You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by dj...@apache.org on 2007/06/09 19:44:07 UTC
svn commit: r545781 [3/5] - in /geronimo/server/trunk: configs/
configs/axis/ configs/axis2/ configs/client-deployer/src/plan/ configs/cxf/
configs/j2ee-corba-yoko/src/plan/ configs/j2ee-deployer/src/plan/
configs/j2ee-security/src/plan/ configs/jasper...
Modified: geronimo/server/trunk/modules/geronimo-security-builder/src/main/java/org/apache/geronimo/security/deployment/GeronimoSecurityBuilderImpl.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security-builder/src/main/java/org/apache/geronimo/security/deployment/GeronimoSecurityBuilderImpl.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security-builder/src/main/java/org/apache/geronimo/security/deployment/GeronimoSecurityBuilderImpl.java (original)
+++ geronimo/server/trunk/modules/geronimo-security-builder/src/main/java/org/apache/geronimo/security/deployment/GeronimoSecurityBuilderImpl.java Sat Jun 9 10:44:02 2007
@@ -17,61 +17,60 @@
package org.apache.geronimo.security.deployment;
-import java.util.Map;
+import java.security.Principal;
import java.util.HashMap;
-import java.util.Iterator;
-import java.util.Set;
import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
-import javax.security.auth.Subject;
-import javax.security.auth.x500.X500Principal;
import javax.xml.namespace.QName;
-import org.apache.xmlbeans.XmlObject;
-import org.apache.xmlbeans.QNameSet;
-import org.apache.xmlbeans.XmlException;
+import org.apache.geronimo.common.DeploymentException;
import org.apache.geronimo.deployment.DeploymentContext;
+import org.apache.geronimo.deployment.NamespaceDrivenBuilder;
import org.apache.geronimo.deployment.xmlbeans.XmlBeansUtil;
-import org.apache.geronimo.common.DeploymentException;
-import org.apache.geronimo.security.deploy.Security;
-import org.apache.geronimo.security.deploy.Role;
-import org.apache.geronimo.security.deploy.RealmPrincipalInfo;
+import org.apache.geronimo.gbean.AbstractName;
+import org.apache.geronimo.gbean.GBeanData;
+import org.apache.geronimo.gbean.GBeanInfo;
+import org.apache.geronimo.gbean.GBeanInfoBuilder;
+import org.apache.geronimo.gbean.AbstractNameQuery;
+import org.apache.geronimo.j2ee.deployment.EARContext;
+import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
+import org.apache.geronimo.kernel.GBeanAlreadyExistsException;
+import org.apache.geronimo.kernel.Naming;
+import org.apache.geronimo.kernel.repository.Environment;
import org.apache.geronimo.security.deploy.LoginDomainPrincipalInfo;
import org.apache.geronimo.security.deploy.PrincipalInfo;
-import org.apache.geronimo.security.deploy.DistinguishedName;
-import org.apache.geronimo.security.deploy.DefaultPrincipal;
-import org.apache.geronimo.security.util.ConfigurationUtil;
-import org.apache.geronimo.security.jaas.NamedUsernamePasswordCredential;
-import org.apache.geronimo.security.jacc.ApplicationPrincipalRoleConfigurationManager;
+import org.apache.geronimo.security.deploy.RealmPrincipalInfo;
+import org.apache.geronimo.security.deploy.Role;
+import org.apache.geronimo.security.deploy.Security;
+import org.apache.geronimo.security.deploy.SubjectInfo;
import org.apache.geronimo.security.jacc.ApplicationPolicyConfigurationManager;
-import org.apache.geronimo.xbeans.geronimo.security.GerSecurityType;
-import org.apache.geronimo.xbeans.geronimo.security.GerRoleMappingsType;
-import org.apache.geronimo.xbeans.geronimo.security.GerRoleType;
-import org.apache.geronimo.xbeans.geronimo.security.GerDistinguishedNameType;
-import org.apache.geronimo.xbeans.geronimo.security.GerDefaultPrincipalType;
-import org.apache.geronimo.xbeans.geronimo.security.GerNamedUsernamePasswordCredentialType;
-import org.apache.geronimo.xbeans.geronimo.security.GerRealmPrincipalType;
+import org.apache.geronimo.security.jacc.ApplicationPrincipalRoleConfigurationManager;
+import org.apache.geronimo.security.util.ConfigurationUtil;
import org.apache.geronimo.xbeans.geronimo.security.GerLoginDomainPrincipalType;
import org.apache.geronimo.xbeans.geronimo.security.GerPrincipalType;
+import org.apache.geronimo.xbeans.geronimo.security.GerRealmPrincipalType;
+import org.apache.geronimo.xbeans.geronimo.security.GerRoleMappingsType;
+import org.apache.geronimo.xbeans.geronimo.security.GerRoleType;
import org.apache.geronimo.xbeans.geronimo.security.GerSecurityDocument;
-import org.apache.geronimo.gbean.GBeanData;
-import org.apache.geronimo.gbean.AbstractName;
-import org.apache.geronimo.gbean.GBeanInfo;
-import org.apache.geronimo.gbean.GBeanInfoBuilder;
-import org.apache.geronimo.kernel.Naming;
-import org.apache.geronimo.kernel.GBeanAlreadyExistsException;
-import org.apache.geronimo.kernel.repository.Environment;
-import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
-import org.apache.geronimo.j2ee.deployment.SecurityBuilder;
-import org.apache.geronimo.j2ee.deployment.EARContext;
+import org.apache.geronimo.xbeans.geronimo.security.GerSecurityType;
+import org.apache.geronimo.xbeans.geronimo.security.GerSubjectInfoType;
+import org.apache.xmlbeans.QNameSet;
+import org.apache.xmlbeans.XmlException;
+import org.apache.xmlbeans.XmlObject;
/**
* @version $Rev$ $Date$
*/
-public class GeronimoSecurityBuilderImpl implements SecurityBuilder {
+public class GeronimoSecurityBuilderImpl implements NamespaceDrivenBuilder {
private static final QName SECURITY_QNAME = GerSecurityDocument.type.getDocumentElementName();
private static final QNameSet SECURITY_QNAME_SET = QNameSet.singleton(SECURITY_QNAME);
+ private final AbstractNameQuery credentialStoreName;
+ public GeronimoSecurityBuilderImpl(AbstractNameQuery credentialStoreName) {
+ this.credentialStoreName = credentialStoreName;
+ }
public void buildEnvironment(XmlObject container, Environment environment) throws DeploymentException {
}
@@ -93,17 +92,17 @@
ClassLoader classLoader = applicationContext.getClassLoader();
SecurityConfiguration securityConfiguration = buildSecurityConfiguration(security, classLoader);
earContext.setSecurityConfiguration(securityConfiguration);
- }
+// }
//add the JACC gbean if there is a principal-role mapping and we are on the correct module
- if (earContext.getSecurityConfiguration() != null && applicationContext == moduleContext) {
+// if (earContext.getSecurityConfiguration() != null && applicationContext == moduleContext) {
Naming naming = earContext.getNaming();
- GBeanData roleMapperData = configureRoleMapper(naming, earContext.getModuleName(), earContext.getSecurityConfiguration());
+ GBeanData roleMapperData = configureRoleMapper(naming, earContext.getModuleName(), securityConfiguration);
try {
earContext.addGBean(roleMapperData);
} catch (GBeanAlreadyExistsException e) {
throw new DeploymentException("Role mapper gbean already present", e);
}
- GBeanData jaccBeanData = configureApplicationPolicyManager(naming, earContext.getModuleName(), earContext.getContextIDToPermissionsMap(), earContext.getSecurityConfiguration());
