>> + * You may obtain a copy of the License at
>>> + *
>>> + * http://www.apache.org/licenses/LICENSE-2.0
>>> + *
>>> + * Unless required by applicable law or agreed to in writing,
>>> software
>>> + * distributed under the License is distributed on an "AS IS"
>>> BASIS,
>>> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
>>> implied.
>>> + * See the License for the specific language governing permissions
>>> and
>>> + * limitations under the License.
>>> + */
>>> +package org.apache.geronimo.security.jaas.client;
>>> +
>>> +import javax.security.auth.Subject;
>>> +import javax.security.auth.spi.LoginModule;
>>> +
>>> +import org.apache.geronimo.security.jaas.server.JaasSessionId;
>>> +import
>>> org.apache.geronimo.security.jaas.server.JaasLoginServiceMBean;
>>> +import org.apache.geronimo.security.jaas.LoginModuleControlFlag;
>>> +
>>> +
>>> +/**
>>> + * @version $Revision: $ $Date: $
>>> + */
>>> +public abstract class LoginModuleProxy implements LoginModule {
>>> + final protected LoginModuleControlFlag controlFlag;
>>> + final protected Subject subject;
>>> +
>>> + public LoginModuleProxy(LoginModuleControlFlag controlFlag,
>>> Subject subject)
>>> + {
>>> + this.controlFlag = controlFlag;
>>> + this.subject = subject;
>>> + }
>>> +
>>> + public LoginModuleControlFlag getControlFlag() {
>>> + return controlFlag;
>>> + }
>>> +}
>>> Added:
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/client/ServerLoginProxy.java
>>> URL:
>>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/
>>> java/org/apache/geronimo/security/jaas/client/ServerLoginProxy.java?
>>> rev=315020&view=auto
>>> =====================================================================
>>> =========
>>> ---
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/client/ServerLoginProxy.java (added)
>>> +++
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/client/ServerLoginProxy.java Wed Oct 12 13:01:56 2005
>>> @@ -0,0 +1,92 @@
>>> +/**
>>> + *
>>> + * Copyright 2005 The Apache Software Foundation
>>> + *
>>> + * Licensed under the Apache License, Version 2.0 (the "License");
>>> + * you may not use this file except in compliance with the License.
>>> + * You may obtain a copy of the License at
>>> + *
>>> + * http://www.apache.org/licenses/LICENSE-2.0
>>> + *
>>> + * Unless required by applicable law or agreed to in writing,
>>> software
>>> + * distributed under the License is distributed on an "AS IS"
>>> BASIS,
>>> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
>>> implied.
>>> + * See the License for the specific language governing permissions
>>> and
>>> + * limitations under the License.
>>> + */
>>> +package org.apache.geronimo.security.jaas.client;
>>> +
>>> +import java.util.Map;
>>> +import javax.security.auth.Subject;
>>> +import javax.security.auth.callback.Callback;
>>> +import javax.security.auth.callback.CallbackHandler;
>>> +import javax.security.auth.login.LoginException;
>>> +
>>> +import org.apache.geronimo.security.jaas.server.JaasSessionId;
>>> +import
>>> org.apache.geronimo.security.jaas.server.JaasLoginServiceMBean;
>>> +import org.apache.geronimo.security.jaas.LoginModuleControlFlag;
>>> +
>>> +
>>> +/**
>>> + * @version $Revision: $ $Date: $
>>> + */
>>> +public class ServerLoginProxy extends LoginModuleProxy {
>>> + CallbackHandler handler;
>>> + Callback[] callbacks;
>>> + private final int lmIndex;
>>> + private final JaasLoginServiceMBean service;
>>> + private final JaasSessionId sessionHandle;
>>> +
>>> + public ServerLoginProxy(LoginModuleControlFlag controlFlag,
>>> Subject subject, int lmIndex,
>>> + JaasLoginServiceMBean service,
>>> JaasSessionId sessionHandle)
>>> + {
>>> + super(controlFlag, subject);
>>> + this.lmIndex = lmIndex;
>>> + this.service = service;
>>> + this.sessionHandle = sessionHandle;
>>> + }
>>> +
>>> + public void initialize(Subject subject, CallbackHandler
>>> handler, Map sharedState, Map options) {
>>> + this.handler = handler;
>>> + }
>>> +
>>> + /**
>>> + * Perform a login on the server side.
>>> + * <p/>
>>> + * Here we get the Callbacks from the server side, pass them to
>>> the
>>> + * local handler so that they may be filled. We pass the
>>> resulting
>>> + * set of Callbacks back to the server.
>>> + *
>>> + * @return true if the authentication succeeded, or false if
>>> this
>>> + * <code>LoginModule</code> should be ignored.
>>> + * @throws javax.security.auth.login.LoginException
>>> + * if the authentication fails
>>> + */
>>> + public boolean login() throws LoginException {
>>> + try {
>>> + callbacks =
>>> service.getServerLoginCallbacks(sessionHandle, lmIndex);
>>> + if (handler != null) {
>>> + handler.handle(callbacks);
>>> + } else if (callbacks != null && callbacks.length > 0) {
>>> + System.err.println("No callback handler available
>>> for " + callbacks.length + " callbacks!");
>>> + }
>>> + return service.performLogin(sessionHandle, lmIndex,
>>> callbacks);
>>> + } catch (Exception e) {
>>> + LoginException le = new LoginException("Error filling
>>> callback list");
>>> + le.initCause(e);
>>> + throw le;
>>> + }
>>> + }
>>> +
>>> + public boolean commit() throws LoginException {
>>> + return service.performCommit(sessionHandle, lmIndex);
>>> + }
>>> +
>>> + public boolean abort() throws LoginException {
>>> + return false; // taken care of with a single call to the
>>> server
>>> + }
>>> +
>>> + public boolean logout() throws LoginException {
>>> + return false; // taken care of with a single call to the
>>> server
>>> + }
>>> +}
>>> \ No newline at end of file
>>> Added:
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/client/WrappingClientLoginModuleProxy.java
>>> URL:
>>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/
>>> java/org/apache/geronimo/security/jaas/client/
>>> WrappingClientLoginModuleProxy.java?rev=315020&view=auto
>>> =====================================================================
>>> =========
>>> ---
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/client/WrappingClientLoginModuleProxy.java (added)
>>> +++
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/client/WrappingClientLoginModuleProxy.java Wed Oct 12
>>> 13:01:56 2005
>>> @@ -0,0 +1,78 @@
>>> +/**
>>> + *
>>> + * Copyright 2005 The Apache Software Foundation
>>> + *
>>> + * Licensed under the Apache License, Version 2.0 (the "License");
>>> + * you may not use this file except in compliance with the License.
>>> + * You may obtain a copy of the License at
>>> + *
>>> + * http://www.apache.org/licenses/LICENSE-2.0
>>> + *
>>> + * Unless required by applicable law or agreed to in writing,
>>> software
>>> + * distributed under the License is distributed on an "AS IS"
>>> BASIS,
>>> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
>>> implied.
>>> + * See the License for the specific language governing permissions
>>> and
>>> + * limitations under the License.
>>> + */
>>> +package org.apache.geronimo.security.jaas.client;
>>> +
>>> +import java.security.Principal;
>>> +import java.util.HashSet;
>>> +import java.util.Iterator;
>>> +import java.util.Map;
>>> +import java.util.Set;
>>> +import javax.security.auth.Subject;
>>> +import javax.security.auth.callback.CallbackHandler;
>>> +import javax.security.auth.login.LoginException;
>>> +import javax.security.auth.spi.LoginModule;
>>> +
>>> +import org.apache.geronimo.security.DomainPrincipal;
>>> +import org.apache.geronimo.security.RealmPrincipal;
>>> +import org.apache.geronimo.security.jaas.LoginModuleControlFlag;
>>> +
>>> +
>>> +/**
>>> + * @version $Revision: $ $Date: $
>>> + */
>>> +public class WrappingClientLoginModuleProxy extends
>>> ClientLoginModuleProxy {
>>> + private final String loginDomainName;
>>> + private final String realmName;
>>> + private final Subject localSubject = new Subject();
>>> +
>>> + public WrappingClientLoginModuleProxy(LoginModuleControlFlag
>>> controlFlag, Subject subject, LoginModule source,
>>> + String loginDomainName,
>>> String realmName)
>>> + {
>>> + super(controlFlag, subject, source);
>>> + this.loginDomainName = loginDomainName;
>>> + this.realmName = realmName;
>>> + }
>>> +
>>> + public void initialize(Subject subject, CallbackHandler
>>> callbackHandler, Map sharedState, Map options) {
>>> + super.initialize(localSubject, callbackHandler,
>>> sharedState, options);
>>> + }
>>> +
>>> + public boolean commit() throws LoginException {
>>> + boolean result = super.commit();
>>> +
>>> + Set wrapped = new HashSet();
>>> + for (Iterator iter = subject.getPrincipals().iterator();
>>> iter.hasNext();) {
>>> + DomainPrincipal dPrincipal = new
>>> DomainPrincipal(loginDomainName, (Principal) iter.next());
>>> +
>>> + wrapped.add(dPrincipal);
>>> + wrapped.add(new RealmPrincipal(realmName, dPrincipal));
>>> + }
>>> + localSubject.getPrincipals().addAll(wrapped);
>>> +
>>> subject.getPrincipals().addAll(localSubject.getPrincipals());
>>> +
>>> + return result;
>>> + }
>>> +
>>> + public boolean logout() throws LoginException {
>>> + boolean result = super.logout();
>>> +
>>> +
>>> subject.getPrincipals().removeAll(localSubject.getPrincipals());
>>> + localSubject.getPrincipals().clear();
>>> +
>>> + return result;
>>> + }
>>> +}
>>> \ No newline at end of file
>>> Copied:
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/server/DecouplingCallbackHandler.java (from r289678,
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/DecouplingCallbackHandler.java)
>>> URL:
>>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/
>>> java/org/apache/geronimo/security/jaas/server/
>>> DecouplingCallbackHandler.java?p2=geronimo/trunk/modules/security/
>>> src/java/org/apache/geronimo/security/jaas/server/
>>> DecouplingCallbackHandler.java&p1=geronimo/trunk/modules/security/
>>> src/java/org/apache/geronimo/security/jaas/
>>> DecouplingCallbackHandler.java&r1=289678&r2=315020&rev=315020&view=di
>>> ff
>>> =====================================================================
>>> =========
>>> ---
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/DecouplingCallbackHandler.java (original)
>>> +++
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/server/DecouplingCallbackHandler.java Wed Oct 12
>>> 13:01:56 2005
>>> @@ -14,7 +14,7 @@
>>> * See the License for the specific language governing permissions
>>> and
>>> * limitations under the License.
>>> */
>>> -package org.apache.geronimo.security.jaas;
>>> +package org.apache.geronimo.security.jaas.server;
>>> import javax.security.auth.callback.Callback;
>>> import javax.security.auth.callback.CallbackHandler;
>>> Copied:
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/server/ExpiredLoginModuleException.java (from r289678,
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/ExpiredLoginModuleException.java)
>>> URL:
>>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/
>>> java/org/apache/geronimo/security/jaas/server/
>>> ExpiredLoginModuleException.java?p2=geronimo/trunk/modules/security/
>>> src/java/org/apache/geronimo/security/jaas/server/
>>> ExpiredLoginModuleException.java&p1=geronimo/trunk/modules/security/
>>> src/java/org/apache/geronimo/security/jaas/
>>> ExpiredLoginModuleException.java&r1=289678&r2=315020&rev=315020&view=
>>> diff
>>> =====================================================================
>>> =========
>>> ---
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/ExpiredLoginModuleException.java (original)
>>> +++
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/server/ExpiredLoginModuleException.java Wed Oct 12
>>> 13:01:56 2005
>>> @@ -15,7 +15,7 @@
>>> * limitations under the License.
