You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by dj...@apache.org on 2008/04/18 01:02:06 UTC
svn commit: r649325 - in /geronimo/server/trunk:
framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/util/
plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/
plugins/j2ee/geronimo-web-2....
Author: djencks
Date: Thu Apr 17 16:01:59 2008
New Revision: 649325
URL: http://svn.apache.org/viewvc?rev=649325&view=rev
Log:
GERONIMO-3964 Concentrate the web security analysis in one place
Added:
geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/security/
geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/security/HTTPMethods.java
- copied, changed from r648585, geronimo/server/trunk/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/util/HTTPMethods.java
geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/security/SpecSecurityBuilder.java (with props)
geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/security/URLPattern.java
- copied, changed from r648585, geronimo/server/trunk/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/util/URLPattern.java
geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/security/URLPatternCheck.java
- copied, changed from r648585, geronimo/server/trunk/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/util/URLPatternCheck.java
geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/security/UncheckedItem.java (with props)
geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/security/
geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/security/SecurityConfigTest.java (contents, props changed)
- copied, changed from r648585, geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/SecurityConfigTest.java
geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/security/SpecSecurityParsingTest.java (contents, props changed)
- copied, changed from r648585, geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/SpecSecurityParsingTest.java
Removed:
geronimo/server/trunk/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/util/HTTPMethods.java
geronimo/server/trunk/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/util/URLPattern.java
geronimo/server/trunk/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/util/URLPatternCheck.java
geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/SecurityConfigTest.java
geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/SpecSecurityParsingTest.java
Modified:
geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/AbstractWebModuleBuilder.java
geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/resources/security/web1.xml
geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/resources/security/web2.xml
geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/main/java/org/apache/geronimo/jetty6/deployment/JettyModuleBuilder.java
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6-builder/src/main/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilder.java
Modified: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/AbstractWebModuleBuilder.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/AbstractWebModuleBuilder.java?rev=649325&r1=649324&r2=649325&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/AbstractWebModuleBuilder.java (original)
+++ geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/AbstractWebModuleBuilder.java Thu Apr 17 16:01:59 2008
@@ -79,8 +79,9 @@
import org.apache.geronimo.naming.deployment.ResourceEnvironmentSetter;
import org.apache.geronimo.schema.SchemaConversionUtils;
import org.apache.geronimo.security.jacc.ComponentPermissions;
-import org.apache.geronimo.security.util.HTTPMethods;
-import org.apache.geronimo.security.util.URLPattern;
+import org.apache.geronimo.web25.deployment.security.HTTPMethods;
+import org.apache.geronimo.web25.deployment.security.URLPattern;
+import org.apache.geronimo.web25.deployment.security.SpecSecurityBuilder;
import org.apache.geronimo.xbeans.geronimo.j2ee.GerSecurityDocument;
import org.apache.geronimo.xbeans.javaee.FilterMappingType;
import org.apache.geronimo.xbeans.javaee.FilterType;
@@ -467,201 +468,9 @@
return (WebAppDocument) xmlObject;
}
-
- protected void addUnmappedJSPPermissions(Set<String> securityRoles, Map<String, PermissionCollection> rolePermissions) {
- for (String roleName : securityRoles) {
- addPermissionToRole(roleName, new WebRoleRefPermission("", roleName), rolePermissions);
- }
- }
-
- protected ComponentPermissions buildSpecSecurityConfig(WebAppType webApp, Set<String> securityRoles, Map<String, PermissionCollection> rolePermissions) {
- Map<String, URLPattern> uncheckedPatterns = new HashMap<String, URLPattern>();
- Map<UncheckedItem, HTTPMethods> uncheckedResourcePatterns = new HashMap<UncheckedItem, HTTPMethods>();
- Map<UncheckedItem, HTTPMethods> uncheckedUserPatterns = new HashMap<UncheckedItem, HTTPMethods>();
- Map<String, URLPattern> excludedPatterns = new HashMap<String, URLPattern>();
- Map<String, URLPattern> rolesPatterns = new HashMap<String, URLPattern>();
- Set<URLPattern> allSet = new HashSet<URLPattern>(); // == allMap.values()
- Map<String, URLPattern> allMap = new HashMap<String, URLPattern>(); //uncheckedPatterns union excludedPatterns union rolesPatterns.