+ GBeanData jaccBeanData = configureApplicationPolicyManager(naming, earContext.getModuleName(), earContext.getContextIDToPermissionsMap(), securityConfiguration);
jaccBeanData.setReferencePattern("PrincipalRoleMapper", roleMapperData.getAbstractName());
try {
earContext.addGBean(jaccBeanData);
@@ -115,25 +114,23 @@
}
private static SecurityConfiguration buildSecurityConfiguration(Security security, ClassLoader classLoader) {
- Map roleDesignates = new HashMap();
- Map principalRoleMap = new HashMap();
- Map roleToPrincipalMap = new HashMap();
- GeronimoSecurityBuilderImpl.buildRolePrincipalMap(security, roleDesignates, roleToPrincipalMap, classLoader);
- GeronimoSecurityBuilderImpl.invertMap(roleToPrincipalMap, principalRoleMap);
- return new SecurityConfiguration(principalRoleMap, roleDesignates, security.getDefaultPrincipal(), security.getDefaultRole(), security.isDoAsCurrentCaller(), security.isUseContextHandler());
- }
-
- private static Map invertMap(Map roleToPrincipalMap, Map principalRoleMapping) {
- for (Iterator roles = roleToPrincipalMap.entrySet().iterator(); roles.hasNext();) {
- Map.Entry entry = (Map.Entry) roles.next();
- String role = (String) entry.getKey();
- Set principals = (Set) entry.getValue();
- for (Iterator iter = principals.iterator(); iter.hasNext();) {
- java.security.Principal principal = (java.security.Principal) iter.next();
+ Map<String, SubjectInfo> roleDesignates = security.getRoleSubjectMappings();
+ Map<Principal, Set<String>> principalRoleMap = new HashMap<Principal, Set<String>>();
+ Map<String, Set<Principal>> roleToPrincipalMap = new HashMap<String, Set<Principal>>();
+ buildRolePrincipalMap(security, roleToPrincipalMap, classLoader);
+ invertMap(roleToPrincipalMap, principalRoleMap);
+ return new SecurityConfiguration(principalRoleMap, roleDesignates, security.getDefaultSubjectInfo(), security.getDefaultRole(), security.isDoAsCurrentCaller(), security.isUseContextHandler());
+ }
- HashSet roleSet = (HashSet) principalRoleMapping.get(principal);
+ private static Map invertMap(Map<String, Set<Principal>> roleToPrincipalMap, Map<Principal, Set<String>> principalRoleMapping) {
+ for (Map.Entry<String, Set<java.security.Principal>> entry : roleToPrincipalMap.entrySet()) {
+ String role = entry.getKey();
+ Set<Principal> principals = entry.getValue();
+ for (Principal principal : principals) {
+
+ Set<String> roleSet = principalRoleMapping.get(principal);
if (roleSet == null) {
- roleSet = new HashSet();
+ roleSet = new HashSet<String>();
principalRoleMapping.put(principal, roleSet);
}
roleSet.add(role);
@@ -145,67 +142,46 @@
/**
* non-interface, used in some jetty/tomcat tests
*
- * @param security
- * @param roleDesignates
- * @param roleToPrincipalMap
- * @param classLoader
+ * @param security Security object holding security info as it is extracted
+ * @param roleToPrincipalMap role to set of Principals mapping
+ * @param classLoader application classloader in case we need to load some principal classes.
*/
- public static void buildRolePrincipalMap(Security security, Map roleDesignates, Map roleToPrincipalMap, ClassLoader classLoader) {
+ public static void buildRolePrincipalMap(Security security, Map<String, Set<Principal>> roleToPrincipalMap, ClassLoader classLoader) {
- Iterator roleMappings = security.getRoleMappings().values().iterator();
- while (roleMappings.hasNext()) {
- Role role = (Role) roleMappings.next();
+ for (Object o : security.getRoleMappings().values()) {
+ Role role = (Role) o;
String roleName = role.getRoleName();
- Subject roleDesignate = new Subject();
- Set principalSet = new HashSet();
+ Set<Principal> principalSet = new HashSet<Principal>();
- Iterator realmPrincipals = role.getRealmPrincipals().iterator();
- while (realmPrincipals.hasNext()) {
- RealmPrincipalInfo realmPrincipal = (RealmPrincipalInfo) realmPrincipals.next();
- java.security.Principal principal = ConfigurationUtil.generateRealmPrincipal(realmPrincipal.getRealm(), realmPrincipal.getDomain(), realmPrincipal, classLoader);
+ for (Object o1 : role.getRealmPrincipals()) {
+ RealmPrincipalInfo realmPrincipal = (RealmPrincipalInfo) o1;
+ Principal principal = ConfigurationUtil.generateRealmPrincipal(realmPrincipal.getRealm(), realmPrincipal.getDomain(), realmPrincipal, classLoader);
principalSet.add(principal);
- if (realmPrincipal.isDesignatedRunAs()) roleDesignate.getPrincipals().add(principal);
}
- Iterator domainPrincipals = role.getLoginDomainPrincipals().iterator();
- while (domainPrincipals.hasNext()) {
- LoginDomainPrincipalInfo domainPrincipal = (LoginDomainPrincipalInfo) domainPrincipals.next();
- java.security.Principal principal = ConfigurationUtil.generateDomainPrincipal(domainPrincipal.getDomain(), domainPrincipal, classLoader);
+ for (Object o2 : role.getLoginDomainPrincipals()) {
+ LoginDomainPrincipalInfo domainPrincipal = (LoginDomainPrincipalInfo) o2;
+ Principal principal = ConfigurationUtil.generateDomainPrincipal(domainPrincipal.getDomain(), domainPrincipal, classLoader);
principalSet.add(principal);
- if (domainPrincipal.isDesignatedRunAs()) roleDesignate.getPrincipals().add(principal);
}
- Iterator principals = role.getPrincipals().iterator();
- while (principals.hasNext()) {
- PrincipalInfo plainPrincipalInfo = (PrincipalInfo) principals.next();
- java.security.Principal principal = ConfigurationUtil.generatePrincipal(plainPrincipalInfo, classLoader);
+ for (Object o3 : role.getPrincipals()) {
+ PrincipalInfo plainPrincipalInfo = (PrincipalInfo) o3;
+ Principal principal = ConfigurationUtil.generatePrincipal(plainPrincipalInfo, classLoader);
principalSet.add(principal);
- if (plainPrincipalInfo.isDesignatedRunAs()) roleDesignate.getPrincipals().add(principal);
- }
-
- for (Iterator names = role.getDistinguishedNames().iterator(); names.hasNext();) {
- DistinguishedName dn = (DistinguishedName) names.next();
-
- X500Principal x500Principal = ConfigurationUtil.generateX500Principal(dn.getName());
-
- principalSet.add(x500Principal);
- if (dn.isDesignatedRunAs()) roleDesignate.getPrincipals().add(x500Principal);
}
- Set roleMapping = (Set) roleToPrincipalMap.get(roleName);
+ Set<Principal> roleMapping = roleToPrincipalMap.get(roleName);
if (roleMapping == null) {
- roleMapping = new HashSet();
+ roleMapping = new HashSet<Principal>();
roleToPrincipalMap.put(roleName, roleMapping);
}
roleMapping.addAll(principalSet);
- if (roleDesignate.getPrincipals().size() > 0) {
- roleDesignates.put(roleName, roleDesignate);
- }
}
}
@@ -232,6 +208,11 @@
String roleName = roleType.getRoleName().trim();
role.setRoleName(roleName);
+ if (roleType.isSetRunAsSubject()) {
+ SubjectInfo subjectInfo = buildSubjectInfo(roleType.getRunAsSubject());
+ security.getRoleSubjectMappings().put(roleName, subjectInfo);
+ }
+
for (int j = 0; j < roleType.sizeOfRealmPrincipalArray(); j++) {
role.getRealmPrincipals().add(GeronimoSecurityBuilderImpl.buildRealmPrincipal(roleType.getRealmPrincipalArray(j)));
}
@@ -244,76 +225,56 @@
role.getPrincipals().add(buildPrincipal(roleType.getPrincipalArray(j)));
}