>>> */
>>> -package org.apache.geronimo.security.jaas;
>>> +package org.apache.geronimo.security.jaas.server;
>>> import javax.security.auth.login.LoginException;
>>> Propchange:
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/server/ExpiredLoginModuleException.java
>>> ---------------------------------------------------------------------
>>> ---------
>>> svn:eol-style = native
>>> Propchange:
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/server/ExpiredLoginModuleException.java
>>> ---------------------------------------------------------------------
>>> ---------
>>> svn:keywords = author date id rev
>>> Copied:
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/server/JaasLoginModuleConfiguration.java (from
>>> r289678,
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/JaasLoginModuleConfiguration.java)
>>> URL:
>>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/
>>> java/org/apache/geronimo/security/jaas/server/
>>> JaasLoginModuleConfiguration.java?p2=geronimo/trunk/modules/
>>> security/src/java/org/apache/geronimo/security/jaas/server/
>>> JaasLoginModuleConfiguration.java&p1=geronimo/trunk/modules/
>>> security/src/java/org/apache/geronimo/security/jaas/
>>> JaasLoginModuleConfiguration.java&r1=289678&r2=315020&rev=315020&view
>>> =diff
>>> =====================================================================
>>> =========
>>> ---
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/JaasLoginModuleConfiguration.java (original)
>>> +++
>>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>>> security/jaas/server/JaasLoginModuleConfiguration.java Wed Oct 12
>>> 13:01:56 2005
>>> @@ -14,17 +14,15 @@
>>> * See the License for the specific language governing permissions
>>> and
>>> * limitations under the License.
>>> */
>>> -package org.apache.geronimo.security.jaas;
>>> +package org.apache.geronimo.security.jaas.server;
>>> -import java.io.Externalizable;
>>> import java.io.Serializable;
>>> -import java.rmi.Remote;
>>> -import java.util.HashMap;
>>> -import java.util.Iterator;
>>> import java.util.Map;
>>> import javax.security.auth.spi.LoginModule;
>>> import org.apache.geronimo.common.GeronimoSecurityException;
>>> +import org.apache.geronimo.security.jaas.LoginModuleControlFlag;
>>> +
>>> /**
>>> * Describes the configuration of a LoginModule -- its name, class,
>>> control
>>> @@ -34,22 +32,26 @@
>>> * @version $Rev: 46019 $ $Date: 2004-09-14 05:56:06 -0400 (Tue, 14
>>> Sep 2004) $
>>> */
>>> public class JaasLoginModuleConfiguration implements Serializable {
>>> - private boolean serverSide;
>>> - private String loginDomainName;
>>> - private LoginModuleControlFlag flag;
>>> - private String loginModuleName;
>>> - private Map options;
>>> -
>>> - public JaasLoginModuleConfiguration(String loginModuleName,
>>> LoginModuleControlFlag flag, Map options, boolean serverSide, String
>>> loginDomainName) {
>>> + private final boolean serverSide;
>>> + private final String loginDomainName;
>>> + private final LoginModuleControlFlag flag;
>>> + private final String loginModuleName;
>>> + private final Map options;
>>> + private final boolean wrapPrincipals;
>>> +
>>> + public JaasLoginModuleConfiguration(String loginModuleName,
>>> LoginModuleControlFlag flag, Map options,
>>> + boolean serverSide, String
>>> loginDomainName, boolean wrapPrincipals)
>>> + {
>>> this.serverSide = serverSide;
>>> this.flag = flag;
>>> this.loginModuleName = loginModuleName;
>>> this.options = options;
>>> this.loginDomainName = loginDomainName;
>>> + this.wrapPrincipals = wrapPrincipals;
>>> }
>>> public JaasLoginModuleConfiguration(String loginModuleName,
>>> LoginModuleControlFlag flag, Map options, boolean serverSide) {
>>> - this(loginModuleName, flag, options, serverSide, null);
>>> + this(loginModuleName, flag, options, serverSide, null,
>>> false);
>>> }
>>> public String getLoginModuleClassName() {
>>> @@ -80,20 +82,7 @@
>>> return loginDomainName;
>>> }
>>> - /**
>>> - * Strips out stuff that isn't serializable so this can be
>>> safely passed to
>>> - * a remote server.
>>> - */
>>> - public JaasLoginModuleConfiguration getSerializableCopy() {
>>> - Map other = new HashMap();
>>> - for (Iterator it = options.keySet().iterator();
>>> it.hasNext();) {
>>> - String key = (String) it.next();
>>> - Object value = options.get(key);
>>> - if (value instanceof Serializable || value instanceof
>>> Externalizable || value instanceof Remote) {
>>> - other.put(key, value);
>>> - }
>>> - }
>>> -
>>> - return new JaasLoginModuleConfiguration(loginModuleName,
>>> flag, other, serverSide, loginDomainName);
>>> + public boolean isWrapPrincipals() {
>>> + return wrapPrincipals;
>>> }
>>> }
>>
>> --
>> Joe Bohn
>> joe.bohn@earthlink.net
>>
>> "He is no fool who gives what he cannot keep, to gain what he cannot
>> lose." -- Jim Elliot
>>
>
Re: svn commit: r315020 [1/3] - in /geronimo/trunk/modules: assembly/src/plan/ jetty/src/test/org/apache/geronimo/jetty/ security/src/java/org/apache/geronimo/security/ security/src/java/org/apache/geronimo/security/jaas/ security/src/java/org/apache/geron...
Posted by David Jencks <da...@yahoo.com>.
These changes did cause the problem, I'm looking into it.
david jencks
On Oct 13, 2005, at 3:15 PM, Joe Bohn wrote:
> I just updated my image from head earlier this afternoon and I've been
> pulling my hair out trying to figure out why I get a 403 when I
> attempt to authenticate to the Web Console. This happens with both
> the tomcat and the jetty container configurations. Is it possible
> that these changes (or the other related changes around the same time)
> that hit some of the JAAS login logic is causing my problem. Sachin
> updated his code yesterday afternoon (probably prior to this) and
> isn't seeing the same problem.
>
> Thanks,
> Joe
>
> adc@apache.org wrote:
>> Author: adc
>> Date: Wed Oct 12 13:01:56 2005
>> New Revision: 315020
>> URL: http://svn.apache.org/viewcvs?rev=315020&view=rev
>> Log:
>> Initial checkin for GERONIMO-883
>> Added:
>>
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/DomainPrincipal.java
>>
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/client/
>>
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/client/ClientLoginModuleProxy.java
>>
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/client/JaasLoginCoordinator.java
>> - copied, changed from r289678,
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/JaasLoginCoordinator.java
>>
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/client/LoginModuleProxy.java
>>
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/client/ServerLoginProxy.java
>>
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/client/WrappingClientLoginModuleProxy.java
>>
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/server/
>>
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/server/DecouplingCallbackHandler.java
>> - copied, changed from r289678,
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/DecouplingCallbackHandler.java
>>
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/server/ExpiredLoginModuleException.java (contents,
>> props changed)
>> - copied, changed from r289678,
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/ExpiredLoginModuleException.java
>>
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/server/JaasLoginModuleConfiguration.java
>> - copied, changed from r289678,
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/JaasLoginModuleConfiguration.java
>>
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/server/JaasLoginService.java
>> - copied, changed from r289678,
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/JaasLoginService.java
>>
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/server/JaasLoginServiceMBean.java
>> - copied, changed from r289678,
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/JaasLoginServiceMBean.java
>>
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/server/JaasSecuritySession.java
>> - copied, changed from r289678,
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/JaasSecurityContext.java
>>
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/server/JaasSessionId.java
>> - copied, changed from r289678,
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/JaasClientId.java
>>
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/server/WrappingLoginModuleProxy.java
>> Removed:
>>
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/DecouplingCallbackHandler.java
>>
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/ExpiredLoginModuleException.java
>>
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/JaasClientId.java
>>
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/JaasLoginCoordinator.java
>>
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/JaasLoginModuleConfiguration.java
>>
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/JaasLoginService.java
>>
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/JaasLoginServiceMBean.java
>>
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/JaasSecurityContext.java
>>
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/LoginModuleConfiguration.java
>> Modified:
>>
>> geronimo/trunk/modules/assembly/src/plan/j2ee-client-security-
>> plan.xml
>> geronimo/trunk/modules/assembly/src/plan/j2ee-security-plan.xml
>>
>> geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/
>> AbstractWebModuleTest.java
>>
>> geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/
>> SecurityTest.java
>>
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/ContextManager.java
>>
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/PrimaryRealmPrincipal.java
>>
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/RealmPrincipal.java
>>
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/ConfigurationEntryFactory.java
>>
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/DirectConfigurationEntry.java
>>
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/GeronimoLoginConfiguration.java
>>
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/JaasLoginModuleUse.java
>>
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/LoginModuleControlFlag.java
>>
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/LoginModuleGBean.java
>>
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/LoginUtils.java
>>
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/ServerRealmConfigurationEntry.java
>>
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/realm/GenericSecurityRealm.java
>>
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/realm/SecurityRealm.java
>>
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/remoting/jmx/JaasLoginServiceRemotingClient.java
>>
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/remoting/jmx/JaasLoginServiceRemotingServer.java
>> geronimo/trunk/modules/security/src/test-data/data/login.config
>>
>> geronimo/trunk/modules/security/src/test/org/apache/geronimo/
>> security/AbstractTest.java
>>
>> geronimo/trunk/modules/security/src/test/org/apache/geronimo/
>> security/jaas/ConfigurationEntryTest.java
>>
>> geronimo/trunk/modules/security/src/test/org/apache/geronimo/
>> security/jaas/LoginPropertiesFileTest.java
>>
>> geronimo/trunk/modules/security/src/test/org/apache/geronimo/
>> security/jaas/LoginSQLTest.java
>>
>> geronimo/trunk/modules/security/src/test/org/apache/geronimo/
>> security/jaas/MultipleLoginDomainTest.java
>>
>> geronimo/trunk/modules/security/src/test/org/apache/geronimo/
>> security/jaas/NoLoginModuleReuseTest.java
>>
>> geronimo/trunk/modules/security/src/test/org/apache/geronimo/
>> security/jaas/TimeoutTest.java
>>
>> geronimo/trunk/modules/security/src/test/org/apache/geronimo/
>> security/remoting/jmx/RemoteLoginTest.java
>> geronimo/trunk/modules/tomcat/project.xml
>>
>> geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/
>> AbstractWebModuleTest.java
>>
>> geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/
>> ApplicationTest.java
>>
>> geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/
>> ContainerTest.java
>>
>> geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/
>> JACCSecurityTest.java
>> Modified:
>> geronimo/trunk/modules/assembly/src/plan/j2ee-client-security-
>> plan.xml
>> URL:
>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/assembly/src/
>> plan/j2ee-client-security-plan.xml?