-
- SecurityConstraintType[] securityConstraintArray = webApp.getSecurityConstraintArray();
- for (SecurityConstraintType securityConstraintType : securityConstraintArray) {
- Map<String, URLPattern> currentPatterns;
- if (securityConstraintType.isSetAuthConstraint()) {
- if (securityConstraintType.getAuthConstraint().getRoleNameArray().length == 0) {
- currentPatterns = excludedPatterns;
- } else {
- currentPatterns = rolesPatterns;
- }
- } else {
- currentPatterns = uncheckedPatterns;
- }
-
- String transport = "";
- if (securityConstraintType.isSetUserDataConstraint()) {
- transport = securityConstraintType.getUserDataConstraint().getTransportGuarantee().getStringValue().trim().toUpperCase();
- }
-
- WebResourceCollectionType[] webResourceCollectionTypeArray = securityConstraintType.getWebResourceCollectionArray();
- for (WebResourceCollectionType webResourceCollectionType : webResourceCollectionTypeArray) {
- UrlPatternType[] urlPatternTypeArray = webResourceCollectionType.getUrlPatternArray();
- for (UrlPatternType urlPatternType : urlPatternTypeArray) {
- String url = urlPatternType.getStringValue().trim();
- URLPattern pattern = currentPatterns.get(url);
- if (pattern == null) {
- pattern = new URLPattern(url);
- currentPatterns.put(url, pattern);
- }
-
- URLPattern allPattern = allMap.get(url);
- if (allPattern == null) {
- allPattern = new URLPattern(url);
- allSet.add(allPattern);
- allMap.put(url, allPattern);
- }
-
- String[] httpMethodTypeArray = webResourceCollectionType.getHttpMethodArray();
- if (httpMethodTypeArray.length == 0) {
- pattern.addMethod("");
- allPattern.addMethod("");
- } else {
- for (String aHttpMethodTypeArray : httpMethodTypeArray) {
- String method = (aHttpMethodTypeArray == null ? null : aHttpMethodTypeArray.trim());
- if (method != null) {
- pattern.addMethod(method);
- allPattern.addMethod(method);
- }
- }
- }
- if (currentPatterns == rolesPatterns) {
- RoleNameType[] roleNameTypeArray = securityConstraintType.getAuthConstraint().getRoleNameArray();
- for (RoleNameType roleNameType : roleNameTypeArray) {
- String role = roleNameType.getStringValue().trim();
- if (role.equals("*")) {
- pattern.addAllRoles(securityRoles);
- } else {
- pattern.addRole(role);
- }
- }
- }
-
- pattern.setTransport(transport);
- }
- }
- }
-
- PermissionCollection excludedPermissions = new Permissions();
- PermissionCollection uncheckedPermissions = new Permissions();
-
- for (URLPattern pattern : excludedPatterns.values()) {
- String name = pattern.getQualifiedPattern(allSet);
- String actions = pattern.getMethods();
-
- excludedPermissions.add(new WebResourcePermission(name, actions));
- excludedPermissions.add(new WebUserDataPermission(name, actions));
- }
-
- for (URLPattern pattern : rolesPatterns.values()) {
- String name = pattern.getQualifiedPattern(allSet);
- String actions = pattern.getMethods();
- WebResourcePermission permission = new WebResourcePermission(name, actions);
-
- for (String roleName : pattern.getRoles()) {
- addPermissionToRole(roleName, permission, rolePermissions);
- }
- HTTPMethods methods = pattern.getHTTPMethods();
- int transportType = pattern.getTransport();
-
- addOrUpdatePattern(uncheckedUserPatterns, name, methods, transportType);
- }
-
- for (URLPattern pattern : uncheckedPatterns.values()) {
- String name = pattern.getQualifiedPattern(allSet);
- HTTPMethods methods = pattern.getHTTPMethods();
-
- addOrUpdatePattern(uncheckedResourcePatterns, name, methods, URLPattern.NA);
-
- int transportType = pattern.getTransport();
- addOrUpdatePattern(uncheckedUserPatterns, name, methods, transportType);
- }
-
- /**
- * A <code>WebResourcePermission</code> and a <code>WebUserDataPermission</code> must be instantiated for
- * each <tt>url-pattern</tt> in the deployment descriptor and the default pattern "/", that is not combined
- * by the <tt>web-resource-collection</tt> elements of the deployment descriptor with ever HTTP method
- * value. The permission objects must be contructed using the qualified pattern as their name and with
- * actions defined by the subset of the HTTP methods that do not occur in combination with the pattern.
- * The resulting permissions that must be added to the unchecked policy statements by calling the
- * <code>addToUncheckedPolcy</code> method on the <code>PolicyConfiguration</code> object.
- */
- for (URLPattern pattern : allSet) {
- String name = pattern.getQualifiedPattern(allSet);
- HTTPMethods methods = pattern.getComplementedHTTPMethods();
-
- if (methods.isNone()) {
- continue;
- }
-
- addOrUpdatePattern(uncheckedResourcePatterns, name, methods, URLPattern.NA);
- addOrUpdatePattern(uncheckedUserPatterns, name, methods, URLPattern.NA);
- }
-
- URLPattern pattern = new URLPattern("/");
- if (!allSet.contains(pattern)) {
- String name = pattern.getQualifiedPattern(allSet);
- HTTPMethods methods = pattern.getComplementedHTTPMethods();
-
- addOrUpdatePattern(uncheckedResourcePatterns, name, methods, URLPattern.NA);
- addOrUpdatePattern(uncheckedUserPatterns, name, methods, URLPattern.NA);
- }
-
- //Create the uncheckedPermissions for WebResourcePermissions
- for (UncheckedItem item : uncheckedResourcePatterns.keySet()) {
- HTTPMethods methods = uncheckedResourcePatterns.get(item);
- String actions = URLPattern.getMethodsWithTransport(methods, item.getTransportType());
-
- uncheckedPermissions.add(new WebResourcePermission(item.getName(), actions));
- }
- //Create the uncheckedPermissions for WebUserDataPermissions
- for (UncheckedItem item : uncheckedUserPatterns.keySet()) {
- HTTPMethods methods = uncheckedUserPatterns.get(item);
- String actions = URLPattern.getMethodsWithTransport(methods, item.getTransportType());
-
- uncheckedPermissions.add(new WebUserDataPermission(item.getName(), actions));
- }
-
- return new ComponentPermissions(excludedPermissions, uncheckedPermissions, rolePermissions);
-
- }
-
- protected void addPermissionToRole(String roleName, Permission permission, Map<String, PermissionCollection> rolePermissions) {
- PermissionCollection permissionsForRole = rolePermissions.get(roleName);
- if (permissionsForRole == null) {
- permissionsForRole = new Permissions();
- rolePermissions.put(roleName, permissionsForRole);
- }
- permissionsForRole.add(permission);
- }
-
- private void addOrUpdatePattern(Map<UncheckedItem, HTTPMethods> patternMap, String name, HTTPMethods actions, int transportType) {
- UncheckedItem item = new UncheckedItem(name, transportType);
- HTTPMethods existingActions = patternMap.get(item);
- if (existingActions != null) {
- patternMap.put(item, existingActions.add(actions));
- return;
- }
-
- patternMap.put(item, new HTTPMethods(actions, false));