- for (int j = 0; j < roleType.sizeOfDistinguishedNameArray(); j++) {
- GerDistinguishedNameType dnType = roleType.getDistinguishedNameArray(j);
-
- role.getDistinguishedNames().add(new DistinguishedName(dnType.getName().trim(), dnType.getDesignatedRunAs()));
- }
-
security.getRoleMappings().put(roleName, role);
}
}
- security.setDefaultPrincipal(buildDefaultPrincipal(securityType.getDefaultPrincipal()));
+ security.setDefaultSubjectInfo(buildSubjectInfo(securityType.getDefaultSubject()));
return security;
}
- //used from app client builder
- public DefaultPrincipal buildDefaultPrincipal(XmlObject xmlObject) {
- GerDefaultPrincipalType defaultPrincipalType = (GerDefaultPrincipalType) xmlObject;
- DefaultPrincipal defaultPrincipal = new DefaultPrincipal();
-
- if(defaultPrincipalType.isSetPrincipal()) {
- defaultPrincipal.setPrincipal(buildPrincipal(defaultPrincipalType.getPrincipal()));
- } else if(defaultPrincipalType.isSetLoginDomainPrincipal()) {
- defaultPrincipal.setPrincipal(buildDomainPrincipal(defaultPrincipalType.getLoginDomainPrincipal()));
- } else if(defaultPrincipalType.isSetRealmPrincipal()) {
- defaultPrincipal.setPrincipal(buildRealmPrincipal(defaultPrincipalType.getRealmPrincipal()));
- } else {
- throw new IllegalStateException("default-principal does not contain a principal, login-domain-principal, or realm-principal");
- }
- GerNamedUsernamePasswordCredentialType[] namedCredentials = defaultPrincipalType.getNamedUsernamePasswordCredentialArray();
- if (namedCredentials.length > 0) {
- Set defaultCredentialSet = new HashSet();
- for (int i = 0; i < namedCredentials.length; i++) {
- GerNamedUsernamePasswordCredentialType namedCredentialType = namedCredentials[i];
- NamedUsernamePasswordCredential namedCredential = new NamedUsernamePasswordCredential(namedCredentialType.getUsername().trim(), namedCredentialType.getPassword().trim().toCharArray(), namedCredentialType.getName().trim());
- defaultCredentialSet.add(namedCredential);
- }
- defaultPrincipal.setNamedUserPasswordCredentials(defaultCredentialSet);
+ private SubjectInfo buildSubjectInfo(GerSubjectInfoType defaultSubject) {
+ if (defaultSubject == null) {
+ return null;
}
- return defaultPrincipal;
+ String realmName = defaultSubject.getRealm().trim();
+ String id = defaultSubject.getId().trim();
+ return new SubjectInfo(realmName, id);
}
private static RealmPrincipalInfo buildRealmPrincipal(GerRealmPrincipalType realmPrincipalType) {
- return new RealmPrincipalInfo(realmPrincipalType.getRealmName().trim(), realmPrincipalType.getDomainName().trim(), realmPrincipalType.getClass1().trim(), realmPrincipalType.getName().trim(), realmPrincipalType.isSetDesignatedRunAs());
+ return new RealmPrincipalInfo(realmPrincipalType.getRealmName().trim(), realmPrincipalType.getDomainName().trim(), realmPrincipalType.getClass1().trim(), realmPrincipalType.getName().trim());
}
private static LoginDomainPrincipalInfo buildDomainPrincipal(GerLoginDomainPrincipalType domainPrincipalType) {
- return new LoginDomainPrincipalInfo(domainPrincipalType.getDomainName().trim(), domainPrincipalType.getClass1().trim(), domainPrincipalType.getName().trim(), domainPrincipalType.isSetDesignatedRunAs());
+ return new LoginDomainPrincipalInfo(domainPrincipalType.getDomainName().trim(), domainPrincipalType.getClass1().trim(), domainPrincipalType.getName().trim());
}
//used from TSSConfigEditor
public PrincipalInfo buildPrincipal(XmlObject xmlObject) {
GerPrincipalType principalType = (GerPrincipalType) xmlObject;
- return new PrincipalInfo(principalType.getClass1().trim(), principalType.getName().trim(), principalType.isSetDesignatedRunAs());
+ return new PrincipalInfo(principalType.getClass1().trim(), principalType.getName().trim());
}
- public GBeanData configureRoleMapper(Naming naming, AbstractName moduleName, Object securityConfiguration) {
+ protected GBeanData configureRoleMapper(Naming naming, AbstractName moduleName, SecurityConfiguration securityConfiguration) {
AbstractName roleMapperName = naming.createChildName(moduleName, "RoleMapper", "RoleMapper");
GBeanData roleMapperData = new GBeanData(roleMapperName, ApplicationPrincipalRoleConfigurationManager.GBEAN_INFO);
- roleMapperData.setAttribute("principalRoleMap", ((SecurityConfiguration) securityConfiguration).getPrincipalRoleMap());
+ roleMapperData.setAttribute("principalRoleMap", securityConfiguration.getPrincipalRoleMap());
return roleMapperData;
}
- public GBeanData configureApplicationPolicyManager(Naming naming, AbstractName moduleName, Map contextIDToPermissionsMap, Object securityConfiguration) {
+ protected GBeanData configureApplicationPolicyManager(Naming naming, AbstractName moduleName, Map contextIDToPermissionsMap, SecurityConfiguration securityConfiguration) {
AbstractName jaccBeanName = naming.createChildName(moduleName, NameFactory.JACC_MANAGER, NameFactory.JACC_MANAGER);
GBeanData jaccBeanData = new GBeanData(jaccBeanName, ApplicationPolicyConfigurationManager.GBEAN_INFO);
jaccBeanData.setAttribute("contextIdToPermissionsMap", contextIDToPermissionsMap);
- jaccBeanData.setAttribute("roleDesignates", ((SecurityConfiguration) securityConfiguration).getRoleDesignates());
+ Map<String, SubjectInfo> roleDesignates = securityConfiguration.getRoleDesignates();
+ jaccBeanData.setAttribute("roleDesignates", roleDesignates);
+ jaccBeanData.setAttribute("defaultSubjectInfo", securityConfiguration.getDefaultSubjectInfo());
+ if ((roleDesignates != null && !roleDesignates.isEmpty()) || securityConfiguration.getDefaultSubjectInfo() != null) {
+ jaccBeanData.setReferencePattern("CredentialStore", credentialStoreName);
+ }
return jaccBeanData;
-
}
public QNameSet getSpecQNameSet() {
@@ -329,8 +290,8 @@
static {
GBeanInfoBuilder infoFactory = GBeanInfoBuilder.createStatic(GeronimoSecurityBuilderImpl.class, NameFactory.MODULE_BUILDER);
- infoFactory.addInterface(SecurityBuilder.class);
-
+ infoFactory.addAttribute("credentialStoreName", AbstractNameQuery.class, true, true);
+ infoFactory.setConstructor(new String[] {"credentialStoreName"});
GBEAN_INFO = infoFactory.getBeanInfo();
}
Modified: geronimo/server/trunk/modules/geronimo-security-builder/src/main/java/org/apache/geronimo/security/deployment/LoginConfigBuilder.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security-builder/src/main/java/org/apache/geronimo/security/deployment/LoginConfigBuilder.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security-builder/src/main/java/org/apache/geronimo/security/deployment/LoginConfigBuilder.java (original)
+++ geronimo/server/trunk/modules/geronimo-security-builder/src/main/java/org/apache/geronimo/security/deployment/LoginConfigBuilder.java Sat Jun 9 10:44:02 2007
@@ -23,12 +23,16 @@
import java.util.List;
import java.util.Properties;
import java.util.Set;
+import java.util.Map;
+import java.util.HashMap;
import org.apache.geronimo.common.DeploymentException;
import org.apache.geronimo.deployment.DeploymentContext;
import org.apache.geronimo.deployment.service.SingleGBeanBuilder;
import org.apache.geronimo.deployment.service.XmlReferenceBuilder;