>> rev=315020&r1=315019&r2=315020&view=diff
>> ======================================================================
>> ========
>> ---
>> geronimo/trunk/modules/assembly/src/plan/j2ee-client-security-
>> plan.xml (original)
>> +++
>> geronimo/trunk/modules/assembly/src/plan/j2ee-client-security-
>> plan.xml Wed Oct 12 13:01:56 2005
>> @@ -67,7 +67,7 @@
>> </gbean>
>> <gbean name="ServerLoginCoordinator"
>> class="org.apache.geronimo.security.jaas.LoginModuleGBean">
>> - <attribute
>> name="loginModuleClass">org.apache.geronimo.security.jaas.JaasLoginCoo
>> rdinator</attribute>
>> + <attribute
>> name="loginModuleClass">org.apache.geronimo.security.jaas.client.JaasL
>> oginCoordinator</attribute>
>> <attribute name="serverSide">false</attribute>
>> <attribute name="options">
>> host=localhost
>> @@ -105,7 +105,7 @@
>> </reference>
>> </gbean>
>> <!-- this is really a server-side only gbean but its needed to
>> make the client side GenericSecurityRealm work -->
>> - <gbean name="JaasLoginService"
>> class="org.apache.geronimo.security.jaas.JaasLoginService">
>> + <gbean name="JaasLoginService"
>> class="org.apache.geronimo.security.jaas.server.JaasLoginService">
>> <reference name="Realms">
>> <name>client-properties-realm</name>
>> </reference>
>> Modified:
>> geronimo/trunk/modules/assembly/src/plan/j2ee-security-plan.xml
>> URL:
>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/assembly/src/
>> plan/j2ee-security-plan.xml?rev=315020&r1=315019&r2=315020&view=diff
>> ======================================================================
>> ========
>> --- geronimo/trunk/modules/assembly/src/plan/j2ee-security-plan.xml
>> (original)
>> +++ geronimo/trunk/modules/assembly/src/plan/j2ee-security-plan.xml
>> Wed Oct 12 13:01:56 2005
>> @@ -49,7 +49,7 @@
>> </references>
>> </gbean>
>> - <gbean name="JaasLoginService"
>> class="org.apache.geronimo.security.jaas.JaasLoginService">
>> + <gbean name="JaasLoginService"
>> class="org.apache.geronimo.security.jaas.server.JaasLoginService">
>> <reference
>> name="Realms"><application>*</application><module>*</module><name>*</
>> name></reference>
>> <!-- <attribute
>> name="reclaimPeriod">100000</attribute>-->
>> <attribute name="algorithm">HmacSHA1</attribute>
>> Modified:
>> geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/
>> AbstractWebModuleTest.java
>> URL:
>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/test/
>> org/apache/geronimo/jetty/AbstractWebModuleTest.java?
>> rev=315020&r1=315019&r2=315020&view=diff
>> ======================================================================
>> ========
>> ---
>> geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/
>> AbstractWebModuleTest.java (original)
>> +++
>> geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/
>> AbstractWebModuleTest.java Wed Oct 12 13:01:56 2005
>> @@ -28,33 +28,31 @@
>> import javax.management.ObjectName;
>> import junit.framework.TestCase;
>> -import
>> org.apache.geronimo.connector.outbound.connectiontracking.ConnectionTr
>> ackingCoordinator;
>> +import org.mortbay.jetty.servlet.FormAuthenticator;
>> +
>> import
>> org.apache.geronimo.connector.outbound.connectiontracking.ConnectionTr
>> ackingCoordinatorGBean;
>> import org.apache.geronimo.gbean.GBeanData;
>> import org.apache.geronimo.j2ee.j2eeobjectnames.J2eeContext;
>> import org.apache.geronimo.j2ee.j2eeobjectnames.J2eeContextImpl;
>> import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
>> import org.apache.geronimo.jetty.connector.HTTPConnector;
>> -import org.apache.geronimo.kernel.KernelFactory;
>> import org.apache.geronimo.kernel.Kernel;
>> +import org.apache.geronimo.kernel.KernelFactory;
>> import org.apache.geronimo.kernel.management.State;
>> import org.apache.geronimo.security.SecurityServiceImpl;
>> -import org.apache.geronimo.security.jacc.ComponentPermissions;
>> -import
>> org.apache.geronimo.security.jacc.ApplicationPolicyConfigurationManage
>> r;
>> -import org.apache.geronimo.security.deploy.Principal;
>> import org.apache.geronimo.security.deploy.DefaultPrincipal;
>> +import org.apache.geronimo.security.deploy.Principal;
>> import org.apache.geronimo.security.jaas.GeronimoLoginConfiguration;
>> -import org.apache.geronimo.security.jaas.JaasLoginService;
>> -import org.apache.geronimo.security.jaas.LoginModuleGBean;
>> import org.apache.geronimo.security.jaas.JaasLoginModuleUse;
>> +import org.apache.geronimo.security.jaas.LoginModuleGBean;
>> +import org.apache.geronimo.security.jaas.server.JaasLoginService;
>> +import
>> org.apache.geronimo.security.jacc.ApplicationPolicyConfigurationManage
>> r;
>> +import org.apache.geronimo.security.jacc.ComponentPermissions;
>> import org.apache.geronimo.security.realm.GenericSecurityRealm;
>> import org.apache.geronimo.system.serverinfo.BasicServerInfo;
>> import org.apache.geronimo.transaction.context.OnlineUserTransaction;
>> -import
>> org.apache.geronimo.transaction.context.TransactionContextManager;
>> import
>> org.apache.geronimo.transaction.context.TransactionContextManagerGBean
>> ;
>> -import
>> org.apache.geronimo.transaction.manager.TransactionManagerImpl;
>> import
>> org.apache.geronimo.transaction.manager.TransactionManagerImplGBean;
>> -import org.mortbay.jetty.servlet.FormAuthenticator;
>> /**
>> @@ -207,6 +205,7 @@
>> options.setProperty("usersURI",
>> "src/test-resources/data/users.properties");
>> options.setProperty("groupsURI",
>> "src/test-resources/data/groups.properties");
>> propertiesLMGBean.setAttribute("options", options);
>> + propertiesLMGBean.setAttribute("wrapPrincipals",
>> Boolean.TRUE);
>> //TODO should this be called securityRealmName?
>> propertiesLMGBean.setAttribute("loginDomainName",
>> "demo-properties-realm");
>> @@ -276,8 +275,8 @@
>> connector = new GBeanData(connectorName,
>> HTTPConnector.GBEAN_INFO);
>> connector.setAttribute("port", new Integer(5678));
>> - connector.setAttribute("maxThreads", new Integer(50));
>> - connector.setAttribute("minThreads", new Integer(10));
>> + connector.setAttribute("maxThreads", new Integer(50));
>> + connector.setAttribute("minThreads", new Integer(10));
>> connector.setReferencePattern("JettyContainer",
>> containerName);
>> start(container);
>> Modified:
>> geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/
>> SecurityTest.java
>> URL:
>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/test/
>> org/apache/geronimo/jetty/SecurityTest.java?
>> rev=315020&r1=315019&r2=315020&view=diff
>> ======================================================================
>> ========
>> ---
>> geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/
>> SecurityTest.java (original)
>> +++
>> geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/
>> SecurityTest.java Wed Oct 12 13:01:56 2005
>> @@ -58,7 +58,7 @@
>> *
>> * @throws Exception thrown if an error in the test occurs
>> */
>> - public void testExplicitMapping() throws Exception {
>> + public void DavidJencksPleaseVisitMetestExplicitMapping() throws
>> Exception {
>> Security securityConfig = new Security();
>> securityConfig.setUseContextHandler(false);
>> Modified:
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/ContextManager.java
>> URL:
>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/
>> java/org/apache/geronimo/security/ContextManager.java?
>> rev=315020&r1=315019&r2=315020&view=diff
>> ======================================================================
>> ========
>> ---
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/ContextManager.java (original)
>> +++
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/ContextManager.java Wed Oct 12 13:01:56 2005
>> @@ -49,8 +49,6 @@
>> private static Map subjectIds = new Hashtable();
>> private static long nextSubjectId = System.currentTimeMillis();
>> - private static long nextPrincipalId =
>> System.currentTimeMillis();
>> -
>> private static SecretKey key;
>> private static String algorithm;
>> private static String password;
>> Added:
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/DomainPrincipal.java
>> URL:
>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/
>> java/org/apache/geronimo/security/DomainPrincipal.java?
>> rev=315020&view=auto
>> ======================================================================
>> ========
>> ---
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/DomainPrincipal.java (added)
>> +++
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/DomainPrincipal.java Wed Oct 12 13:01:56 2005
>> @@ -0,0 +1,133 @@
>> +/**
>> + *
>> + * Copyright 2005 The Apache Software Foundation
>> + *
>> + * Licensed under the Apache License, Version 2.0 (the "License");
>> + * you may not use this file except in compliance with the License.
>> + * You may obtain a copy of the License at
>> + *
>> + * http://www.apache.org/licenses/LICENSE-2.0
>> + *
>> + * Unless required by applicable law or agreed to in writing,
>> software
>> + * distributed under the License is distributed on an "AS IS" BASIS,
>> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
>> implied.
>> + * See the License for the specific language governing permissions
>> and
>> + * limitations under the License.
>> + */
>> +
>> +package org.apache.geronimo.security;
>> +
>> +import java.io.Serializable;
>> +import java.security.Principal;
>> +
>> +/**
>> + * Represents a principal in an realm.
>> + *
>> + * @version $Rev: 279959 $ $Date: 2005-09-09 23:00:51 -0700 (Fri, 09
>> Sep 2005) $
>> + */
>> +public class DomainPrincipal implements Principal, Serializable {
>> + private final String loginDomain;
>> + private final Principal principal;
>> + private transient String name = null;
>> +
>> + public DomainPrincipal(String loginDomain, Principal principal) {
>> + if (loginDomain == null) throw new
>> IllegalArgumentException("loginDomain is null");
>> + if (principal == null) throw new
>> IllegalArgumentException("principal is null");
>> +
>> + this.loginDomain = loginDomain;
>> + this.principal = principal;
>> + }
>> +
>> + /**
>> + * Compares this principal to the specified object. Returns true
>> + * if the object passed in matches the principal represented by
>> + * the implementation of this interface.
>> + *
>> + * @param another principal to compare with.
>> + * @return true if the principal passed in is the same as that
>> + * encapsulated by this principal, and false otherwise.
>> + */
>> + public boolean equals(Object another) {
>> + if (!(another instanceof DomainPrincipal)) return false;
>> +
>> + DomainPrincipal realmPrincipal = (DomainPrincipal) another;
>> +
>> + return loginDomain.equals(realmPrincipal.loginDomain) &&
>> principal.equals(realmPrincipal.principal);
>> + }
>> +
>> + /**
>> + * Returns a string representation of this principal.
>> + *
>> + * @return a string representation of this principal.
>> + */
>> + public String toString() {
>> + //TODO hack to workaround bogus assumptions in some secret
>> code.
>> +// return getName();
>> + if (name == null) {
>> +
>> + StringBuffer buffer = new StringBuffer("");
>> + buffer.append(loginDomain);
>> + buffer.append(":[");
>> + buffer.append(principal.getClass().getName());
>> + buffer.append(':');
>> + buffer.append(principal.getName());
>> + buffer.append("]");
>> +
>> + name = buffer.toString();
>> + }
>> + return name;
>> + }
>> +
>> + /**
>> + * Returns a hashcode for this principal.
>> + *
>> + * @return a hashcode for this principal.
>> + */
>> + public int hashCode() {
>> + int result;
>> + result = loginDomain.hashCode();
>> + result = 29 * result + principal.hashCode();
>> + return result;
>> + }
>> +
>> + /**
>> + * Returns the name of this principal.
>> + *
>> + * @return the name of this principal.
>> + */
>> + public String getName() {
>> + //TODO hack to workaround bogus assumptions in some secret
>> code.
>> + if (name == null) {
>> +
>> + StringBuffer buffer = new StringBuffer("");
>> + buffer.append(loginDomain);
>> + buffer.append(":[");
>> + buffer.append(principal.getClass().getName());
>> + buffer.append(':');
>> + buffer.append(principal.getName());
>> + buffer.append("]");
>> +
>> + name = buffer.toString();
>> + }
>> + return name;
>> +// return principal.getName();
>> + }
>> +
>> + /**
>> + * Returns the principal that is associated with the realm.
>> + *
>> + * @return the principal that is associated with the realm.
>> + */
>> + public Principal getPrincipal() {
>> + return principal;
>> + }
>> +
>> + /**
>> + * Returns the realm that is associated with the principal.
>> + *
>> + * @return the realm that is associated with the principal.
>> + */
>> + public String getLoginDomain() {
>> + return loginDomain;
>> + }
>> +}
>> Modified:
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/PrimaryRealmPrincipal.java
>> URL:
>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/
>> java/org/apache/geronimo/security/PrimaryRealmPrincipal.java?