- }
-
- protected static Set<String> collectRoleNames(WebAppType webApp) {
- Set<String> roleNames = new HashSet<String>();
-
- SecurityRoleType[] securityRoles = webApp.getSecurityRoleArray();
- for (SecurityRoleType securityRole : securityRoles) {
- roleNames.add(securityRole.getRoleName().getStringValue().trim());
- }
-
- return roleNames;
+ protected ComponentPermissions buildSpecSecurityConfig(WebAppType webApp) {
+ SpecSecurityBuilder builder = new SpecSecurityBuilder();
+ return builder.buildSpecSecurityConfig(webApp);
}
protected static void check(WebAppType webApp) throws DeploymentException {
@@ -729,29 +538,6 @@
return true;
}
- protected void processRoleRefPermissions(ServletType servletType, Set<String> securityRoles, Map<String, PermissionCollection> rolePermissions) {
- String servletName = servletType.getServletName().getStringValue().trim();
- //WebRoleRefPermissions
- SecurityRoleRefType[] securityRoleRefTypeArray = servletType.getSecurityRoleRefArray();
- Set<String> unmappedRoles = new HashSet<String>(securityRoles);
- for (SecurityRoleRefType securityRoleRefType : securityRoleRefTypeArray) {
- String roleName = securityRoleRefType.getRoleName().getStringValue().trim();
- String roleLink = securityRoleRefType.getRoleLink().getStringValue().trim();
- //jacc 3.1.3.2
- /* The name of the WebRoleRefPermission must be the servlet-name in whose
- * context the security-role-ref is defined. The actions of the WebRoleRefPermission
- * must be the value of the role-name (that is the reference), appearing in the security-role-ref.
- * The deployment tools must call the addToRole method on the PolicyConfiguration object to add the
- * WebRoleRefPermission object resulting from the translation to the role
- * identified in the role-link appearing in the security-role-ref.
- */
- addPermissionToRole(roleLink, new WebRoleRefPermission(servletName, roleName), rolePermissions);
- unmappedRoles.remove(roleName);
- }
- for (String roleName : unmappedRoles) {
- addPermissionToRole(roleName, new WebRoleRefPermission(servletName, roleName), rolePermissions);
- }
- }
protected ClassFinder createWebAppClassFinder(WebAppType webApp, WebModule webModule) throws DeploymentException {
// Get the classloader from the module's EARContext
@@ -868,43 +654,4 @@
webModuleData.setReferencePattern("TrackedConnectionAssociator", moduleContext.getConnectionTrackerName());
}
- class UncheckedItem {
- final static int NA = 0x00;
- final static int INTEGRAL = 0x01;
- final static int CONFIDENTIAL = 0x02;
-
- private int transportType = NA;
- private String name;
-
- public UncheckedItem(String name, int transportType) {
- setName(name);
- setTransportType(transportType);
- }
-
- public boolean equals(Object o) {
- UncheckedItem item = (UncheckedItem) o;
- return item.transportType == transportType && item.name.equals(this.name);
- }
-
-
- public int hashCode() {
- return name.hashCode() + transportType;
- }
-
- public String getName() {
- return name;
- }
-
- public void setName(String name) {
- this.name = name;
- }
-
- public int getTransportType() {
- return transportType;
- }
-
- public void setTransportType(int transportType) {
- this.transportType = transportType;
- }
- }
}
Copied: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/security/HTTPMethods.java (from r648585, geronimo/server/trunk/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/util/HTTPMethods.java)
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/security/HTTPMethods.java?p2=geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/security/HTTPMethods.java&p1=geronimo/server/trunk/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/util/HTTPMethods.java&r1=648585&r2=649325&rev=649325&view=diff
==============================================================================
--- geronimo/server/trunk/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/util/HTTPMethods.java (original)
+++ geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/security/HTTPMethods.java Thu Apr 17 16:01:59 2008
@@ -18,7 +18,7 @@
*/
-package org.apache.geronimo.security.util;
+package org.apache.geronimo.web25.deployment.security;
import java.util.Set;
import java.util.HashSet;
Added: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/security/SpecSecurityBuilder.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/security/SpecSecurityBuilder.java?rev=649325&view=auto
==============================================================================
--- geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/security/SpecSecurityBuilder.java (added)
+++ geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/security/SpecSecurityBuilder.java Thu Apr 17 16:01:59 2008
@@ -0,0 +1,280 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.web25.deployment.security;
+
+import java.security.Permission;
+import java.security.PermissionCollection;
+import java.security.Permissions;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+
+import javax.security.jacc.WebResourcePermission;
+import javax.security.jacc.WebUserDataPermission;
+import javax.security.jacc.WebRoleRefPermission;
+
+import org.apache.geronimo.security.jacc.ComponentPermissions;
+import org.apache.geronimo.xbeans.javaee.RoleNameType;
+import org.apache.geronimo.xbeans.javaee.SecurityConstraintType;
+import org.apache.geronimo.xbeans.javaee.UrlPatternType;
+import org.apache.geronimo.xbeans.javaee.WebAppType;
+import org.apache.geronimo.xbeans.javaee.WebResourceCollectionType;
+import org.apache.geronimo.xbeans.javaee.SecurityRoleType;
+import org.apache.geronimo.xbeans.javaee.ServletType;
+import org.apache.geronimo.xbeans.javaee.SecurityRoleRefType;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public class SpecSecurityBuilder {
+ private final Set<String> securityRoles = new HashSet<String>();
+ private final Map<String, PermissionCollection> rolePermissions = new HashMap<String, PermissionCollection>();
+ private final Map<String, URLPattern> uncheckedPatterns = new HashMap<String, URLPattern>();
+ private final Map<UncheckedItem, HTTPMethods> uncheckedResourcePatterns = new HashMap<UncheckedItem, HTTPMethods>();
+ private final Map<UncheckedItem, HTTPMethods> uncheckedUserPatterns = new HashMap<UncheckedItem, HTTPMethods>();
+ private final Map<String, URLPattern> excludedPatterns = new HashMap<String, URLPattern>();
+ private final Map<String, URLPattern> rolesPatterns = new HashMap<String, URLPattern>();
+ private final Set<URLPattern> allSet = new HashSet<URLPattern>(); // == allMap.values()
+ private final Map<String, URLPattern> allMap = new HashMap<String, URLPattern>(); //uncheckedPatterns union excludedPatterns union rolesPatterns.