+import org.apache.geronimo.deployment.service.XmlAttributeBuilder;
import org.apache.geronimo.deployment.xbeans.PatternType;
+import org.apache.geronimo.deployment.xbeans.XmlAttributeType;
import org.apache.geronimo.gbean.AbstractName;
import org.apache.geronimo.gbean.AbstractNameQuery;
import org.apache.geronimo.gbean.GBeanData;
@@ -36,6 +40,7 @@
import org.apache.geronimo.gbean.GBeanInfoBuilder;
import org.apache.geronimo.gbean.GReferenceInfo;
import org.apache.geronimo.gbean.ReferencePatterns;
+import org.apache.geronimo.gbean.ReferenceMap;
import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
import org.apache.geronimo.kernel.GBeanAlreadyExistsException;
import org.apache.geronimo.kernel.Naming;
@@ -60,13 +65,25 @@
public static final String LOGIN_CONFIG_NAMESPACE = GerLoginConfigDocument.type.getDocumentElementName().getNamespaceURI();
private final Naming naming;
+ private final Map xmlAttributeBuilderMap;
- public LoginConfigBuilder(Kernel kernel) {
- this.naming = kernel.getNaming();
+ public LoginConfigBuilder(Kernel kernel, Collection xmlAttributeBuilderMap) {
+ this(kernel.getNaming(), xmlAttributeBuilderMap);
}
- public LoginConfigBuilder(Naming naming) {
+ public LoginConfigBuilder(Naming naming, Collection xmlAttributeBuilders) {
this.naming = naming;
+ if (xmlAttributeBuilders != null) {
+ ReferenceMap.Key key = new ReferenceMap.Key() {
+
+ public Object getKey(Object object) {
+ return ((XmlAttributeBuilder) object).getNamespace();
+ }
+ };
+ xmlAttributeBuilderMap = new ReferenceMap(xmlAttributeBuilders, new HashMap(), key);
+ } else {
+ xmlAttributeBuilderMap = new HashMap();
+ }
}
public String getNamespace() {
@@ -140,6 +157,24 @@
String value = trim(gerOptionType.getStringValue());
options.setProperty(key, value);
}
+ XmlAttributeType[] xmlOptionArray = loginModule.getXmlOptionArray();
+ if (xmlOptionArray != null) {
+ for (int i = 0; i < xmlOptionArray.length; i++) {
+ XmlAttributeType xmlOptionType = xmlOptionArray[i];
+ String key = xmlOptionType.getName().trim();
+ XmlObject[] anys = xmlOptionType.selectChildren(XmlAttributeType.type.qnameSetForWildcardElements());
+ if (anys.length != 1) {
+ throw new DeploymentException("Unexpected count of xs:any elements in xml-attribute " + anys.length + " qnameset: " + XmlAttributeType.type.qnameSetForWildcardElements());
+ }
+ String namespace = xmlObject.getDomNode().getNamespaceURI();
+ XmlAttributeBuilder builder = (XmlAttributeBuilder) xmlAttributeBuilderMap.get(namespace);
+ if (builder == null) {
+ throw new DeploymentException("No attribute builder deployed for namespace: " + namespace);
+ }
+ Object value = builder.getValue(xmlObject, null, classLoader);
+ options.put(key, value);
+ }
+ }
loginModuleName = naming.createChildName(parentName, name, NameFactory.LOGIN_MODULE);
loginModuleReferencePatterns = new ReferencePatterns(loginModuleName);
GBeanData loginModuleGBeanData = new GBeanData(loginModuleName, LoginModuleGBean.GBEAN_INFO);
@@ -187,7 +222,8 @@
static {
GBeanInfoBuilder infoBuilder = GBeanInfoBuilder.createStatic(LoginConfigBuilder.class, "XmlReferenceBuilder");
infoBuilder.addAttribute("kernel", Kernel.class, false, false);
- infoBuilder.setConstructor(new String[] {"kernel"});
+ infoBuilder.addReference("xmlAttributeBuilders", XmlAttributeBuilder.class, "XmlAttributeBuilder");
+ infoBuilder.setConstructor(new String[] {"kernel", "xmlAttributeBuilders"});
infoBuilder.addInterface(XmlReferenceBuilder.class);
GBEAN_INFO = infoBuilder.getBeanInfo();
Modified: geronimo/server/trunk/modules/geronimo-security-builder/src/main/java/org/apache/geronimo/security/deployment/SecurityConfiguration.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security-builder/src/main/java/org/apache/geronimo/security/deployment/SecurityConfiguration.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security-builder/src/main/java/org/apache/geronimo/security/deployment/SecurityConfiguration.java (original)
+++ geronimo/server/trunk/modules/geronimo-security-builder/src/main/java/org/apache/geronimo/security/deployment/SecurityConfiguration.java Sat Jun 9 10:44:02 2007
@@ -18,7 +18,7 @@
import java.util.Map;
-import org.apache.geronimo.security.deploy.DefaultPrincipal;
+import org.apache.geronimo.security.deploy.SubjectInfo;
/**
* @version $Rev$ $Date$
@@ -26,16 +26,16 @@
public class SecurityConfiguration {
private final Map principalRoleMap;
- private final Map roleDesignates;
- private final DefaultPrincipal defaultPrincipal;
+ private final Map<String, SubjectInfo> roleDesignates;
+ private final SubjectInfo defaultSubjectInfo;
private final String defaultRole;
private final boolean doAsCurrentCaller;
private final boolean isUseContextHandler;
- public SecurityConfiguration(Map principalRoleMap, Map roleDesignates, DefaultPrincipal defaultPrincipal, String defaultRole, boolean doAsCurrentCaller, boolean useContextHandler) {
+ public SecurityConfiguration(Map principalRoleMap, Map<String, SubjectInfo> roleDesignates, SubjectInfo defaultSubjectInfo, String defaultRole, boolean doAsCurrentCaller, boolean useContextHandler) {
this.principalRoleMap = principalRoleMap;
this.roleDesignates = roleDesignates;
- this.defaultPrincipal = defaultPrincipal;
+ this.defaultSubjectInfo = defaultSubjectInfo;
this.defaultRole = defaultRole;
this.doAsCurrentCaller = doAsCurrentCaller;
isUseContextHandler = useContextHandler;
@@ -45,12 +45,20 @@
return principalRoleMap;
}
- public Map getRoleDesignates() {
+ public Map<String, SubjectInfo> getRoleDesignates() {
return roleDesignates;
}
- public DefaultPrincipal getDefaultPrincipal() {
- return defaultPrincipal;
+ public SubjectInfo getDefaultSubjectInfo() {
+ return defaultSubjectInfo;
+ }
+
+ public String getDefaultSubjectRealm() {
+ return defaultSubjectInfo == null? null: defaultSubjectInfo.getRealm();
+ }
+
+ public String getDefaultSubjectId() {
+ return defaultSubjectInfo == null? null: defaultSubjectInfo.getId();
}
public String getDefaultRole() {
Added: geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-credential-store-1.0.xsd
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-credential-store-1.0.xsd?view=auto&rev=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-credential-store-1.0.xsd (added)
+++ geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-credential-store-1.0.xsd Sat Jun 9 10:44:02 2007
@@ -0,0 +1,110 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<!-- $Rev$ $Date$ -->
+
+<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+ xmlns:cs="http://geronimo.apache.org/xml/ns/credentialstore-1.0"
+ targetNamespace="http://geronimo.apache.org/xml/ns/credentialstore-1.0"
+ elementFormDefault="qualified" attributeFormDefault="unqualified"
+ version="1.0">
+
+ <xsd:annotation>
+ <xsd:documentation>
+ This is an XML Schema Definition for credential store configuration.
+ CredentialStore configuration is
+ specified by the element credential-store with namespace
+ specified as xmlns =
+ "http://geronimo.apache.org/xml/ns/credentialstore-1.0".