>> rev=315020&r1=315019&r2=315020&view=diff
>> ======================================================================
>> ========
>> ---
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/PrimaryRealmPrincipal.java (original)
>> +++
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/PrimaryRealmPrincipal.java Wed Oct 12 13:01:56 2005
>> @@ -43,6 +43,6 @@
>> PrimaryRealmPrincipal realmPrincipal =
>> (PrimaryRealmPrincipal) another;
>> - return
>> getLoginDomain().equals(realmPrincipal.getLoginDomain()) &&
>> getPrincipal().equals(realmPrincipal.getPrincipal());
>> + return getRealm().equals(realmPrincipal.getRealm()) &&
>> getPrincipal().equals(realmPrincipal.getPrincipal());
>> }
>> }
>> Modified:
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/RealmPrincipal.java
>> URL:
>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/
>> java/org/apache/geronimo/security/RealmPrincipal.java?
>> rev=315020&r1=315019&r2=315020&view=diff
>> ======================================================================
>> ========
>> ---
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/RealmPrincipal.java (original)
>> +++
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/RealmPrincipal.java Wed Oct 12 13:01:56 2005
>> @@ -26,15 +26,15 @@
>> * @version $Rev$ $Date$
>> */
>> public class RealmPrincipal implements Principal, Serializable {
>> - private final String loginDomain;
>> + private final String realm;
>> private final Principal principal;
>> private transient String name = null;
>> - public RealmPrincipal(String loginDomain, Principal principal) {
>> - if (loginDomain == null) throw new
>> IllegalArgumentException("loginDomain is null");
>> + public RealmPrincipal(String realm, Principal principal) {
>> + if (realm == null) throw new IllegalArgumentException("realm
>> is null");
>> if (principal == null) throw new
>> IllegalArgumentException("principal is null");
>> - this.loginDomain = loginDomain;
>> + this.realm = realm;
>> this.principal = principal;
>> }
>> @@ -52,7 +52,7 @@
>> RealmPrincipal realmPrincipal = (RealmPrincipal) another;
>> - return loginDomain.equals(realmPrincipal.loginDomain) &&
>> principal.equals(realmPrincipal.principal);
>> + return realm.equals(realmPrincipal.realm) &&
>> principal.equals(realmPrincipal.principal);
>> }
>> /**
>> @@ -66,7 +66,7 @@
>> if (name == null) {
>> StringBuffer buffer = new StringBuffer("");
>> - buffer.append(loginDomain);
>> + buffer.append(realm);
>> buffer.append(":[");
>> buffer.append(principal.getClass().getName());
>> buffer.append(':');
>> @@ -85,7 +85,7 @@
>> */
>> public int hashCode() {
>> int result;
>> - result = loginDomain.hashCode();
>> + result = realm.hashCode();
>> result = 29 * result + principal.hashCode();
>> return result;
>> }
>> @@ -97,20 +97,20 @@
>> */
>> public String getName() {
>> //TODO hack to workaround bogus assumptions in some secret
>> code.
>> -// if (name == null) {
>> -//
>> -// StringBuffer buffer = new StringBuffer("");
>> -// buffer.append(loginDomain);
>> -// buffer.append(":[");
>> -// buffer.append(principal.getClass().getName());
>> -// buffer.append(':');
>> -// buffer.append(principal.getName());
>> -// buffer.append("]");
>> -//
>> -// name = buffer.toString();
>> -// }
>> -// return name;
>> - return principal.getName();
>> + if (name == null) {
>> +
>> + StringBuffer buffer = new StringBuffer("");
>> + buffer.append(realm);
>> + buffer.append(":[");
>> + buffer.append(principal.getClass().getName());
>> + buffer.append(':');
>> + buffer.append(principal.getName());
>> + buffer.append("]");
>> +
>> + name = buffer.toString();
>> + }
>> + return name;
>> +// return principal.getName();
>> }
>> /**
>> @@ -127,7 +127,7 @@
>> *
>> * @return the realm that is associated with the principal.
>> */
>> - public String getLoginDomain() {
>> - return loginDomain;
>> + public String getRealm() {
>> + return realm;
>> }
>> }
>> Modified:
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/ConfigurationEntryFactory.java
>> URL:
>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/
>> java/org/apache/geronimo/security/jaas/
>> ConfigurationEntryFactory.java?
>> rev=315020&r1=315019&r2=315020&view=diff
>> ======================================================================
>> ========
>> ---
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/ConfigurationEntryFactory.java (original)
>> +++
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/ConfigurationEntryFactory.java Wed Oct 12 13:01:56 2005
>> @@ -16,6 +16,9 @@
>> */
>> package org.apache.geronimo.security.jaas;
>> +import
>> org.apache.geronimo.security.jaas.server.JaasLoginModuleConfiguration;
>> +
>> +
>> /**
>> * A factory interface used by
>> <code>GeronimoLoginConfiguration</code> to obtain
>> * <code>JaasLoginModuleConfiguration</code>s from GBean
>> configuration entries.
>> Modified:
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/DirectConfigurationEntry.java
>> URL:
>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/
>> java/org/apache/geronimo/security/jaas/DirectConfigurationEntry.java?
>> rev=315020&r1=315019&r2=315020&view=diff
>> ======================================================================
>> ========
>> ---
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/DirectConfigurationEntry.java (original)
>> +++
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/DirectConfigurationEntry.java Wed Oct 12 13:01:56 2005
>> @@ -19,6 +19,7 @@
>> import org.apache.geronimo.gbean.GBeanInfo;
>> import org.apache.geronimo.gbean.GBeanInfoBuilder;
>> import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
>> +import
>> org.apache.geronimo.security.jaas.server.JaasLoginModuleConfiguration;
>> /**
>> @@ -33,17 +34,20 @@
>> private final String applicationConfigName;
>> private final LoginModuleControlFlag controlFlag;
>> private final LoginModuleGBean module;
>> + private final boolean wrapPrincipals;
>> public DirectConfigurationEntry() {
>> this.applicationConfigName = null;
>> this.controlFlag = null;
>> this.module = null;
>> + this.wrapPrincipals = false;
>> }
>> - public DirectConfigurationEntry(String applicationConfigName,
>> LoginModuleControlFlag controlFlag, LoginModuleGBean module) {
>> + public DirectConfigurationEntry(String applicationConfigName,
>> LoginModuleControlFlag controlFlag, LoginModuleGBean module, boolean
>> wrapPrincipals) {
>> this.applicationConfigName = applicationConfigName;
>> this.controlFlag = controlFlag;
>> this.module = module;
>> + this.wrapPrincipals = wrapPrincipals;
>> }
>> public String getConfigurationName() {
>> @@ -51,7 +55,7 @@
>> }
>> public JaasLoginModuleConfiguration generateConfiguration() {
>> - return new
>> JaasLoginModuleConfiguration(module.getLoginModuleClass(),
>> controlFlag, module.getOptions(), module.isServerSide(),
>> applicationConfigName);
>> + return new
>> JaasLoginModuleConfiguration(module.getLoginModuleClass(),
>> controlFlag, module.getOptions(), module.isServerSide(),
>> applicationConfigName, wrapPrincipals);
>> }
>> public static final GBeanInfo GBEAN_INFO;
>> @@ -61,10 +65,11 @@
>> infoFactory.addInterface(ConfigurationEntryFactory.class);
>> infoFactory.addAttribute("applicationConfigName",
>> String.class, true);
>> infoFactory.addAttribute("controlFlag",
>> LoginModuleControlFlag.class, true);
>> + infoFactory.addAttribute("wrapPrincipals", boolean.class,
>> true);
>> infoFactory.addReference("Module", LoginModuleGBean.class,
>> NameFactory.LOGIN_MODULE);
>> - infoFactory.setConstructor(new
>> String[]{"applicationConfigName", "controlFlag", "Module"});
>> + infoFactory.setConstructor(new
>> String[]{"applicationConfigName", "controlFlag", "Module",
>> "wrapPrincipals"});
>> GBEAN_INFO = infoFactory.getBeanInfo();
>> }
>> Modified:
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/GeronimoLoginConfiguration.java
>> URL:
>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/
>> java/org/apache/geronimo/security/jaas/
>> GeronimoLoginConfiguration.java?
>> rev=315020&r1=315019&r2=315020&view=diff
>> ======================================================================
>> ========
>> ---
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/GeronimoLoginConfiguration.java (original)
>> +++
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/GeronimoLoginConfiguration.java Wed Oct 12 13:01:56
>> 2005
>> @@ -34,6 +34,7 @@
>> import org.apache.geronimo.gbean.ReferenceCollectionEvent;
>> import org.apache.geronimo.gbean.ReferenceCollectionListener;
>> import org.apache.geronimo.security.SecurityServiceImpl;
>> +import
>> org.apache.geronimo.security.jaas.server.JaasLoginModuleConfiguration;
>> /**
>> @@ -134,7 +135,7 @@
>> log.info("Removed Application Configuration Entry " +
>> iter.next());
>> }
>> entries.clear();
>> - +
>> log.info("Uninstalled Geronimo login configuration");
>> }
>> Modified:
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/JaasLoginModuleUse.java
>> URL:
>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/
>> java/org/apache/geronimo/security/jaas/JaasLoginModuleUse.java?
>> rev=315020&r1=315019&r2=315020&view=diff
>> ======================================================================
>> ========
>> ---
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/JaasLoginModuleUse.java (original)
>> +++
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/JaasLoginModuleUse.java Wed Oct 12 13:01:56 2005
>> @@ -16,16 +16,18 @@
>> */
>> package org.apache.geronimo.security.jaas;
>> -import java.util.Set;
>> +import java.util.HashMap;
>> import java.util.List;
>> import java.util.Map;
>> -import java.util.HashMap;
>> +import java.util.Set;
>> import org.apache.geronimo.gbean.GBeanInfo;
>> import org.apache.geronimo.gbean.GBeanInfoBuilder;
>> +import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
>> import org.apache.geronimo.kernel.Kernel;
>> import org.apache.geronimo.system.serverinfo.ServerInfo;
>> -import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
>> +import
>> org.apache.geronimo.security.jaas.server.JaasLoginModuleConfiguration;
>> +
>> /**
>> * Holds a reference to a login module and the control flag. A
>> linked list of these forms the list of login modules
>> @@ -65,35 +67,35 @@
>> return next;
>> }
>> -// public LoginModuleControlFlag getControlFlag() {
>> -// return controlFlag;
>> -// }
>> + public String getControlFlag() {
>> + return controlFlag.toString();
>> + }
>> public void configure(Set domainNames, List
>> loginModuleConfigurations, Kernel kernel, ServerInfo serverInfo,
>> ClassLoader classLoader) {
>> Map options = loginModule.getOptions();
>> - if (options != null) {
>> - options = new HashMap(options);
>> - } else {
>> - options = new HashMap();
>> - }
>> - if (kernel != null &&
>> !options.containsKey(KERNEL_LM_OPTION)) {
>> - options.put(KERNEL_LM_OPTION,
>> kernel.getKernelName());
>> - }
>> - if (serverInfo != null &&
>> !options.containsKey(SERVERINFO_LM_OPTION)) {
>> - options.put(SERVERINFO_LM_OPTION, serverInfo);
>> - }
>> - if (classLoader != null &&
>> !options.containsKey(CLASSLOADER_LM_OPTION)) {
>> - options.put(CLASSLOADER_LM_OPTION,
>> classLoader);
>> - }
>> - if (loginModule.getLoginDomainName() != null) {
>> - if
>> (domainNames.contains(loginModule.getLoginDomainName())) {
>> - throw new IllegalStateException("Error in
>> realm: one security realm cannot contain multiple login modules for
>> the same login domain");
>> - } else {
>> -
>> domainNames.add(loginModule.getLoginDomainName());
>> - }
>> - }
>> - JaasLoginModuleConfiguration config = new
>> JaasLoginModuleConfiguration(loginModule.getLoginModuleClass(),
>> controlFlag, options, loginModule.isServerSide(),
>> loginModule.getLoginDomainName());
>> - loginModuleConfigurations.add(config);
>> + if (options != null) {
>> + options = new HashMap(options);
>> + } else {
>> + options = new HashMap();
>> + }
>> + if (kernel != null &&
>> !options.containsKey(KERNEL_LM_OPTION)) {
>> + options.put(KERNEL_LM_OPTION, kernel.getKernelName());
>> + }
>> + if (serverInfo != null &&
>> !options.containsKey(SERVERINFO_LM_OPTION)) {
>> + options.put(SERVERINFO_LM_OPTION, serverInfo);
>> + }
>> + if (classLoader != null &&
>> !options.containsKey(CLASSLOADER_LM_OPTION)) {
>> + options.put(CLASSLOADER_LM_OPTION, classLoader);
>> + }
>> + if (loginModule.getLoginDomainName() != null) {
>> + if
>> (domainNames.contains(loginModule.getLoginDomainName())) {
>> + throw new IllegalStateException("Error in realm: one
>> security realm cannot contain multiple login modules for the same
>> login domain");
>> + } else {
>> + domainNames.add(loginModule.getLoginDomainName());
>> + }
>> + }
>> + JaasLoginModuleConfiguration config = new
>> JaasLoginModuleConfiguration(loginModule.getLoginModuleClass(),
>> controlFlag, options, loginModule.isServerSide(),
>> loginModule.getLoginDomainName(), loginModule.isWrapPrincipals());
>> + loginModuleConfigurations.add(config);
>> if (next != null) {
>> next.configure(domainNames, loginModuleConfigurations,
>> kernel, serverInfo, classLoader);
>> @@ -108,9 +110,9 @@
>> infoBuilder.addReference("LoginModule",
>> LoginModuleGBean.class, NameFactory.LOGIN_MODULE);
>> infoBuilder.addReference("Next", JaasLoginModuleUse.class);
>> - infoBuilder.addOperation("configure", new Class[]
>> {Set.class, List.class, Kernel.class, ServerInfo.class,
>> ClassLoader.class});
>> + infoBuilder.addOperation("configure", new Class[]{Set.class,
>> List.class, Kernel.class, ServerInfo.class, ClassLoader.class});
>> - infoBuilder.setConstructor(new String[] {"LoginModule",
>> "Next", "controlFlag"});
>> + infoBuilder.setConstructor(new String[]{"LoginModule",
>> "Next", "controlFlag"});
>> GBEAN_INFO = infoBuilder.getBeanInfo();
>> }
>> Modified:
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/LoginModuleControlFlag.java
>> URL:
>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/
>> java/org/apache/geronimo/security/jaas/LoginModuleControlFlag.java?