+
+ public ComponentPermissions buildSpecSecurityConfig(WebAppType webApp) {
+ collectRoleNames(webApp.getSecurityRoleArray());
+ //role refs
+ for (ServletType servletType: webApp.getServletArray()) {
+ processRoleRefPermissions(servletType);
+ }
+ //add the role-ref permissions for unmapped jsps
+ addUnmappedJSPPermissions();
+
+ analyzeSecurityConstraints(webApp.getSecurityConstraintArray());
+
+ return buildComponentPermissions();
+ }
+
+ public void analyzeSecurityConstraints(SecurityConstraintType[] securityConstraintArray) {
+ for (SecurityConstraintType securityConstraintType : securityConstraintArray) {
+ Map<String, URLPattern> currentPatterns;
+ if (securityConstraintType.isSetAuthConstraint()) {
+ if (securityConstraintType.getAuthConstraint().getRoleNameArray().length == 0) {
+ currentPatterns = excludedPatterns;
+ } else {
+ currentPatterns = rolesPatterns;
+ }
+ } else {
+ currentPatterns = uncheckedPatterns;
+ }
+
+ String transport = "";
+ if (securityConstraintType.isSetUserDataConstraint()) {
+ transport = securityConstraintType.getUserDataConstraint().getTransportGuarantee().getStringValue().trim().toUpperCase();
+ }
+
+ WebResourceCollectionType[] webResourceCollectionTypeArray = securityConstraintType.getWebResourceCollectionArray();
+ for (WebResourceCollectionType webResourceCollectionType : webResourceCollectionTypeArray) {
+ UrlPatternType[] urlPatternTypeArray = webResourceCollectionType.getUrlPatternArray();
+ for (UrlPatternType urlPatternType : urlPatternTypeArray) {
+ String url = urlPatternType.getStringValue().trim();
+ URLPattern pattern = currentPatterns.get(url);
+ if (pattern == null) {
+ pattern = new URLPattern(url);
+ currentPatterns.put(url, pattern);
+ }
+
+ URLPattern allPattern = allMap.get(url);
+ if (allPattern == null) {
+ allPattern = new URLPattern(url);
+ allSet.add(allPattern);
+ allMap.put(url, allPattern);
+ }
+
+ String[] httpMethodTypeArray = webResourceCollectionType.getHttpMethodArray();
+ if (httpMethodTypeArray.length == 0) {
+ pattern.addMethod("");
+ allPattern.addMethod("");
+ } else {
+ for (String aHttpMethodTypeArray : httpMethodTypeArray) {
+ String method = (aHttpMethodTypeArray == null ? null : aHttpMethodTypeArray.trim());
+ if (method != null) {
+ pattern.addMethod(method);
+ allPattern.addMethod(method);
+ }
+ }
+ }
+ if (currentPatterns == rolesPatterns) {
+ RoleNameType[] roleNameTypeArray = securityConstraintType.getAuthConstraint().getRoleNameArray();
+ for (RoleNameType roleNameType : roleNameTypeArray) {
+ String role = roleNameType.getStringValue().trim();
+ if (role.equals("*")) {
+ pattern.addAllRoles(securityRoles);
+ } else {
+ pattern.addRole(role);
+ }
+ }
+ }
+
+ pattern.setTransport(transport);
+ }
+ }
+ }
+ }
+
+ public ComponentPermissions buildComponentPermissions() {
+ PermissionCollection excludedPermissions = new Permissions();
+ PermissionCollection uncheckedPermissions = new Permissions();
+
+ for (URLPattern pattern : excludedPatterns.values()) {
+ String name = pattern.getQualifiedPattern(allSet);
+ String actions = pattern.getMethods();
+
+ excludedPermissions.add(new WebResourcePermission(name, actions));
+ excludedPermissions.add(new WebUserDataPermission(name, actions));
+ }
+
+ for (URLPattern pattern : rolesPatterns.values()) {
+ String name = pattern.getQualifiedPattern(allSet);
+ String actions = pattern.getMethods();
+ WebResourcePermission permission = new WebResourcePermission(name, actions);
+
+ for (String roleName : pattern.getRoles()) {
+ addPermissionToRole(roleName, permission);
+ }
+ HTTPMethods methods = pattern.getHTTPMethods();
+ int transportType = pattern.getTransport();
+
+ addOrUpdatePattern(uncheckedUserPatterns, name, methods, transportType);
+ }
+
+ for (URLPattern pattern : uncheckedPatterns.values()) {
+ String name = pattern.getQualifiedPattern(allSet);
+ HTTPMethods methods = pattern.getHTTPMethods();
+
+ addOrUpdatePattern(uncheckedResourcePatterns, name, methods, URLPattern.NA);
+
+ int transportType = pattern.getTransport();
+ addOrUpdatePattern(uncheckedUserPatterns, name, methods, transportType);
+ }
+
+ /**
+ * A <code>WebResourcePermission</code> and a <code>WebUserDataPermission</code> must be instantiated for
+ * each <tt>url-pattern</tt> in the deployment descriptor and the default pattern "/", that is not combined
+ * by the <tt>web-resource-collection</tt> elements of the deployment descriptor with ever HTTP method
+ * value. The permission objects must be contructed using the qualified pattern as their name and with
+ * actions defined by the subset of the HTTP methods that do not occur in combination with the pattern.