+ </xsd:documentation>
+ </xsd:annotation>
+
+ <xsd:element name="credential-store" type="cs:credential-storeType">
+ <xsd:annotation>
+ <xsd:documentation>
+ The root element for Geronimo credential store configuration. This
+ is a tree structure of realm, id, and sets of credentials such as name and password
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+
+ <xsd:complexType name="credential-storeType">
+ <xsd:annotation>
+ <xsd:documentation>
+ Defines the list of realms
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:sequence>
+ <xsd:element name="realm" type="cs:realmType" minOccurs="0" maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>
+ The realm element contains the credentials for subjects in that realm.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+
+ <xsd:complexType name="realmType">
+ <xsd:sequence>
+ <xsd:element name="subject" type="cs:subjectType" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ <xsd:attribute name="name" type="xsd:string" use="required">
+ <xsd:annotation>
+ <xsd:documentation>
+ The name attribute specifies the login realm name
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ </xsd:complexType>
+
+ <xsd:complexType name="subjectType">
+ <xsd:sequence>
+ <xsd:element name="id" type="xsd:string">
+ <xsd:annotation>
+ <xsd:documentation>
+ The id element serves to identify the subject externally. For subjects with meaningful
+ names it might be convenient to use the name as id.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="credential" type="cs:credentialType" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+
+ <xsd:complexType name="credentialType">
+ <xsd:sequence>
+ <xsd:element name="type" type="xsd:string">
+ <xsd:annotation>
+ <xsd:documentation>
+ Class name or alias of the callback handler that will accept this credential
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="value" type="xsd:string">
+ <xsd:annotation>
+ <xsd:documentation>
+ credential value as a string.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+
+
+</xsd:schema>
Propchange: geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-credential-store-1.0.xsd
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-credential-store-1.0.xsd
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-credential-store-1.0.xsd
------------------------------------------------------------------------------
svn:mime-type = text/xml
Modified: geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-login-config-1.2.xsd
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-login-config-1.2.xsd?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-login-config-1.2.xsd (original)
+++ geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-login-config-1.2.xsd Sat Jun 9 10:44:02 2007
@@ -241,6 +241,7 @@
</xsd:documentation>
</xsd:annotation>
</xsd:element>
+ <xsd:element name="xml-option" type="sys:xml-attributeType" minOccurs="0" maxOccurs="unbounded"/>
</xsd:sequence>
<xsd:attribute name="server-side" type="xsd:boolean"
use="required">
Added: geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-security-2.0.xsd
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-security-2.0.xsd?view=auto&rev=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-security-2.0.xsd (added)
+++ geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-security-2.0.xsd Sat Jun 9 10:44:02 2007
@@ -0,0 +1,160 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<!-- $Rev$ $Date$ -->
+
+<xsd:schema
+ xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+ xmlns:j2ee="http://java.sun.com/xml/ns/j2ee"
+ xmlns:geronimo="http://geronimo.apache.org/xml/ns/security-2.0"
+ targetNamespace="http://geronimo.apache.org/xml/ns/security-2.0"
+ xmlns:app="http://geronimo.apache.org/xml/ns/j2ee/application-1.2"
+ elementFormDefault="qualified"
+ attributeFormDefault="unqualified"
+ version="2.0">
+
+ <xsd:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/>
+ <xsd:import namespace="http://geronimo.apache.org/xml/ns/j2ee/application-1.2" schemaLocation="geronimo-application-1.2.xsd"/>
+
+ <xsd:element name="security" type="geronimo:securityType" substitutionGroup="app:security"/>
+ <xsd:element name="default-subject" type="geronimo:subject-infoType"/>
+
+ <xsd:complexType name="securityType">
+ <xsd:annotation>
+ <xsd:documentation>
+ Security entries
+
+ If this element is present, all web and EJB modules MUST make the
+ appropriate access checks as outlined in the JACC spec.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexContent>
+ <xsd:extension base="app:abstract-securityType">
+
+ <xsd:sequence>
+ <xsd:element name="description" type="geronimo:descriptionType" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="default-subject" type="geronimo:subject-infoType" minOccurs="0"/>
+ <xsd:element name="role-mappings" type="geronimo:role-mappingsType" minOccurs="0"/>
+ </xsd:sequence>
+ <xsd:attribute name="doas-current-caller" type="xsd:boolean" default="false">
+ <xsd:annotation>
+ <xsd:documentation>
+ Set this attribute to "true" if the work is to be performed
+ as the calling Subject.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="use-context-handler" type="xsd:boolean" default="false">
+ <xsd:annotation>
+ <xsd:documentation>
+ Set this attribute to "true" if the installed JACC policy
+ contexts will use PolicyContextHandlers.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="default-role" type="xsd:string">
+ <xsd:annotation>
+ <xsd:documentation>
+ Used by the the Deployer to assign method permissions for
+ all of the unspecified methods, either by assigning them
+ to security roles, or by marking them as unchecked. If
+ the value of default-role is empty, then the unspecified
+ methods are marked unchecked
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+
+ <xsd:complexType name="descriptionType">
+ <xsd:simpleContent>
+ <xsd:extension base="xsd:string">
+ <xsd:attribute ref="xml:lang"/>
+ </xsd:extension>
+ </xsd:simpleContent>
+ </xsd:complexType>
+
+ <xsd:complexType name="named-username-password-credentialType">
+ <xsd:sequence>
+ <xsd:element name="name" type="xsd:string"/>
+ <xsd:element name="username" type="xsd:string"/>
+ <xsd:element name="password" type="xsd:string"/>
+ </xsd:sequence>
+ </xsd:complexType>
+
+ <xsd:complexType name="role-mappingsType">
+ <xsd:sequence>
+ <xsd:element name="role" type="geronimo:roleType" minOccurs="1" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+
+ <xsd:complexType name="roleType">
+ <xsd:sequence>
+ <xsd:element name="description" type="geronimo:descriptionType" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="run-as-subject" type="geronimo:subject-infoType" minOccurs="0"/>
+ <xsd:element name="realm-principal" type="geronimo:realmPrincipalType" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="login-domain-principal" type="geronimo:loginDomainPrincipalType" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="principal" type="geronimo:principalType" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="distinguished-name" type="geronimo:distinguishedNameType" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ <xsd:attribute name="role-name" type="xsd:string" use="required"/>
+ </xsd:complexType>
+
+ <xsd:complexType name="realmPrincipalType">
+ <xsd:complexContent>
+ <xsd:extension base="geronimo:loginDomainPrincipalType">
+ <xsd:attribute name="realm-name" type="xsd:string" use="required"/>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+
+ <xsd:complexType name="loginDomainPrincipalType">
+ <xsd:complexContent>
+ <xsd:extension base="geronimo:principalType">
+ <xsd:attribute name="domain-name" type="xsd:string" use="required"/>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+
+ <xsd:complexType name="principalType">
+ <xsd:sequence>
+ <xsd:element name="description" type="geronimo:descriptionType" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ <xsd:attribute name="class" type="xsd:string" use="required"/>
+ <xsd:attribute name="name" type="xsd:string" use="required"/>
+ </xsd:complexType>
+
+ <xsd:complexType name="distinguishedNameType">
+ <xsd:sequence>
+ <xsd:element name="description" type="geronimo:descriptionType" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ <xsd:attribute name="name" type="xsd:string" use="required"/>
+ </xsd:complexType>
+
+ <xsd:complexType name="subject-infoType">
+ <xsd:sequence>
+ <xsd:element name="description" type="geronimo:descriptionType" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="realm" type="xsd:string"/>
+ <xsd:element name="id" type="xsd:string"/>
+ </xsd:sequence>
+ </xsd:complexType>
+
+
+</xsd:schema>
Propchange: geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-security-2.0.xsd
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-security-2.0.xsd
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-security-2.0.xsd
------------------------------------------------------------------------------
svn:mime-type = text/xml
Added: geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-subject-info-1.0.xsd