>> rev=315020&r1=315019&r2=315020&view=diff
>> ======================================================================
>> ========
>> ---
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/LoginModuleControlFlag.java (original)
>> +++
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/LoginModuleControlFlag.java Wed Oct 12 13:01:56 2005
>> @@ -31,22 +31,28 @@
>> private static final LoginModuleControlFlag[] values = new
>> LoginModuleControlFlag[4];
>> - public static final LoginModuleControlFlag REQUIRED = new
>> LoginModuleControlFlag(0,
>> AppConfigurationEntry.LoginModuleControlFlag.REQUIRED);
>> - public static final LoginModuleControlFlag REQUISITE = new
>> LoginModuleControlFlag(1,
>> AppConfigurationEntry.LoginModuleControlFlag.REQUISITE);
>> - public static final LoginModuleControlFlag SUFFICIENT = new
>> LoginModuleControlFlag(2,
>> AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT);
>> - public static final LoginModuleControlFlag OPTIONAL = new
>> LoginModuleControlFlag(3,
>> AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL);
>> + public static final LoginModuleControlFlag REQUIRED = new
>> LoginModuleControlFlag(0,
>> AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, "REQUIRED");
>> + public static final LoginModuleControlFlag REQUISITE = new
>> LoginModuleControlFlag(1,
>> AppConfigurationEntry.LoginModuleControlFlag.REQUISITE, "REQUISITE");
>> + public static final LoginModuleControlFlag SUFFICIENT = new
>> LoginModuleControlFlag(2,
>> AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT,
>> "SUFFICIENT");
>> + public static final LoginModuleControlFlag OPTIONAL = new
>> LoginModuleControlFlag(3,
>> AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL, "OPTIONAL");
>> private final int ordinal;
>> + private final String toString;
>> private final transient
>> AppConfigurationEntry.LoginModuleControlFlag flag;
>> - private LoginModuleControlFlag(int ordinal,
>> AppConfigurationEntry.LoginModuleControlFlag flag) {
>> + private LoginModuleControlFlag(int ordinal,
>> AppConfigurationEntry.LoginModuleControlFlag flag, String toString) {
>> this.ordinal = ordinal;
>> this.flag = flag;
>> + this.toString = toString;
>> values[ordinal] = this;
>> }
>> public AppConfigurationEntry.LoginModuleControlFlag getFlag() {
>> return flag;
>> + }
>> +
>> + public String toString() {
>> + return toString;
>> }
>> Object readResolve() throws ObjectStreamException {
>> Modified:
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/LoginModuleGBean.java
>> URL:
>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/
>> java/org/apache/geronimo/security/jaas/LoginModuleGBean.java?
>> rev=315020&r1=315019&r2=315020&view=diff
>> ======================================================================
>> ========
>> ---
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/LoginModuleGBean.java (original)
>> +++
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/LoginModuleGBean.java Wed Oct 12 13:01:56 2005
>> @@ -22,6 +22,7 @@
>> import org.apache.geronimo.gbean.GBeanInfoBuilder;
>> import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
>> +
>> /**
>> * A GBean that wraps a LoginModule, plus options to configure the
>> LoginModule.
>> * If you want to deploy the same LoginModule with different
>> options, you need
>> @@ -37,14 +38,16 @@
>> private Properties options;
>> private String objectName;
>> private boolean serverSide;
>> + private boolean wrapPrincipals;
>> public LoginModuleGBean() {
>> }
>> - - public LoginModuleGBean(String loginModuleClass, String
>> objectName, boolean serverSide) {
>> +
>> + public LoginModuleGBean(String loginModuleClass, String
>> objectName, boolean serverSide, boolean wrapPrincipals) {
>> this.loginModuleClass = loginModuleClass;
>> this.objectName = objectName;
>> this.serverSide = serverSide;
>> + this.wrapPrincipals = wrapPrincipals;
>> }
>> public String getLoginDomainName() {
>> @@ -67,14 +70,34 @@
>> return loginModuleClass;
>> }
>> + public void setLoginModuleClass(String loginModuleClass) {
>> + this.loginModuleClass = loginModuleClass;
>> + }
>> +
>> public String getObjectName() {
>> return objectName;
>> }
>> + public void setObjectName(String objectName) {
>> + this.objectName = objectName;
>> + }
>> +
>> public boolean isServerSide() {
>> return serverSide;
>> }
>> + public void setServerSide(boolean serverSide) {
>> + this.serverSide = serverSide;
>> + }
>> +
>> + public boolean isWrapPrincipals() {
>> + return wrapPrincipals;
>> + }
>> +
>> + public void setWrapPrincipals(boolean wrapPrincipals) {
>> + this.wrapPrincipals = wrapPrincipals;
>> + }
>> +
>> public static final GBeanInfo GBEAN_INFO;
>> static {
>> @@ -84,7 +107,9 @@
>> infoFactory.addAttribute("objectName", String.class, false);
>> infoFactory.addAttribute("serverSide", boolean.class, true);
>> infoFactory.addAttribute("loginDomainName", String.class,
>> true);
>> - infoFactory.setConstructor(new
>> String[]{"loginModuleClass","objectName","serverSide"});
>> + infoFactory.addAttribute("wrapPrincipals", boolean.class,
>> true);
>> + infoFactory.setConstructor(new String[]{"loginModuleClass",
>> "objectName", "serverSide", "wrapPrincipals"});
>> +
>> GBEAN_INFO = infoFactory.getBeanInfo();
>> }
>> Modified:
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/LoginUtils.java
>> URL:
>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/
>> java/org/apache/geronimo/security/jaas/LoginUtils.java?
>> rev=315020&r1=315019&r2=315020&view=diff
>> ======================================================================
>> ========
>> ---
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/LoginUtils.java (original)
>> +++
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/LoginUtils.java Wed Oct 12 13:01:56 2005
>> @@ -16,51 +16,63 @@
>> */
>> package org.apache.geronimo.security.jaas;
>> -import javax.security.auth.login.LoginException;
>> +import java.io.Externalizable;
>> +import java.io.Serializable;
>> +import java.rmi.Remote;
>> +import java.util.HashMap;
>> +import java.util.HashSet;
>> +import java.util.Iterator;
>> +import java.util.Map;
>> +import java.util.Set;
>> +import javax.security.auth.Subject;
>> +
>> +import
>> org.apache.geronimo.security.jaas.server.JaasLoginModuleConfiguration;
>> +
>> /**
>> * Helper class the computes the login result across a number of
>> separate
>> * login modules.
>> - * + *
>> * @version $Rev: 46019 $ $Date: 2004-09-14 05:56:06 -0400 (Tue, 14
>> Sep 2004) $
>> */
>> public class LoginUtils {
>> - public static boolean computeLogin(LoginModuleConfiguration[]
>> modules) throws LoginException {
>> - Boolean success = null;
>> - Boolean backup = null;
>> - // see
>> http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/login/
>> Configuration.html
>> - for(int i = 0; i < modules.length; i++) {
>> - LoginModuleConfiguration module = modules[i];
>> - boolean result = module.getModule().login();
>> - if(module.getControlFlag() ==
>> LoginModuleControlFlag.REQUIRED) {
>> - if(success == null || success.booleanValue()) {
>> - success = result ? Boolean.TRUE : Boolean.FALSE;
>> - }
>> - } else if(module.getControlFlag() ==
>> LoginModuleControlFlag.REQUISITE) {
>> - if(!result) {
>> - return false;
>> - } else if(success == null) {
>> - success = Boolean.TRUE;
>> - }
>> - } else if(module.getControlFlag() ==
>> LoginModuleControlFlag.SUFFICIENT) {
>> - if(result && (success == null ||
>> success.booleanValue())) {
>> - return true;
>> - }
>> - } else if(module.getControlFlag() ==
>> LoginModuleControlFlag.OPTIONAL) {
>> - if(backup == null || backup.booleanValue()) {
>> - backup = result ? Boolean.TRUE : Boolean.FALSE;
>> - }
>> + public static void copyPrincipals(Subject to, Subject from) {
>> + to.getPrincipals().addAll(from.getPrincipals());
>> + }
>> +
>> + public static Map getSerializableCopy(Map from) {
>> + Map to = new HashMap();
>> + for (Iterator it = from.keySet().iterator(); it.hasNext();) {
>> + String key = (String) it.next();
>> + Object value = from.get(key);
>> + if (value instanceof Serializable || value instanceof
>> Externalizable || value instanceof Remote) {
>> + to.put(key, value);
>> }
>> }
>> - // all required and requisite modules succeeded, or at least
>> one required module failed
>> - if(success != null) {
>> - return success.booleanValue();
>> - }
>> - // no required or requisite modules, no sufficient modules
>> succeeded, fall back to optional modules
>> - if(backup != null) {
>> - return backup.booleanValue();
>> + return to;
>> + }
>> +
>> + public static Set getSerializableCopy(Set from) {
>> + Set to = new HashSet();
>> + for (Iterator it = from.iterator(); it.hasNext();) {
>> + Object value = it.next();
>> + if (value instanceof Serializable || value instanceof
>> Externalizable || value instanceof Remote) {
>> + to.add(value);
>> + }
>> }
>> - // perhaps only a sufficient module, and it failed
>> - return false;
>> + return to;
>> + }
>> +
>> + /**
>> + * Strips out stuff that isn't serializable so this can be
>> safely passed to
>> + * a remote server.