+ * The resulting permissions that must be added to the unchecked policy statements by calling the
+ * <code>addToUncheckedPolcy</code> method on the <code>PolicyConfiguration</code> object.
+ */
+ for (URLPattern pattern : allSet) {
+ String name = pattern.getQualifiedPattern(allSet);
+ HTTPMethods methods = pattern.getComplementedHTTPMethods();
+
+ if (methods.isNone()) {
+ continue;
+ }
+
+ addOrUpdatePattern(uncheckedResourcePatterns, name, methods, URLPattern.NA);
+ addOrUpdatePattern(uncheckedUserPatterns, name, methods, URLPattern.NA);
+ }
+
+ URLPattern pattern = new URLPattern("/");
+ if (!allSet.contains(pattern)) {
+ String name = pattern.getQualifiedPattern(allSet);
+ HTTPMethods methods = pattern.getComplementedHTTPMethods();
+
+ addOrUpdatePattern(uncheckedResourcePatterns, name, methods, URLPattern.NA);
+ addOrUpdatePattern(uncheckedUserPatterns, name, methods, URLPattern.NA);
+ }
+
+ //Create the uncheckedPermissions for WebResourcePermissions
+ for (UncheckedItem item : uncheckedResourcePatterns.keySet()) {
+ HTTPMethods methods = uncheckedResourcePatterns.get(item);
+ String actions = URLPattern.getMethodsWithTransport(methods, item.getTransportType());
+
+ uncheckedPermissions.add(new WebResourcePermission(item.getName(), actions));
+ }
+ //Create the uncheckedPermissions for WebUserDataPermissions
+ for (UncheckedItem item : uncheckedUserPatterns.keySet()) {
+ HTTPMethods methods = uncheckedUserPatterns.get(item);
+ String actions = URLPattern.getMethodsWithTransport(methods, item.getTransportType());
+
+ uncheckedPermissions.add(new WebUserDataPermission(item.getName(), actions));
+ }
+
+ return new ComponentPermissions(excludedPermissions, uncheckedPermissions, rolePermissions);
+ }
+
+ public void addPermissionToRole(String roleName, Permission permission) {
+ PermissionCollection permissionsForRole = rolePermissions.get(roleName);
+ if (permissionsForRole == null) {
+ permissionsForRole = new Permissions();
+ rolePermissions.put(roleName, permissionsForRole);
+ }
+ permissionsForRole.add(permission);
+ }
+
+ private void addOrUpdatePattern(Map<UncheckedItem, HTTPMethods> patternMap, String name, HTTPMethods actions, int transportType) {
+ UncheckedItem item = new UncheckedItem(name, transportType);
+ HTTPMethods existingActions = patternMap.get(item);
+ if (existingActions != null) {
+ patternMap.put(item, existingActions.add(actions));
+ return;
+ }
+
+ patternMap.put(item, new HTTPMethods(actions, false));
+ }
+
+ protected void processRoleRefPermissions(ServletType servletType) {
+ String servletName = servletType.getServletName().getStringValue().trim();
+ //WebRoleRefPermissions
+ SecurityRoleRefType[] securityRoleRefTypeArray = servletType.getSecurityRoleRefArray();
+ Set<String> unmappedRoles = new HashSet<String>(securityRoles);
+ for (SecurityRoleRefType securityRoleRefType : securityRoleRefTypeArray) {
+ String roleName = securityRoleRefType.getRoleName().getStringValue().trim();
+ String roleLink = securityRoleRefType.getRoleLink().getStringValue().trim();
+ //jacc 3.1.3.2
+ /* The name of the WebRoleRefPermission must be the servlet-name in whose
+ * context the security-role-ref is defined. The actions of the WebRoleRefPermission
+ * must be the value of the role-name (that is the reference), appearing in the security-role-ref.
+ * The deployment tools must call the addToRole method on the PolicyConfiguration object to add the
+ * WebRoleRefPermission object resulting from the translation to the role
+ * identified in the role-link appearing in the security-role-ref.
+ */
+ addPermissionToRole(roleLink, new WebRoleRefPermission(servletName, roleName));
+ unmappedRoles.remove(roleName);
+ }
+ for (String roleName : unmappedRoles) {
+ addPermissionToRole(roleName, new WebRoleRefPermission(servletName, roleName));
+ }
+ }
+
+ protected void addUnmappedJSPPermissions() {
+ for (String roleName : securityRoles) {
+ addPermissionToRole(roleName, new WebRoleRefPermission("", roleName));
+ }
+ }
+
+ protected void collectRoleNames(SecurityRoleType[] securityRoles) {
+ for (SecurityRoleType securityRole : securityRoles) {
+ this.securityRoles.add(securityRole.getRoleName().getStringValue().trim());
+ }
+ }
+
+}
Propchange: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/security/SpecSecurityBuilder.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/security/SpecSecurityBuilder.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/security/SpecSecurityBuilder.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Copied: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/security/URLPattern.java (from r648585, geronimo/server/trunk/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/util/URLPattern.java)
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/security/URLPattern.java?p2=geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/security/URLPattern.java&p1=geronimo/server/trunk/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/util/URLPattern.java&r1=648585&r2=649325&rev=649325&view=diff
==============================================================================
--- geronimo/server/trunk/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/util/URLPattern.java (original)
+++ geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/security/URLPattern.java Thu Apr 17 16:01:59 2008
@@ -15,7 +15,7 @@
* limitations under the License.