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-subject-info-1.0.xsd?view=auto&rev=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-subject-info-1.0.xsd (added)
+++ geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-subject-info-1.0.xsd Sat Jun 9 10:44:02 2007
@@ -0,0 +1,119 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<!-- $Rev$ $Date$ -->
+
+<xsd:schema
+ xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+ xmlns:j2ee="http://java.sun.com/xml/ns/j2ee"
+ xmlns:geronimo="http://geronimo.apache.org/xml/ns/subject-info-1.0"
+ targetNamespace="http://geronimo.apache.org/xml/ns/subject-info-1.0"
+ xmlns:app="http://geronimo.apache.org/xml/ns/j2ee/application-1.2"
+ elementFormDefault="qualified"
+ attributeFormDefault="unqualified"
+ version="2.0">
+
+ <xsd:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/>
+ <xsd:import namespace="http://geronimo.apache.org/xml/ns/j2ee/application-1.2" schemaLocation="geronimo-application-1.2.xsd"/>
+
+ <xsd:element name="security" type="geronimo:securityType" substitutionGroup="app:security"/>
+ <xsd:element name="default-subject" type="geronimo:default-subjectType"/>
+
+ <xsd:complexType name="securityType">
+ <xsd:annotation>
+ <xsd:documentation>
+ Security entries
+
+ If this element is present, all web and EJB modules MUST make the
+ appropriate access checks as outlined in the JACC spec.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexContent>
+ <xsd:extension base="app:abstract-securityType">
+
+ <xsd:sequence>
+ <xsd:element name="description" type="geronimo:descriptionType" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="default-subject" type="geronimo:default-subjectType"/>
+ <xsd:element name="role-mappings" type="geronimo:role-subject-mappingsType" minOccurs="0"/>
+ </xsd:sequence>
+ <xsd:attribute name="doas-current-caller" type="xsd:boolean" default="false">
+ <xsd:annotation>
+ <xsd:documentation>
+ Set this attribute to "true" if the work is to be performed
+ as the calling Subject.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="use-context-handler" type="xsd:boolean" default="false">
+ <xsd:annotation>
+ <xsd:documentation>
+ Set this attribute to "true" if the installed JACC policy
+ contexts will use PolicyContextHandlers.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="default-role" type="xsd:string">
+ <xsd:annotation>
+ <xsd:documentation>
+ Used by the the Deployer to assign method permissions for
+ all of the unspecified methods, either by assigning them
+ to security roles, or by marking them as unchecked. If
+ the value of default-role is empty, then the unspecified
+ methods are marked unchecked
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+
+ <xsd:complexType name="descriptionType">
+ <xsd:simpleContent>
+ <xsd:extension base="xsd:string">
+ <xsd:attribute ref="xml:lang"/>
+ </xsd:extension>
+ </xsd:simpleContent>
+ </xsd:complexType>
+
+
+ <xsd:complexType name="default-subjectType">
+ <xsd:sequence>
+ <xsd:element name="description" type="geronimo:descriptionType" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="realm" type="xsd:string"/>
+ <xsd:element name="id" type="xsd:string"/>
+ </xsd:sequence>
+ </xsd:complexType>
+
+
+ <xsd:complexType name="role-subject-mappingsType">
+ <xsd:sequence>
+ <xsd:element name="role" type="geronimo:roleType" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+
+ <xsd:complexType name="roleType">
+ <xsd:sequence>
+ <xsd:element name="description" type="geronimo:descriptionType" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="realm" type="xsd:string"/>
+ <xsd:element name="id" type="xsd:string"/>
+ </xsd:sequence>
+ <xsd:attribute name="role-name" type="xsd:string" use="required"/>
+ </xsd:complexType>
+
+</xsd:schema>
Propchange: geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-subject-info-1.0.xsd
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-subject-info-1.0.xsd
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-subject-info-1.0.xsd
------------------------------------------------------------------------------
svn:mime-type = text/xml
Modified: geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/xmlconfig.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/xmlconfig.xml?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/xmlconfig.xml (original)
+++ geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/xmlconfig.xml Sat Jun 9 10:44:02 2007
@@ -16,7 +16,17 @@
-->
<xb:config xmlns:xb="http://www.bea.com/2002/09/xbean/config">
- <xb:namespace uri="http://geronimo.apache.org/xml/ns/security-1.2">
+ <!--<xb:namespace uri="http://geronimo.apache.org/xml/ns/security-1.2">-->
+ <!--<xb:package>org.apache.geronimo.xbeans.geronimo.security</xb:package>-->
+ <!--<xb:prefix>Ger</xb:prefix>-->
+ <!--</xb:namespace>-->
+
+ <xb:namespace uri="http://geronimo.apache.org/xml/ns/subject-info-1.0">
+ <xb:package>org.apache.geronimo.xbeans.geronimo.security.subjectinfo</xb:package>
+ <xb:prefix>Ger</xb:prefix>
+ </xb:namespace>
+
+ <xb:namespace uri="http://geronimo.apache.org/xml/ns/security-2.0">
<xb:package>org.apache.geronimo.xbeans.geronimo.security</xb:package>
<xb:prefix>Ger</xb:prefix>
</xb:namespace>
@@ -24,6 +34,10 @@
<xb:namespace uri="http://geronimo.apache.org/xml/ns/loginconfig-1.2">
<xb:package>org.apache.geronimo.xbeans.geronimo.loginconfig</xb:package>
<xb:prefix>Ger</xb:prefix>
+ </xb:namespace>
+
+ <xb:namespace uri="http://geronimo.apache.org/xml/ns/credentialstore-1.0">
+ <xb:package>org.apache.geronimo.xbeans.geronimo.credentialstore</xb:package>
</xb:namespace>
</xb:config>
Modified: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/ContextManager.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/ContextManager.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/ContextManager.java (original)
+++ geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/ContextManager.java Sat Jun 9 10:44:02 2007
@@ -25,10 +25,12 @@
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivilegedAction;
-import java.util.Hashtable;
+import java.util.Collections;
+import java.util.HashMap;
import java.util.IdentityHashMap;
import java.util.Map;
import java.util.Set;
+
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
@@ -42,10 +44,11 @@
* @version $Rev$ $Date$
*/
public class ContextManager {
- private static ThreadLocal currentCallerId = new ThreadLocal();
- private static final ThreadLocal callers = new ThreadLocal();
- private static Map subjectContexts = new IdentityHashMap();
- private static Map subjectIds = new Hashtable();
+
+ private static ThreadLocal<Serializable> currentCallerId = new ThreadLocal<Serializable>();
+ private static final ThreadLocal<Callers> callers = new ThreadLocal<Callers>();
+ private static Map<Subject, Context> subjectContexts = new IdentityHashMap<Subject, Context>();
+ private static Map<SubjectId, Subject> subjectIds = Collections.synchronizedMap(new HashMap<SubjectId, Subject>());
private static long nextSubjectId = System.currentTimeMillis();
private static SecretKey key;
@@ -59,19 +62,27 @@
password = "secret";
ContextManager.setAlgorithm("HmacSHA1");
}
+ public final static Subject EMPTY = new Subject();
+ static {
+ EMPTY.setReadOnly();
+ registerSubject(EMPTY);
+ }
+
/**
* After a login, the client is left with a relatively empty Subject, while
* the Subject used by the server has more important contents. This method
* lets a server-side component acting as an authentication client (such
* as Tocmat/Jetty) access the fully populated server-side Subject.
+ * @param clientSideSubject client simplification of actual subject
+ * @return full server side subject
*/
public static Subject getServerSideSubject(Subject clientSideSubject) {
- Set set = clientSideSubject.getPrincipals(IdentificationPrincipal.class);
+ Set<IdentificationPrincipal> set = clientSideSubject.getPrincipals(IdentificationPrincipal.class);
if(set == null || set.size() == 0) {
return null;
}
- IdentificationPrincipal idp = (IdentificationPrincipal)set.iterator().next();
+ IdentificationPrincipal idp = set.iterator().next();
return getRegisteredSubject(idp.getId());
}
@@ -86,7 +97,7 @@
SecurityManager sm = System.getSecurityManager();
if (sm != null) sm.checkPermission(GET_CONTEXT);
- return (Serializable) currentCallerId.get();
+ return currentCallerId.get();
}
public static void setCallers(Subject currentCaller, Subject nextCaller) {
@@ -105,14 +116,14 @@
public static Callers getCallers() {
SecurityManager sm = System.getSecurityManager();
if (sm != null) sm.checkPermission(GET_CONTEXT);
- return (Callers) callers.get();
+ return callers.get();
}
public static Callers setNextCaller(Subject nextCaller) {
SecurityManager sm = System.getSecurityManager();
if (sm != null) sm.checkPermission(SET_CONTEXT);
assert nextCaller != null;
- Callers oldCallers = (Callers) callers.get();
+ Callers oldCallers = callers.get();
assert oldCallers != null;
Callers newCallers = new Callers(oldCallers.getNextCaller(), nextCaller);
callers.set(newCallers);
@@ -122,9 +133,9 @@
public static Callers pushNextCaller(Subject nextCaller) {
SecurityManager sm = System.getSecurityManager();
if (sm != null) sm.checkPermission(SET_CONTEXT);