>> + */
>> + public static JaasLoginModuleConfiguration
>> getSerializableCopy(JaasLoginModuleConfiguration config) {
>> + return new
>> JaasLoginModuleConfiguration(config.getLoginModuleClassName(),
>> + config.getFlag(),
>> +
>> LoginUtils.getSerializableCopy(config.getOptions()),
>> +
>> config.isServerSide(),
>> +
>> config.getLoginDomainName(),
>> +
>> config.isWrapPrincipals());
>> }
>> }
>> Modified:
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/ServerRealmConfigurationEntry.java
>> URL:
>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/
>> java/org/apache/geronimo/security/jaas/
>> ServerRealmConfigurationEntry.java?
>> rev=315020&r1=315019&r2=315020&view=diff
>> ======================================================================
>> ========
>> ---
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/ServerRealmConfigurationEntry.java (original)
>> +++
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/ServerRealmConfigurationEntry.java Wed Oct 12 13:01:56
>> 2005
>> @@ -22,6 +22,9 @@
>> import org.apache.geronimo.gbean.GBeanInfoBuilder;
>> import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
>> import org.apache.geronimo.kernel.Kernel;
>> +import
>> org.apache.geronimo.security.jaas.server.JaasLoginServiceMBean;
>> +import
>> org.apache.geronimo.security.jaas.server.JaasLoginModuleConfiguration;
>> +import org.apache.geronimo.security.jaas.client.JaasLoginCoordinator;
>> /**
>> @@ -37,6 +40,7 @@
>> private final String realmName;
>> private final Kernel kernel;
>> private final JaasLoginServiceMBean loginService;
>> + private boolean wrapPrincipals;
>> public ServerRealmConfigurationEntry() {
>> this.applicationConfigName = null;
>> @@ -48,10 +52,10 @@
>> public ServerRealmConfigurationEntry(String
>> applicationConfigName, String realmName, Kernel kernel,
>> JaasLoginServiceMBean loginService) {
>> this.applicationConfigName = applicationConfigName;
>> this.realmName = realmName;
>> - if(applicationConfigName == null || realmName == null) {
>> + if (applicationConfigName == null || realmName == null) {
>> throw new
>> IllegalArgumentException("applicationConfigName and realmName are
>> required");
>> }
>> - if(applicationConfigName.equals(realmName)) {
>> + if (applicationConfigName.equals(realmName)) {
>> throw new
>> IllegalArgumentException("applicationConfigName must be different
>> than realmName (there's an automatic entry using the same name as the
>> realm name, so you don't need a ServerRealmConfigurationEntry if
>> you're just going to use that!)");
>> }
>> this.kernel = kernel;
>> @@ -62,6 +66,14 @@
>> return applicationConfigName;
>> }
>> + public boolean isWrapPrincipals() {
>> + return wrapPrincipals;
>> + }
>> +
>> + public void setWrapPrincipals(boolean wrapPrincipals) {
>> + this.wrapPrincipals = wrapPrincipals;
>> + }
>> +
>> public JaasLoginModuleConfiguration generateConfiguration() {
>> Properties options = new Properties();
>> options.put(JaasLoginCoordinator.OPTION_REALM, realmName);
>> @@ -73,7 +85,7 @@
>> options.put("realm", realmName);
>> options.put("kernel", kernel.getKernelName());
>> - return new
>> JaasLoginModuleConfiguration(JaasLoginCoordinator.class.getName(),
>> LoginModuleControlFlag.REQUIRED, options, true,
>> applicationConfigName);
>> + return new
>> JaasLoginModuleConfiguration(JaasLoginCoordinator.class.getName(),
>> LoginModuleControlFlag.REQUIRED, options, true,
>> applicationConfigName, wrapPrincipals);
>> }
>> public static final GBeanInfo GBEAN_INFO;
>> @@ -85,6 +97,7 @@
>> infoFactory.addAttribute("realmName", String.class, true);
>> infoFactory.addAttribute("kernel", Kernel.class, false);
>> infoFactory.addReference("LoginService",
>> JaasLoginServiceMBean.class, "JaasLoginService");
>> + infoFactory.addAttribute("wrapPrincipals", Boolean.TYPE,
>> true);
>> infoFactory.setConstructor(new
>> String[]{"applicationConfigName", "realmName", "kernel",
>> "LoginService"});
>> GBEAN_INFO = infoFactory.getBeanInfo();
>> Added:
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/client/ClientLoginModuleProxy.java
>> URL:
>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/
>> java/org/apache/geronimo/security/jaas/client/
>> ClientLoginModuleProxy.java?rev=315020&view=auto
>> ======================================================================
>> ========
>> ---
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/client/ClientLoginModuleProxy.java (added)
>> +++
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/client/ClientLoginModuleProxy.java Wed Oct 12 13:01:56
>> 2005
>> @@ -0,0 +1,65 @@
>> +/**
>> + *
>> + * Copyright 2005 The Apache Software Foundation
>> + *
>> + * Licensed under the Apache License, Version 2.0 (the "License");
>> + * you may not use this file except in compliance with the License.
>> + * You may obtain a copy of the License at
>> + *
>> + * http://www.apache.org/licenses/LICENSE-2.0
>> + *
>> + * Unless required by applicable law or agreed to in writing,
>> software
>> + * distributed under the License is distributed on an "AS IS" BASIS,
>> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
>> implied.
>> + * See the License for the specific language governing permissions
>> and
>> + * limitations under the License.
>> + */
>> +package org.apache.geronimo.security.jaas.client;
>> +
>> +import java.util.Map;
>> +import javax.security.auth.Subject;
>> +import javax.security.auth.callback.CallbackHandler;
>> +import javax.security.auth.login.LoginException;
>> +import javax.security.auth.spi.LoginModule;
>> +
>> +import org.apache.geronimo.security.jaas.LoginModuleControlFlag;
>> +
>> +
>> +/**
>> + * @version $Revision: $ $Date: $
>> + */
>> +public class ClientLoginModuleProxy extends LoginModuleProxy
>> +{
>> + private final LoginModule source;
>> +
>> + public ClientLoginModuleProxy(LoginModuleControlFlag
>> controlFlag, Subject subject, LoginModule source)
>> + {
>> + super(controlFlag, subject);
>> + this.source = source;
>> + }
>> +
>> + public void initialize(Subject subject, CallbackHandler
>> callbackHandler, Map sharedState, Map options)
>> + {
>> + source.initialize(subject, callbackHandler, sharedState,
>> options);
>> + }
>> +
>> + public boolean login() throws LoginException
>> + {
>> + return source.login();
>> + }
>> +
>> + public boolean commit() throws LoginException
>> + {
>> + return source.commit();
>> + }
>> +
>> + public boolean abort() throws LoginException
>> + {
>> + return source.abort();
>> + }
>> +
>> + public boolean logout() throws LoginException
>> + {
>> + return source.logout();
>> + }
>> +}
>> \ No newline at end of file
>> Copied:
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/client/JaasLoginCoordinator.java (from r289678,
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/JaasLoginCoordinator.java)
>> URL:
>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/
>> java/org/apache/geronimo/security/jaas/client/
>> JaasLoginCoordinator.java?p2=geronimo/trunk/modules/security/src/
>> java/org/apache/geronimo/security/jaas/client/
>> JaasLoginCoordinator.java&p1=geronimo/trunk/modules/security/src/
>> java/org/apache/geronimo/security/jaas/
>> JaasLoginCoordinator.java&r1=289678&r2=315020&rev=315020&view=diff
>> ======================================================================
>> ========
>> ---
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/JaasLoginCoordinator.java (original)
>> +++
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/client/JaasLoginCoordinator.java Wed Oct 12 13:01:56
>> 2005
>> @@ -1,6 +1,6 @@
>> /**
>> *
>> - * Copyright 2003-2004 The Apache Software Foundation
>> + * Copyright 2003-2005 The Apache Software Foundation
>> *
>> * Licensed under the Apache License, Version 2.0 (the "License");
>> * you may not use this file except in compliance with the License.
>> @@ -14,26 +14,25 @@
>> * See the License for the specific language governing permissions
>> and
>> * limitations under the License.
>> */
>> -package org.apache.geronimo.security.jaas;
>> +package org.apache.geronimo.security.jaas.client;
>> -import java.security.Principal;
>> -import java.util.ArrayList;
>> import java.util.HashMap;
>> -import java.util.HashSet;
>> -import java.util.Iterator;
>> -import java.util.List;
>> import java.util.Map;
>> import java.util.Set;
>> import javax.management.MalformedObjectNameException;
>> import javax.management.ObjectName;
>> import javax.security.auth.Subject;
>> -import javax.security.auth.callback.Callback;
>> import javax.security.auth.callback.CallbackHandler;
>> import javax.security.auth.login.LoginException;
>> import javax.security.auth.spi.LoginModule;
>> import org.apache.geronimo.kernel.Kernel;
>> import org.apache.geronimo.kernel.KernelRegistry;
>> +import org.apache.geronimo.security.jaas.server.JaasSessionId;
>> +import
>> org.apache.geronimo.security.jaas.server.JaasLoginModuleConfiguration;
>> +import org.apache.geronimo.security.jaas.LoginModuleControlFlag;
>> +import org.apache.geronimo.security.jaas.LoginUtils;
>> +import
>> org.apache.geronimo.security.jaas.server.JaasLoginServiceMBean;
>> import
>> org.apache.geronimo.security.remoting.jmx.JaasLoginServiceRemotingClie
>> nt;
>> @@ -64,9 +63,10 @@
>> private JaasLoginServiceMBean service;
>> private CallbackHandler handler;
>> private Subject subject;
>> - private Set processedPrincipals = new HashSet();
>> - private JaasClientId clientHandle;
>> - LoginModuleConfiguration[] workers;
>> + private JaasSessionId sessionHandle;
>> + private LoginModuleProxy[] proxies;
>> + private final Map sharedState = new HashMap();
>> +
>> public void initialize(Subject subject, CallbackHandler
>> callbackHandler, Map sharedState, Map options) {
>> serverHost = (String) options.get(OPTION_HOST);
>> @@ -89,47 +89,48 @@
>> } else {
>> this.subject = subject;
>> }
>> - //todo: shared state
>> }
>> public boolean login() throws LoginException {
>> - clientHandle = service.connectToRealm(realmName);
>> - JaasLoginModuleConfiguration[] config =
>> service.getLoginConfiguration(clientHandle);
>> - workers = new LoginModuleConfiguration[config.length];
>> + sessionHandle = service.connectToRealm(realmName);
>> + JaasLoginModuleConfiguration[] config =
>> service.getLoginConfiguration(sessionHandle);
>> + proxies = new LoginModuleProxy[config.length];
>> - for (int i = 0; i < workers.length; i++) {
>> - LoginModule wrapper;
>> + for (int i = 0; i < proxies.length; i++) {
>> if (config[i].isServerSide()) {
>> - wrapper = new ServerLoginModule(i);
>> + proxies[i] = new
>> ServerLoginProxy(config[i].getFlag(), subject, i, service,
>> sessionHandle);
>> } else {
>> LoginModule source =
>> config[i].getLoginModule(JaasLoginCoordinator.class.getClassLoader());
>> - wrapper = new ClientLoginModule(source, i);
>> + if (config[i].isWrapPrincipals()) {
>> + proxies[i] = new
>> WrappingClientLoginModuleProxy(config[i].getFlag(), subject, source,
>> config[i].getLoginDomainName(), realmName);
>> + } else {
>> + proxies[i] = new
>> ClientLoginModuleProxy(config[i].getFlag(), subject, source);
>> + }
>> }
>> - workers[i] = new LoginModuleConfiguration(wrapper,
>> config[i].getFlag());
>> - workers[i].getModule().initialize(subject, handler, new
>> HashMap(), config[i].getOptions());
>> + proxies[i].initialize(subject, handler, sharedState,
>> config[i].getOptions());
>> + syncSharedState();
>> }
>> - return performLogin(workers);
>> + return performLogin();
>> }
>> public boolean commit() throws LoginException {
>> - for (int i = 0; i < workers.length; i++) {
>> - workers[i].getModule().commit();
>> - }
>> - Principal[] principals =
>> service.loginSucceeded(clientHandle);
>> - for (int i = 0; i < principals.length; i++) {