*/
-package org.apache.geronimo.security.util;
+package org.apache.geronimo.web25.deployment.security;
import java.util.Collection;
import java.util.HashSet;
Copied: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/security/URLPatternCheck.java (from r648585, geronimo/server/trunk/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/util/URLPatternCheck.java)
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/security/URLPatternCheck.java?p2=geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/security/URLPatternCheck.java&p1=geronimo/server/trunk/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/util/URLPatternCheck.java&r1=648585&r2=649325&rev=649325&view=diff
==============================================================================
--- geronimo/server/trunk/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/util/URLPatternCheck.java (original)
+++ geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/security/URLPatternCheck.java Thu Apr 17 16:01:59 2008
@@ -15,7 +15,7 @@
* limitations under the License.
*/
-package org.apache.geronimo.security.util;
+package org.apache.geronimo.web25.deployment.security;
/**
Added: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/security/UncheckedItem.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/security/UncheckedItem.java?rev=649325&view=auto
==============================================================================
--- geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/security/UncheckedItem.java (added)
+++ geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/security/UncheckedItem.java Thu Apr 17 16:01:59 2008
@@ -0,0 +1,67 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.web25.deployment.security;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+class UncheckedItem {
+ final static int NA = 0x00;
+ final static int INTEGRAL = 0x01;
+ final static int CONFIDENTIAL = 0x02;
+
+ private int transportType = NA;
+ private String name;
+
+ public UncheckedItem(String name, int transportType) {
+ setName(name);
+ setTransportType(transportType);
+ }
+
+ public boolean equals(Object o) {
+ if (o instanceof UncheckedItem) {
+ UncheckedItem item = (UncheckedItem) o;
+ return item.transportType == transportType && item.name.equals(this.name);
+ }
+ return false;
+ }
+
+
+ public int hashCode() {
+ return name.hashCode() + transportType;
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ public int getTransportType() {
+ return transportType;
+ }
+
+ public void setTransportType(int transportType) {
+ this.transportType = transportType;
+ }
+}
Propchange: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/security/UncheckedItem.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/security/UncheckedItem.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/security/UncheckedItem.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Copied: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/security/SecurityConfigTest.java (from r648585, geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/SecurityConfigTest.java)
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/security/SecurityConfigTest.java?p2=geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/security/SecurityConfigTest.java&p1=geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/SecurityConfigTest.java&r1=648585&r2=649325&rev=649325&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/SecurityConfigTest.java (original)
+++ geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/security/SecurityConfigTest.java Thu Apr 17 16:01:59 2008
@@ -15,7 +15,7 @@
* limitations under the License.
*/
-package org.apache.geronimo.web25.deployment;
+package org.apache.geronimo.web25.deployment.security;
import java.io.File;
import java.net.URL;
@@ -42,8 +42,10 @@
import org.apache.geronimo.testsupport.TestSupport;
import org.apache.geronimo.xbeans.javaee.WebAppDocument;
import org.apache.geronimo.xbeans.javaee.WebAppType;
+import org.apache.geronimo.web25.deployment.AbstractWebModuleBuilder;
import org.apache.xmlbeans.XmlObject;
import org.apache.xmlbeans.XmlOptions;
+import org.apache.xmlbeans.XmlException;
/**
* @version $Rev$ $Date$
@@ -54,61 +56,13 @@
private XmlOptions options = new XmlOptions();
- private WebModuleBuilder webModuleBuilder = new WebModuleBuilder(null);
-
public void testNoSecConstraint() throws Exception {
- String warName = "war3";
- File path = new File(BASEDIR, "src/test/resources/deployables/"
- + warName);
-
- // parse the spec dd
- String specDD = "";
- WebAppType webApp = null;
- UnpackedJarFile jarFile = new UnpackedJarFile(path);
- URL specDDUrl = DeploymentUtil.createJarURL(jarFile, "WEB-INF/web.xml");
- // read in the entire specDD as a string
- specDD = DeploymentUtil.readAll(specDDUrl);
- // parse it
- XmlObject parsed = XmlBeansUtil.parse(specDD);
- WebAppDocument webAppDoc = webModuleBuilder
- .convertToServletSchema(parsed);
- webApp = webAppDoc.getWebApp();
- Set securityRoles = AbstractWebModuleBuilder.collectRoleNames(webApp);
- Map rolePermissions = new HashMap();
- try {
- ComponentPermissions componentPermissions = webModuleBuilder
- .buildSpecSecurityConfig(webApp, securityRoles, rolePermissions);
- } catch (IllegalArgumentException e) {
- // This is a known issue
- //System.out.println("Exception caught: " + e.getMessage());
- }
+ URL srcXml = classLoader.getResource("deployables/war3/WEB-INF/web.xml");
+ WebAppDocument webAppDoc = WebAppDocument.Factory.parse(srcXml, options);
+ WebAppType webApp = webAppDoc.getWebApp();
+ SpecSecurityBuilder builder = new SpecSecurityBuilder();
+ ComponentPermissions componentPermissions = builder.buildSpecSecurityConfig(webApp);
}
- private static class WebModuleBuilder extends AbstractWebModuleBuilder {