- Callers oldCallers = (Callers) callers.get();
+ Callers oldCallers = callers.get();
Subject oldNextCaller = oldCallers == null? null: oldCallers.getNextCaller();
- Subject newNextCaller = nextCaller == null? oldNextCaller : nextCaller;
+ Subject newNextCaller = (nextCaller == null || nextCaller == EMPTY)? oldNextCaller : nextCaller;
Callers newCallers = new Callers(oldNextCaller, newNextCaller);
callers.set(newCallers);
return oldCallers;
@@ -140,7 +151,7 @@
SecurityManager sm = System.getSecurityManager();
if (sm != null) sm.checkPermission(GET_CONTEXT);
- Callers callers = (Callers) ContextManager.callers.get();
+ Callers callers = ContextManager.callers.get();
return callers == null? null: callers.getCurrentCaller();
}
@@ -148,7 +159,7 @@
SecurityManager sm = System.getSecurityManager();
if (sm != null) sm.checkPermission(GET_CONTEXT);
- Callers callers = (Callers) ContextManager.callers.get();
+ Callers callers = ContextManager.callers.get();
return callers == null? null: callers.getNextCaller();
}
@@ -156,11 +167,11 @@
SecurityManager sm = System.getSecurityManager();
if (sm != null) sm.checkPermission(GET_CONTEXT);
- Callers threadLocalCallers = (Callers) callers.get();
+ Callers threadLocalCallers = callers.get();
assert threadLocalCallers != null : "No current callers";
Subject currentSubject = threadLocalCallers.getCurrentCaller();
assert currentSubject != null : "No current caller";
- Context context = (Context) subjectContexts.get(currentSubject);
+ Context context = subjectContexts.get(currentSubject);
assert context != null : "No registered context";
@@ -178,7 +189,7 @@
}
};
}
- Context context = (Context) subjectContexts.get(callerSubject);
+ Context context = subjectContexts.get(callerSubject);
assert context != null : "No registered context";
@@ -189,11 +200,11 @@
SecurityManager sm = System.getSecurityManager();
if (sm != null) sm.checkPermission(GET_CONTEXT);
- Callers threadLocalCallers = (Callers) callers.get();
+ Callers threadLocalCallers = callers.get();
assert threadLocalCallers != null : "No current callers";
Subject currentSubject = threadLocalCallers.getCurrentCaller();
assert currentSubject != null : "No current caller";
- Context context = (Context) subjectContexts.get(currentSubject);
+ Context context = subjectContexts.get(currentSubject);
assert context != null : "No registered context";
@@ -204,7 +215,7 @@
SecurityManager sm = System.getSecurityManager();
if (sm != null) sm.checkPermission(GET_CONTEXT);
- Context context = (Context) subjectContexts.get(subject);
+ Context context = subjectContexts.get(subject);
return (context != null ? context.id : null);
}
@@ -214,7 +225,7 @@
if (role == null) throw new IllegalArgumentException("Role must not be null");
try {
- Callers currentCallers = (Callers)callers.get();
+ Callers currentCallers = callers.get();
if (currentCallers == null) {
return false;
}
@@ -223,7 +234,7 @@
return false;
}
- Context context = (Context) subjectContexts.get(currentSubject);
+ Context context = subjectContexts.get(currentSubject);
assert context != null : "No registered context";
@@ -235,7 +246,7 @@
}
public static Subject getRegisteredSubject(SubjectId id) {
- return (Subject) subjectIds.get(id);
+ return subjectIds.get(id);
}
public static synchronized SubjectId registerSubject(Subject subject) {
@@ -253,17 +264,17 @@
Context context = new Context();
context.subject = subject;
context.context = acc;
- Set principals = subject.getPrincipals((Class)GeronimoCallerPrincipal.class);
+ Set<? extends Principal> principals = subject.getPrincipals(GeronimoCallerPrincipal.class);
if (!principals.isEmpty()) {
- context.principal = (Principal) principals.iterator().next();
+ context.principal = principals.iterator().next();
} else if (!(principals = subject.getPrincipals(PrimaryRealmPrincipal.class)).isEmpty()) {
- context.principal = (PrimaryRealmPrincipal) principals.iterator().next();
+ context.principal = principals.iterator().next();
} else if (!(principals = subject.getPrincipals(RealmPrincipal.class)).isEmpty()) {
- context.principal = (RealmPrincipal) principals.iterator().next();
+ context.principal = principals.iterator().next();
} else if (!(principals = subject.getPrincipals()).isEmpty()) {
- context.principal = (Principal) principals.iterator().next();
+ context.principal = principals.iterator().next();
}
- Long id = new Long(nextSubjectId++);
+ Long id = nextSubjectId++;
context.id = new SubjectId(id, hash(id));
subjectIds.put(context.id, subject);
@@ -278,7 +289,7 @@
if (subject == null) throw new IllegalArgumentException("Subject must not be null");
- Context context = (Context) subjectContexts.get(subject);
+ Context context = subjectContexts.get(subject);
if (context == null) return;
subjectIds.remove(context.id);
@@ -359,7 +370,7 @@
}
private static byte[] hash(Long id) {
- long n = id.longValue();
+ long n = id;
byte[] bytes = new byte[8];
for (int i = 7; i >= 0; i--) {
bytes[i] = (byte) (n);
@@ -373,7 +384,9 @@
return mac.doFinal();
} catch (NoSuchAlgorithmException e) {
+ //shouldn't happen
} catch (InvalidKeyException e) {
+ //shouldn't happen
}
assert false : "Should never have reached here";
return null;
Added: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/CredentialStore.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/CredentialStore.java?view=auto&rev=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/CredentialStore.java (added)
+++ geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/CredentialStore.java Sat Jun 9 10:44:02 2007
@@ -0,0 +1,39 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.security.credentialstore;
+
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginException;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public interface CredentialStore {
+
+ CredentialStore NULL = new CredentialStore() {
+
+ public Subject getSubject(String realm, String id) throws LoginException {
+ return null;
+ }
+ };
+
+ Subject getSubject(String realm, String id) throws LoginException;
+}
Propchange: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/CredentialStore.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/CredentialStore.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/CredentialStore.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/DirectConfigurationCredentialStoreImpl.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/DirectConfigurationCredentialStoreImpl.java?view=auto&rev=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/DirectConfigurationCredentialStoreImpl.java (added)
+++ geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/DirectConfigurationCredentialStoreImpl.java Sat Jun 9 10:44:02 2007
@@ -0,0 +1,99 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.security.credentialstore;
+
+import java.util.Map;
+import java.util.HashMap;
+import java.lang.reflect.Constructor;
+import java.lang.reflect.InvocationTargetException;
+import java.security.Principal;
+
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginException;
+
+import org.apache.geronimo.common.DeploymentException;
+import org.apache.geronimo.gbean.GBeanInfo;
+import org.apache.geronimo.gbean.GBeanInfoBuilder;
+
+/**
+ * Hopefully this will only be used for tests where you need to set up a simple credential store
+ * but don't want to set up a login configuration
+ *
+ * @version $Rev:$ $Date:$
+ */
+public class DirectConfigurationCredentialStoreImpl implements CredentialStore {
+
+ private final Map<String, Map<String, Subject>> subjectStore = new HashMap<String, Map<String, Subject>>();
+
+ public DirectConfigurationCredentialStoreImpl(Map<String, Map<String, Map<String, String>>> subjectInfo, ClassLoader cl) throws DeploymentException, ClassNotFoundException, NoSuchMethodException, IllegalAccessException, InvocationTargetException, InstantiationException {
+ if (cl == null) {
+ cl = getClass().getClassLoader();
+ }
+ for (Map.Entry<String, Map<String, Map<String, String>>> realmEntry: subjectInfo.entrySet()) {
+ Map<String, Subject> realm = new HashMap<String, Subject>();
+ for (Map.Entry<String, Map<String, String>> subjectEntry: realmEntry.getValue().entrySet()) {
+ String id = subjectEntry.getKey();
+ Map<String, String> principals = subjectEntry.getValue();
+ Subject subject = new Subject();
+ for (Map.Entry<String, String> principalInfo: principals.entrySet()) {
+ String className = principalInfo.getKey();
+ String principalName = principalInfo.getValue();
+ Class<? extends Principal> clazz = (Class<? extends Principal>) cl.loadClass(className);
+ Constructor<? extends Principal> c = clazz.getConstructor(new Class[] {String.class});
+ Principal p = c.newInstance(new Object[] {principalName});
+ subject.getPrincipals().add(p);
+ }
+ realm.put(id, subject);
+ }
+ subjectStore.put(realmEntry.getKey(), realm);
+ }
+ }
+
+ public Subject getSubject(String realm, String id) throws LoginException {
+ Map<String, Subject> realmMap = subjectStore.get(realm);
+ if (realmMap == null) {
+ throw new LoginException("Unknown realm : " + realm);
+ }
+ Subject subject = realmMap.get(id);
+ if (subject == null) {
+ throw new LoginException("Unknown id: " + id + " in realm: " + realm);