>> - Principal principal = principals[i];
>> - subject.getPrincipals().add(principal);
>> + for (int i = 0; i < proxies.length; i++) {
>> + proxies[i].commit();
>> + syncSharedState();
>> + syncPrincipals();
>> }
>> +
>> subject.getPrincipals().add(service.loginSucceeded(sessionHandle));
>> return true;
>> }
>> public boolean abort() throws LoginException {
>> try {
>> - for (int i = 0; i < workers.length; i++) {
>> - workers[i].getModule().abort();
>> + for (int i = 0; i < proxies.length; i++) {
>> + proxies[i].abort();
>> + syncSharedState();
>> }
>> } finally {
>> - service.loginFailed(clientHandle);
>> + service.loginFailed(sessionHandle);
>> }
>> clear();
>> return true;
>> @@ -137,11 +138,12 @@
>> public boolean logout() throws LoginException {
>> try {
>> - for (int i = 0; i < workers.length; i++) {
>> - workers[i].getModule().logout();
>> + for (int i = 0; i < proxies.length; i++) {
>> + proxies[i].logout();
>> + syncSharedState();
>> }
>> } finally {
>> - service.logout(clientHandle);
>> + service.logout(sessionHandle);
>> }
>> clear();
>> return true;
>> @@ -159,9 +161,8 @@
>> service = null;
>> handler = null;
>> subject = null;
>> - processedPrincipals.clear();
>> - clientHandle = null;
>> - workers = null;
>> + sessionHandle = null;
>> + proxies = null;
>> }
>> private JaasLoginServiceMBean connect() {
>> @@ -176,32 +177,33 @@
>> /**
>> * See
>> http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/login/
>> Configuration.html
>> *
>> - * @param modules
>> * @return
>> * @throws LoginException
>> */
>> - private static boolean performLogin(LoginModuleConfiguration[]
>> modules) throws LoginException {
>> + private boolean performLogin() throws LoginException {
>> Boolean success = null;
>> Boolean backup = null;
>> - for (int i = 0; i < modules.length; i++) {
>> - LoginModuleConfiguration module = modules[i];
>> - boolean result = module.getModule().login();
>> - if (module.getControlFlag() ==
>> LoginModuleControlFlag.REQUIRED) {
>> + for (int i = 0; i < proxies.length; i++) {
>> + LoginModuleProxy proxy = proxies[i];
>> + boolean result = proxy.login();
>> + syncSharedState();
>> +
>> + if (proxy.getControlFlag() ==
>> LoginModuleControlFlag.REQUIRED) {
>> if (success == null || success.booleanValue()) {
>> success = result ? Boolean.TRUE : Boolean.FALSE;
>> }
>> - } else if (module.getControlFlag() ==
>> LoginModuleControlFlag.REQUISITE) {
>> + } else if (proxy.getControlFlag() ==
>> LoginModuleControlFlag.REQUISITE) {
>> if (!result) {
>> return false;
>> } else if (success == null) {
>> success = Boolean.TRUE;
>> }
>> - } else if (module.getControlFlag() ==
>> LoginModuleControlFlag.SUFFICIENT) {
>> + } else if (proxy.getControlFlag() ==
>> LoginModuleControlFlag.SUFFICIENT) {
>> if (result && (success == null ||
>> success.booleanValue())) {
>> return true;
>> }
>> - } else if (module.getControlFlag() ==
>> LoginModuleControlFlag.OPTIONAL) {
>> + } else if (proxy.getControlFlag() ==
>> LoginModuleControlFlag.OPTIONAL) {
>> if (backup == null || backup.booleanValue()) {
>> backup = result ? Boolean.TRUE : Boolean.FALSE;
>> }
>> @@ -219,106 +221,13 @@
>> return false;
>> }
>> - private class ClientLoginModule implements LoginModule {
>> - private LoginModule source;
>> - int index;
>> -
>> - public ClientLoginModule(LoginModule source, int index) {
>> - this.source = source;
>> - this.index = index;
>> - }
>> -
>> - public void initialize(Subject subject, CallbackHandler
>> callbackHandler, Map sharedState, Map options) {
>> - source.initialize(subject, callbackHandler, sharedState,
>> options);
>> - }
>> -
>> - public boolean login() throws LoginException {
>> - return source.login();
>> - }
>> -
>> - /**
>> - * Commit the LoginModule that is being wrapped. Send the
>> resulting
>> - * principals that are obtained back to the server.
>> - *
>> - * @return true if this method succeeded, or false if this
>> - * <code>LoginModule</code> should be ignored.
>> - * @throws LoginException if commit fails
>> - */
>> - public boolean commit() throws LoginException {
>> - boolean result = source.commit();
>> - List list = new ArrayList();
>> - for (Iterator it = subject.getPrincipals().iterator();
>> it.hasNext();) {
>> - Principal p = (Principal) it.next();
>> - if (!processedPrincipals.contains(p)) {
>> - list.add(p);
>> - processedPrincipals.add(p);
>> - }
>> - }
>> - service.clientLoginModuleCommit(clientHandle, index,
>> (Principal[]) list.toArray(new Principal[list.size()]));
>> - return result;
>> - }
>> -
>> - public boolean abort() throws LoginException {
>> - return source.abort();
>> - }
>> -
>> - public boolean logout() throws LoginException {
>> - return source.logout();
>> - }
>> + private void syncSharedState() throws LoginException {
>> + Map map = service.syncShareState(sessionHandle,
>> LoginUtils.getSerializableCopy(sharedState));
>> + sharedState.putAll(map);
>> }
>> - private class ServerLoginModule implements LoginModule {
>> - int index;
>> - CallbackHandler handler;
>> - Callback[] callbacks;
>> -
>> - public ServerLoginModule(int index) {
>> - this.index = index;
>> - }
>> -
>> - public void initialize(Subject subject, CallbackHandler
>> handler, Map sharedState, Map options) {
>> - this.handler = handler;
>> - }
>> -
>> - /**
>> - * Perform a login on the server side.
>> - * <p/>
>> - * Here we get the Callbacks from the server side, pass them
>> to the
>> - * local handler so that they may be filled. We pass the
>> resulting
>> - * set of Callbacks back to the server.
>> - *
>> - * @return true if the authentication succeeded, or false if
>> this
>> - * <code>LoginModule</code> should be ignored.
>> - * @throws LoginException if the authentication fails
>> - */
>> - public boolean login() throws LoginException {
>> - try {
>> - callbacks =
>> service.getServerLoginCallbacks(clientHandle, index);
>> - if (handler != null) {
>> - handler.handle(callbacks);
>> - } else if (callbacks != null && callbacks.length >
>> 0) {
>> - System.err.println("No callback handler
>> available for " + callbacks.length + " callbacks!");
>> - }
>> - return service.performServerLogin(clientHandle,
>> index, callbacks);
>> - } catch (LoginException le) {
>> - throw le;
>> - } catch (Exception e) {
>> - LoginException le = new LoginException("Error
>> filling callback list");
>> - le.initCause(e);
>> - throw le;
>> - }
>> - }
>> -
>> - public boolean commit() throws LoginException {
>> - return service.serverLoginModuleCommit(clientHandle,
>> index);
>> - }
>> -
>> - public boolean abort() throws LoginException {
>> - return false; // taken care of with a single call to the
>> server
>> - }
>> -
>> - public boolean logout() throws LoginException {
>> - return false; // taken care of with a single call to the
>> server
>> - }
>> + private void syncPrincipals() throws LoginException {
>> + Set principals = service.syncPrincipals(sessionHandle,
>> subject.getPrincipals());
>> + subject.getPrincipals().addAll(principals);
>> }
>> }
>> Added:
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/client/LoginModuleProxy.java
>> URL:
>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/
>> java/org/apache/geronimo/security/jaas/client/LoginModuleProxy.java?
>> rev=315020&view=auto
>> ======================================================================
>> ========
>> ---
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/client/LoginModuleProxy.java (added)
>> +++
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/client/LoginModuleProxy.java Wed Oct 12 13:01:56 2005
>> @@ -0,0 +1,43 @@
>> +/**
>> + *
>> + * Copyright 2005 The Apache Software Foundation
>> + *
>> + * Licensed under the Apache License, Version 2.0 (the "License");
>> + * you may not use this file except in compliance with the License.
>> + * You may obtain a copy of the License at
>> + *
>> + * http://www.apache.org/licenses/LICENSE-2.0
>> + *
>> + * Unless required by applicable law or agreed to in writing,
>> software
>> + * distributed under the License is distributed on an "AS IS" BASIS,
>> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
>> implied.
>> + * See the License for the specific language governing permissions
>> and
>> + * limitations under the License.
>> + */
>> +package org.apache.geronimo.security.jaas.client;
>> +
>> +import javax.security.auth.Subject;
>> +import javax.security.auth.spi.LoginModule;
>> +
>> +import org.apache.geronimo.security.jaas.server.JaasSessionId;
>> +import
>> org.apache.geronimo.security.jaas.server.JaasLoginServiceMBean;
>> +import org.apache.geronimo.security.jaas.LoginModuleControlFlag;
>> +
>> +
>> +/**
>> + * @version $Revision: $ $Date: $
>> + */
>> +public abstract class LoginModuleProxy implements LoginModule {
>> + final protected LoginModuleControlFlag controlFlag;
>> + final protected Subject subject;
>> +
>> + public LoginModuleProxy(LoginModuleControlFlag controlFlag,
>> Subject subject)
>> + {
>> + this.controlFlag = controlFlag;
>> + this.subject = subject;
>> + }
>> +
>> + public LoginModuleControlFlag getControlFlag() {
>> + return controlFlag;
>> + }
>> +}
>> Added:
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/client/ServerLoginProxy.java
>> URL:
>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/
>> java/org/apache/geronimo/security/jaas/client/ServerLoginProxy.java?
>> rev=315020&view=auto
>> ======================================================================
>> ========
>> ---
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/client/ServerLoginProxy.java (added)
>> +++
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/client/ServerLoginProxy.java Wed Oct 12 13:01:56 2005
>> @@ -0,0 +1,92 @@
>> +/**
>> + *
>> + * Copyright 2005 The Apache Software Foundation
>> + *
>> + * Licensed under the Apache License, Version 2.0 (the "License");
>> + * you may not use this file except in compliance with the License.
>> + * You may obtain a copy of the License at
>> + *
>> + * http://www.apache.org/licenses/LICENSE-2.0
>> + *
>> + * Unless required by applicable law or agreed to in writing,
>> software
>> + * distributed under the License is distributed on an "AS IS" BASIS,
>> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
>> implied.
>> + * See the License for the specific language governing permissions
>> and
>> + * limitations under the License.
>> + */
>> +package org.apache.geronimo.security.jaas.client;
>> +
>> +import java.util.Map;
>> +import javax.security.auth.Subject;
>> +import javax.security.auth.callback.Callback;
>> +import javax.security.auth.callback.CallbackHandler;
>> +import javax.security.auth.login.LoginException;
>> +
>> +import org.apache.geronimo.security.jaas.server.JaasSessionId;
>> +import
>> org.apache.geronimo.security.jaas.server.JaasLoginServiceMBean;
>> +import org.apache.geronimo.security.jaas.LoginModuleControlFlag;
>> +
>> +
>> +/**
>> + * @version $Revision: $ $Date: $
>> + */
>> +public class ServerLoginProxy extends LoginModuleProxy {
>> + CallbackHandler handler;
>> + Callback[] callbacks;
>> + private final int lmIndex;
>> + private final JaasLoginServiceMBean service;
>> + private final JaasSessionId sessionHandle;
>> +
>> + public ServerLoginProxy(LoginModuleControlFlag controlFlag,
>> Subject subject, int lmIndex,
>> + JaasLoginServiceMBean service,
>> JaasSessionId sessionHandle)
>> + {
>> + super(controlFlag, subject);
>> + this.lmIndex = lmIndex;
>> + this.service = service;
>> + this.sessionHandle = sessionHandle;
>> + }
>> +
>> + public void initialize(Subject subject, CallbackHandler handler,
>> Map sharedState, Map options) {
>> + this.handler = handler;
>> + }
>> +
>> + /**
>> + * Perform a login on the server side.