-
- protected WebModuleBuilder(Kernel kernel) {
- super(kernel, null, null, null, null, Collections.EMPTY_SET, null);
- }
-
- protected Module createModule(Object plan, JarFile moduleFile,
- String targetPath, URL specDDUrl, boolean standAlone,
- String contextRoot, AbstractName earName, Naming naming,
- ModuleIDBuilder idBuilder) throws DeploymentException {
- return null;
- }
-
- public void initContext(EARContext earContext, Module module,
- ClassLoader classLoader) throws DeploymentException {
- }
-
- public void addGBeans(EARContext earContext, Module module,
- ClassLoader classLoader, Collection repositories)
- throws DeploymentException {
- }
-
- public String getSchemaNamespace() {
- return null;
- }
- }
}
Propchange: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/security/SecurityConfigTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/security/SecurityConfigTest.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/security/SecurityConfigTest.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Copied: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/security/SpecSecurityParsingTest.java (from r648585, geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/SpecSecurityParsingTest.java)
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/security/SpecSecurityParsingTest.java?p2=geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/security/SpecSecurityParsingTest.java&p1=geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/SpecSecurityParsingTest.java&r1=648585&r2=649325&rev=649325&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/SpecSecurityParsingTest.java (original)
+++ geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/security/SpecSecurityParsingTest.java Thu Apr 17 16:01:59 2008
@@ -18,7 +18,7 @@
*/
-package org.apache.geronimo.web25.deployment;
+package org.apache.geronimo.web25.deployment.security;
import java.net.URL;
import java.util.Collection;
@@ -42,6 +42,7 @@
import org.apache.geronimo.xbeans.javaee.WebAppType;
import org.apache.geronimo.xbeans.javaee.WebAppDocument;
import org.apache.geronimo.security.jacc.ComponentPermissions;
+import org.apache.geronimo.web25.deployment.AbstractWebModuleBuilder;
import org.apache.xmlbeans.XmlOptions;
/**
@@ -51,17 +52,14 @@
private ClassLoader classLoader = this.getClass().getClassLoader();
private XmlOptions options = new XmlOptions();
- private TestWebModuleBuilder builder = new TestWebModuleBuilder();
- private Set<String> roleSet = new HashSet<String>();
- private Map<String, PermissionCollection> rolePermissionMap = new HashMap<String, PermissionCollection>();
public void testParsing() throws Exception {
- roleSet.add("Admin");
URL srcXml = classLoader.getResource("security/web1.xml");
WebAppDocument webAppDoc = WebAppDocument.Factory.parse(srcXml, options);
WebAppType webAppType = webAppDoc.getWebApp();
- ComponentPermissions permissions = builder.buildSpecSecurityConfig(webAppType, roleSet, rolePermissionMap);
+ SpecSecurityBuilder builder = new SpecSecurityBuilder();
+ ComponentPermissions permissions = builder.buildSpecSecurityConfig(webAppType);
PermissionCollection unchecked = permissions.getUncheckedPermissions();
assertTrue(unchecked.implies(new WebResourcePermission("/login.do", "!")));
assertTrue(unchecked.implies(new WebResourcePermission("/foo", "!")));
@@ -76,35 +74,15 @@
* @throws Exception
*/
public void testAllMethodsConstraint() throws Exception {
- roleSet.add("Admin");
URL srcXml = classLoader.getResource("security/web2.xml");
WebAppDocument webAppDoc = WebAppDocument.Factory.parse(srcXml, options);
WebAppType webAppType = webAppDoc.getWebApp();
- ComponentPermissions permissions = builder.buildSpecSecurityConfig(webAppType, roleSet, rolePermissionMap);
+ SpecSecurityBuilder builder = new SpecSecurityBuilder();
+ ComponentPermissions permissions = builder.buildSpecSecurityConfig(webAppType);
PermissionCollection unchecked = permissions.getUncheckedPermissions();
assertFalse(unchecked.implies(new WebResourcePermission("/Test", "!")));
PermissionCollection adminPermissions = permissions.getRolePermissions().get("Admin");
assertTrue(adminPermissions.implies(new WebResourcePermission("/Test", "GET,POST")));
}
- public static class TestWebModuleBuilder extends AbstractWebModuleBuilder {
-
- protected TestWebModuleBuilder() {
- super(null, null, null, null, null, Collections.EMPTY_SET, null);
- }
-
- protected Module createModule(Object plan, JarFile moduleFile, String targetPath, URL specDDUrl, boolean standAlone, String contextRoot, AbstractName earName, Naming naming, ModuleIDBuilder idBuilder) throws DeploymentException {
- return null;
- }
-
- public void initContext(EARContext earContext, Module module, ClassLoader cl) throws DeploymentException {
- }
-
- public void addGBeans(EARContext earContext, Module module, ClassLoader cl, Collection repository) throws DeploymentException {
- }
-
- public String getSchemaNamespace() {
- return null;
- }
- }
}
Propchange: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/security/SpecSecurityParsingTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/security/SpecSecurityParsingTest.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/security/SpecSecurityParsingTest.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/resources/security/web1.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/resources/security/web1.xml?rev=649325&r1=649324&r2=649325&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/resources/security/web1.xml (original)
+++ geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/resources/security/web1.xml Thu Apr 17 16:01:59 2008
@@ -35,5 +35,7 @@
<http-method>GET</http-method>
</web-resource-collection>