+ }
+ return subject;
+ }
+
+ public static final GBeanInfo GBEAN_INFO;
+
+ static {
+ GBeanInfoBuilder infoBuilder = GBeanInfoBuilder.createStatic(DirectConfigurationCredentialStoreImpl.class);
+
+ infoBuilder.addAttribute("credentialStore", Map.class, true);
+ infoBuilder.addAttribute("classLoader", ClassLoader.class, false);
+
+ infoBuilder.setConstructor(new String[]{"credentialStore", "classLoader"});
+
+ GBEAN_INFO = infoBuilder.getBeanInfo();
+ }
+
+ public static GBeanInfo getGBeanInfo() {
+ return GBEAN_INFO;
+ }
+
+}
Propchange: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/DirectConfigurationCredentialStoreImpl.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/DirectConfigurationCredentialStoreImpl.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/DirectConfigurationCredentialStoreImpl.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/NameCallbackHandler.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/NameCallbackHandler.java?view=auto&rev=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/NameCallbackHandler.java (added)
+++ geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/NameCallbackHandler.java Sat Jun 9 10:44:02 2007
@@ -0,0 +1,44 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.security.credentialstore;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.NameCallback;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public class NameCallbackHandler implements SingleCallbackHandler {
+
+ private final String name;
+
+ public NameCallbackHandler(String name) {
+ this.name = name;
+ }
+
+ public void handle(Callback callback) {
+ ((NameCallback)callback).setName(name);
+ }
+
+ public String getCallbackType() {
+ return NameCallback.class.getName();
+ }
+}
Propchange: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/NameCallbackHandler.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/NameCallbackHandler.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/NameCallbackHandler.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/PasswordCallbackHandler.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/PasswordCallbackHandler.java?view=auto&rev=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/PasswordCallbackHandler.java (added)
+++ geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/PasswordCallbackHandler.java Sat Jun 9 10:44:02 2007
@@ -0,0 +1,47 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.security.credentialstore;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.PasswordCallback;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public class PasswordCallbackHandler implements SingleCallbackHandler {
+
+ private final char[] password;
+
+ public PasswordCallbackHandler(char[] password) {
+ this.password = password;
+ }
+ public PasswordCallbackHandler(String password) {
+ this.password = password.toCharArray();
+ }
+
+ public void handle(Callback callback) {
+ ((PasswordCallback)callback).setPassword(password);
+ }
+
+ public String getCallbackType() {
+ return PasswordCallback.class.getName();
+ }
+}
Propchange: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/PasswordCallbackHandler.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/PasswordCallbackHandler.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/PasswordCallbackHandler.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/SimpleCredentialStoreImpl.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/SimpleCredentialStoreImpl.java?view=auto&rev=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/SimpleCredentialStoreImpl.java (added)
+++ geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/SimpleCredentialStoreImpl.java Sat Jun 9 10:44:02 2007
@@ -0,0 +1,137 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.security.credentialstore;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.lang.reflect.Constructor;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
+
+import org.apache.geronimo.gbean.GBeanInfo;
+import org.apache.geronimo.gbean.GBeanInfoBuilder;
+import org.apache.geronimo.security.ContextManager;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public class SimpleCredentialStoreImpl implements CredentialStore {
+
+ private final Map<String, Map<String, Map<String, SingleCallbackHandler>>> credentialStore = new HashMap<String, Map<String, Map<String, SingleCallbackHandler>>>();
+
+ public SimpleCredentialStoreImpl(Map<String, Map<String, Map<String, String>>> credentials, ClassLoader cl) {
+ if (credentials != null) {
+ for (Map.Entry<String, Map<String, Map<String, String>>> realmData: credentials.entrySet()) {
+ String realmName = realmData.getKey();
+ Map<String, Map<String, SingleCallbackHandler>> realm = getRealm(realmName);
+ for (Map.Entry<String, Map<String, String>> subjectData: realmData.getValue().entrySet()) {
+ String subjectId = subjectData.getKey();
+ Map<String, SingleCallbackHandler> subject = getSubject(realm, subjectId);
+ for (Map.Entry<String, String> credentialData: subjectData.getValue().entrySet()) {
+ String handlerType = credentialData.getKey();
+ String value = credentialData.getValue();
+ try {
+ Class<? extends SingleCallbackHandler> clazz = (Class<? extends SingleCallbackHandler>) cl.loadClass(handlerType);
+ Constructor<? extends SingleCallbackHandler> c = clazz.getConstructor(String.class);
+ SingleCallbackHandler handler = c.newInstance(value);
+ String callbackType = handler.getCallbackType();
+ subject.put(callbackType, handler);
+ } catch (Exception e) {
+ throw new IllegalArgumentException("Could not construct SingleCallbackHandler of type: " + handlerType + " and value: " + value + " for subjectId: " + subjectId + " and realm: " + realmName, e);
+ }
+ }
+ }
+
+ }
+ }
+ }
+
+ public Subject getSubject(String realm, String id) throws LoginException {
+ Map<String, Map<String, SingleCallbackHandler>> idMap = credentialStore.get(realm);
+ if (idMap == null) {
+ throw new LoginException("Unknown realm: " + realm);
+ }
+ final Map<String, SingleCallbackHandler> callbackInfos = idMap.get(id);
+ if (callbackInfos == null) {
+ throw new LoginException("Unknown id: " + id + " in realm: " + realm);
+ }
+ Subject subject = new Subject();
+ LoginContext loginContext = new LoginContext(realm, subject, new CallbackHandler() {
+
+ public void handle(Callback[] callbacks) throws UnsupportedCallbackException {
+ for (Callback callback: callbacks) {
+ if (!callbackInfos.containsKey(callback.getClass().getName())) {
+ throw new UnsupportedCallbackException(callback);
+ }
+ SingleCallbackHandler singleCallbackHandler = callbackInfos.get(callback.getClass().getName());
+ singleCallbackHandler.handle(callback);
+ }
+ }
+ });
+ loginContext.login();
+ return ContextManager.getServerSideSubject(subject);
+ }
+
+ public void addEntry(String realm, String id, Map<String, SingleCallbackHandler> callbackInfos) {
+ Map<String, Map<String, SingleCallbackHandler>> idMap = getRealm(realm);
+ idMap.put(id, callbackInfos);
+ }
+
+ private Map<String, Map<String, SingleCallbackHandler>> getRealm(String realm) {
+ Map<String, Map<String, SingleCallbackHandler>> idMap = credentialStore.get(realm);
+ if (idMap == null) {
+ idMap = new HashMap<String, Map<String, SingleCallbackHandler>>();
+ credentialStore.put(realm, idMap);
+ }
+ return idMap;
+ }
+
+ private Map<String, SingleCallbackHandler> getSubject(Map<String, Map<String, SingleCallbackHandler>> realm, String subjectId) {
+ Map<String, SingleCallbackHandler> subject = realm.get(subjectId);
+ if (subject == null) {
+ subject = new HashMap<String, SingleCallbackHandler>();
+ realm.put(subjectId, subject);
+ }
+ return subject;
+ }
+
+ public static final GBeanInfo GBEAN_INFO;
+
+ static {
+ GBeanInfoBuilder infoBuilder = GBeanInfoBuilder.createStatic(SimpleCredentialStoreImpl.class);
+
+ infoBuilder.addAttribute("credentialStore", Map.class, true);
+ infoBuilder.addAttribute("classLoader", ClassLoader.class, false);
+
+ infoBuilder.setConstructor(new String[]{"credentialStore", "classLoader"});
+
+ GBEAN_INFO = infoBuilder.getBeanInfo();
+ }
+
+ public static GBeanInfo getGBeanInfo() {
+ return GBEAN_INFO;
+ }
+}
Propchange: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/SimpleCredentialStoreImpl.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/SimpleCredentialStoreImpl.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/SimpleCredentialStoreImpl.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/SingleCallbackHandler.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/SingleCallbackHandler.java?view=auto&rev=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/SingleCallbackHandler.java (added)
+++ geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/SingleCallbackHandler.java Sat Jun 9 10:44:02 2007
@@ -0,0 +1,33 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.security.credentialstore;
+
+import java.io.Serializable;
+
+import javax.security.auth.callback.Callback;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public interface SingleCallbackHandler extends Serializable {
+ void handle(Callback callback);
+ String getCallbackType();
+}