>> + * <p/>
>> + * Here we get the Callbacks from the server side, pass them to
>> the
>> + * local handler so that they may be filled. We pass the
>> resulting
>> + * set of Callbacks back to the server.
>> + *
>> + * @return true if the authentication succeeded, or false if this
>> + * <code>LoginModule</code> should be ignored.
>> + * @throws javax.security.auth.login.LoginException
>> + * if the authentication fails
>> + */
>> + public boolean login() throws LoginException {
>> + try {
>> + callbacks =
>> service.getServerLoginCallbacks(sessionHandle, lmIndex);
>> + if (handler != null) {
>> + handler.handle(callbacks);
>> + } else if (callbacks != null && callbacks.length > 0) {
>> + System.err.println("No callback handler available
>> for " + callbacks.length + " callbacks!");
>> + }
>> + return service.performLogin(sessionHandle, lmIndex,
>> callbacks);
>> + } catch (Exception e) {
>> + LoginException le = new LoginException("Error filling
>> callback list");
>> + le.initCause(e);
>> + throw le;
>> + }
>> + }
>> +
>> + public boolean commit() throws LoginException {
>> + return service.performCommit(sessionHandle, lmIndex);
>> + }
>> +
>> + public boolean abort() throws LoginException {
>> + return false; // taken care of with a single call to the
>> server
>> + }
>> +
>> + public boolean logout() throws LoginException {
>> + return false; // taken care of with a single call to the
>> server
>> + }
>> +}
>> \ No newline at end of file
>> Added:
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/client/WrappingClientLoginModuleProxy.java
>> URL:
>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/
>> java/org/apache/geronimo/security/jaas/client/
>> WrappingClientLoginModuleProxy.java?rev=315020&view=auto
>> ======================================================================
>> ========
>> ---
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/client/WrappingClientLoginModuleProxy.java (added)
>> +++
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/client/WrappingClientLoginModuleProxy.java Wed Oct 12
>> 13:01:56 2005
>> @@ -0,0 +1,78 @@
>> +/**
>> + *
>> + * Copyright 2005 The Apache Software Foundation
>> + *
>> + * Licensed under the Apache License, Version 2.0 (the "License");
>> + * you may not use this file except in compliance with the License.
>> + * You may obtain a copy of the License at
>> + *
>> + * http://www.apache.org/licenses/LICENSE-2.0
>> + *
>> + * Unless required by applicable law or agreed to in writing,
>> software
>> + * distributed under the License is distributed on an "AS IS" BASIS,
>> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
>> implied.
>> + * See the License for the specific language governing permissions
>> and
>> + * limitations under the License.
>> + */
>> +package org.apache.geronimo.security.jaas.client;
>> +
>> +import java.security.Principal;
>> +import java.util.HashSet;
>> +import java.util.Iterator;
>> +import java.util.Map;
>> +import java.util.Set;
>> +import javax.security.auth.Subject;
>> +import javax.security.auth.callback.CallbackHandler;
>> +import javax.security.auth.login.LoginException;
>> +import javax.security.auth.spi.LoginModule;
>> +
>> +import org.apache.geronimo.security.DomainPrincipal;
>> +import org.apache.geronimo.security.RealmPrincipal;
>> +import org.apache.geronimo.security.jaas.LoginModuleControlFlag;
>> +
>> +
>> +/**
>> + * @version $Revision: $ $Date: $
>> + */
>> +public class WrappingClientLoginModuleProxy extends
>> ClientLoginModuleProxy {
>> + private final String loginDomainName;
>> + private final String realmName;
>> + private final Subject localSubject = new Subject();
>> +
>> + public WrappingClientLoginModuleProxy(LoginModuleControlFlag
>> controlFlag, Subject subject, LoginModule source,
>> + String loginDomainName,
>> String realmName)
>> + {
>> + super(controlFlag, subject, source);
>> + this.loginDomainName = loginDomainName;
>> + this.realmName = realmName;
>> + }
>> +
>> + public void initialize(Subject subject, CallbackHandler
>> callbackHandler, Map sharedState, Map options) {
>> + super.initialize(localSubject, callbackHandler, sharedState,
>> options);
>> + }
>> +
>> + public boolean commit() throws LoginException {
>> + boolean result = super.commit();
>> +
>> + Set wrapped = new HashSet();
>> + for (Iterator iter = subject.getPrincipals().iterator();
>> iter.hasNext();) {
>> + DomainPrincipal dPrincipal = new
>> DomainPrincipal(loginDomainName, (Principal) iter.next());
>> +
>> + wrapped.add(dPrincipal);
>> + wrapped.add(new RealmPrincipal(realmName, dPrincipal));
>> + }
>> + localSubject.getPrincipals().addAll(wrapped);
>> + subject.getPrincipals().addAll(localSubject.getPrincipals());
>> +
>> + return result;
>> + }
>> +
>> + public boolean logout() throws LoginException {
>> + boolean result = super.logout();
>> +
>> +
>> subject.getPrincipals().removeAll(localSubject.getPrincipals());
>> + localSubject.getPrincipals().clear();
>> +
>> + return result;
>> + }
>> +}
>> \ No newline at end of file
>> Copied:
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/server/DecouplingCallbackHandler.java (from r289678,
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/DecouplingCallbackHandler.java)
>> URL:
>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/
>> java/org/apache/geronimo/security/jaas/server/
>> DecouplingCallbackHandler.java?p2=geronimo/trunk/modules/security/
>> src/java/org/apache/geronimo/security/jaas/server/
>> DecouplingCallbackHandler.java&p1=geronimo/trunk/modules/security/
>> src/java/org/apache/geronimo/security/jaas/
>> DecouplingCallbackHandler.java&r1=289678&r2=315020&rev=315020&view=dif
>> f
>> ======================================================================
>> ========
>> ---
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/DecouplingCallbackHandler.java (original)
>> +++
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/server/DecouplingCallbackHandler.java Wed Oct 12
>> 13:01:56 2005
>> @@ -14,7 +14,7 @@
>> * See the License for the specific language governing permissions
>> and
>> * limitations under the License.
>> */
>> -package org.apache.geronimo.security.jaas;
>> +package org.apache.geronimo.security.jaas.server;
>> import javax.security.auth.callback.Callback;
>> import javax.security.auth.callback.CallbackHandler;
>> Copied:
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/server/ExpiredLoginModuleException.java (from r289678,
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/ExpiredLoginModuleException.java)
>> URL:
>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/
>> java/org/apache/geronimo/security/jaas/server/
>> ExpiredLoginModuleException.java?p2=geronimo/trunk/modules/security/
>> src/java/org/apache/geronimo/security/jaas/server/
>> ExpiredLoginModuleException.java&p1=geronimo/trunk/modules/security/
>> src/java/org/apache/geronimo/security/jaas/
>> ExpiredLoginModuleException.java&r1=289678&r2=315020&rev=315020&view=d
>> iff
>> ======================================================================
>> ========
>> ---
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/ExpiredLoginModuleException.java (original)
>> +++
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/server/ExpiredLoginModuleException.java Wed Oct 12
>> 13:01:56 2005
>> @@ -15,7 +15,7 @@
>> * limitations under the License.
>> */
>> -package org.apache.geronimo.security.jaas;
>> +package org.apache.geronimo.security.jaas.server;
>> import javax.security.auth.login.LoginException;
>> Propchange:
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/server/ExpiredLoginModuleException.java
>> ----------------------------------------------------------------------
>> --------
>> svn:eol-style = native
>> Propchange:
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/server/ExpiredLoginModuleException.java
>> ----------------------------------------------------------------------
>> --------
>> svn:keywords = author date id rev
>> Copied:
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/server/JaasLoginModuleConfiguration.java (from r289678,
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/JaasLoginModuleConfiguration.java)
>> URL:
>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/
>> java/org/apache/geronimo/security/jaas/server/
>> JaasLoginModuleConfiguration.java?p2=geronimo/trunk/modules/security/
>> src/java/org/apache/geronimo/security/jaas/server/
>> JaasLoginModuleConfiguration.java&p1=geronimo/trunk/modules/security/
>> src/java/org/apache/geronimo/security/jaas/
>> JaasLoginModuleConfiguration.java&r1=289678&r2=315020&rev=315020&view=
>> diff
>> ======================================================================
>> ========
>> ---
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/JaasLoginModuleConfiguration.java (original)
>> +++
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/
>> security/jaas/server/JaasLoginModuleConfiguration.java Wed Oct 12
>> 13:01:56 2005
>> @@ -14,17 +14,15 @@
>> * See the License for the specific language governing permissions
>> and
>> * limitations under the License.
>> */
>> -package org.apache.geronimo.security.jaas;
>> +package org.apache.geronimo.security.jaas.server;
>> -import java.io.Externalizable;
>> import java.io.Serializable;
>> -import java.rmi.Remote;
>> -import java.util.HashMap;
>> -import java.util.Iterator;
>> import java.util.Map;
>> import javax.security.auth.spi.LoginModule;
>> import org.apache.geronimo.common.GeronimoSecurityException;
>> +import org.apache.geronimo.security.jaas.LoginModuleControlFlag;
>> +
>> /**
>> * Describes the configuration of a LoginModule -- its name, class,
>> control
>> @@ -34,22 +32,26 @@
>> * @version $Rev: 46019 $ $Date: 2004-09-14 05:56:06 -0400 (Tue, 14
>> Sep 2004) $
>> */
>> public class JaasLoginModuleConfiguration implements Serializable {
>> - private boolean serverSide;
>> - private String loginDomainName;
>> - private LoginModuleControlFlag flag;
>> - private String loginModuleName;
>> - private Map options;
>> -
>> - public JaasLoginModuleConfiguration(String loginModuleName,
>> LoginModuleControlFlag flag, Map options, boolean serverSide, String
>> loginDomainName) {
>> + private final boolean serverSide;
>> + private final String loginDomainName;
>> + private final LoginModuleControlFlag flag;
>> + private final String loginModuleName;
>> + private final Map options;
>> + private final boolean wrapPrincipals;
>> +
>> + public JaasLoginModuleConfiguration(String loginModuleName,
>> LoginModuleControlFlag flag, Map options,
>> + boolean serverSide, String
>> loginDomainName, boolean wrapPrincipals)
>> + {
>> this.serverSide = serverSide;
>> this.flag = flag;
>> this.loginModuleName = loginModuleName;
>> this.options = options;
>> this.loginDomainName = loginDomainName;
>> + this.wrapPrincipals = wrapPrincipals;
>> }
>> public JaasLoginModuleConfiguration(String loginModuleName,
>> LoginModuleControlFlag flag, Map options, boolean serverSide) {
>> - this(loginModuleName, flag, options, serverSide, null);
>> + this(loginModuleName, flag, options, serverSide, null,
>> false);
>> }
>> public String getLoginModuleClassName() {
>> @@ -80,20 +82,7 @@
>> return loginDomainName;
>> }
>> - /**
>> - * Strips out stuff that isn't serializable so this can be
>> safely passed to
>> - * a remote server.
>> - */
>> - public JaasLoginModuleConfiguration getSerializableCopy() {
>> - Map other = new HashMap();
>> - for (Iterator it = options.keySet().iterator();
>> it.hasNext();) {
>> - String key = (String) it.next();
>> - Object value = options.get(key);
>> - if (value instanceof Serializable || value instanceof
>> Externalizable || value instanceof Remote) {
>> - other.put(key, value);
>> - }
>> - }
>> -
>> - return new JaasLoginModuleConfiguration(loginModuleName,
>> flag, other, serverSide, loginDomainName);
>> + public boolean isWrapPrincipals() {
>> + return wrapPrincipals;
>> }
>> }
>
> --
> Joe Bohn
> joe.bohn@earthlink.net
>
> "He is no fool who gives what he cannot keep, to gain what he cannot
> lose." -- Jim Elliot
>