</security-constraint>
-
+ <security-role>
+ <role-name>Admin</role-name>
+ </security-role>
</web-app>
Modified: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/resources/security/web2.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/resources/security/web2.xml?rev=649325&r1=649324&r2=649325&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/resources/security/web2.xml (original)
+++ geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/resources/security/web2.xml Thu Apr 17 16:01:59 2008
@@ -26,5 +26,8 @@
<role-name>Admin</role-name>
</auth-constraint>
</security-constraint>
-
+ <security-role>
+ <role-name>Admin</role-name>
+ </security-role>
+
</web-app>
Modified: geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/main/java/org/apache/geronimo/jetty6/deployment/JettyModuleBuilder.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/main/java/org/apache/geronimo/jetty6/deployment/JettyModuleBuilder.java?rev=649325&r1=649324&r2=649325&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/main/java/org/apache/geronimo/jetty6/deployment/JettyModuleBuilder.java (original)
+++ geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/main/java/org/apache/geronimo/jetty6/deployment/JettyModuleBuilder.java Thu Apr 17 16:01:59 2008
@@ -23,7 +23,6 @@
import static java.lang.Boolean.FALSE;
import static java.lang.Boolean.TRUE;
import java.net.URL;
-import java.security.PermissionCollection;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
@@ -371,8 +370,6 @@
resourceEnvironmentSetter.setResourceEnvironment(rebuilder, webApp.getResourceRefArray(), jettyWebApp.getResourceRefArray());
try {
moduleContext.addGBean(webModuleData);
- Set<String> securityRoles = collectRoleNames(webApp);
- Map<String, PermissionCollection> rolePermissions = new HashMap<String, PermissionCollection>();
// configure hosts and virtual-hosts
configureHosts(earContext, jettyWebApp, webModuleData);
@@ -502,10 +499,10 @@
//set up servlet gbeans.
ServletType[] servletTypes = webApp.getServletArray();
- addServlets(moduleName, webModule, servletTypes, servletMappings, securityRoles, rolePermissions, moduleContext);
+ addServlets(moduleName, webModule, servletTypes, servletMappings, moduleContext);
if (jettyWebApp.isSetSecurityRealmName()) {
- configureSecurityRealm(earContext, webApp, jettyWebApp, webModuleData, securityRoles, rolePermissions);
+ configureSecurityRealm(earContext, webApp, jettyWebApp, webModuleData);
}
//See Jetty-386, GERONIMO-3738
@@ -546,7 +543,7 @@
// moduleContext.addGBean(beanData);
}
- private void configureSecurityRealm(EARContext earContext, WebAppType webApp, JettyWebAppType jettyWebApp, GBeanData webModuleData, Set<String> securityRoles, Map<String, PermissionCollection> rolePermissions) throws DeploymentException {
+ private void configureSecurityRealm(EARContext earContext, WebAppType webApp, JettyWebAppType jettyWebApp, GBeanData webModuleData) throws DeploymentException {
AbstractName moduleName = webModuleData.getAbstractName();
if (earContext.getSecurityConfiguration() == null) {
throw new DeploymentException("You have specified a <security-realm-name> for the webapp " + moduleName + " but no <security> configuration (role mapping) is supplied in the Geronimo plan for the web application (or the Geronimo plan for the EAR if the web app is in an EAR)");
@@ -562,7 +559,7 @@
//String policyContextID = webModuleName.getCanonicalName();
webModuleData.setAttribute("policyContextID", policyContextID);
- ComponentPermissions componentPermissions = buildSpecSecurityConfig(webApp, securityRoles, rolePermissions);
+ ComponentPermissions componentPermissions = buildSpecSecurityConfig(webApp);
earContext.addSecurityContext(policyContextID, componentPermissions);
}
@@ -893,27 +890,21 @@
* @param module a <code>Module</code> value
* @param servletTypes a <code>ServletType[]</code> value, contains the <code>servlet</code> entries from <code>web.xml</code>.
* @param servletMappings a <code>Map</code> value
- * @param securityRoles a <code>Set</code> value
- * @param rolePermissions a <code>Map</code> value
* @param moduleContext an <code>EARContext</code> value
* @throws DeploymentException if an error occurs
*/
private void addServlets(AbstractName webModuleName,
- Module module,
- ServletType[] servletTypes,
- Map<String, Set<String>> servletMappings,
- Set<String> securityRoles,
- Map<String, PermissionCollection> rolePermissions,
- EARContext moduleContext) throws DeploymentException {
+ Module module,
+ ServletType[] servletTypes,
+ Map<String, Set<String>> servletMappings,
+ EARContext moduleContext) throws DeploymentException {
// this TreeSet will order the ServletTypes based on whether
// they have a load-on-startup element and what its value is
TreeSet<ServletType> loadOrder = new TreeSet<ServletType>(new StartupOrderComparator());
// add all of the servlets to the sorted set
- for (ServletType servletType1 : servletTypes) {
- loadOrder.add(servletType1);
- }
+ loadOrder.addAll(Arrays.asList(servletTypes));
// now that they're sorted, read them in order and add them to
// the context. we'll use a GBean reference to enforce the
@@ -927,11 +918,8 @@
AbstractName previousServlet = null;
for (Object aLoadOrder : loadOrder) {
ServletType servletType = (ServletType) aLoadOrder;
- previousServlet = addServlet(webModuleName, module, previousServlet, servletType, servletMappings, securityRoles, rolePermissions, moduleContext);
+ previousServlet = addServlet(webModuleName, module, previousServlet, servletType, servletMappings, moduleContext);
}
-
- // JACC v1.0 secion B.19
- addUnmappedJSPPermissions(securityRoles, rolePermissions);
}
/**
@@ -940,20 +928,16 @@
* @param previousServlet the servlet to start before this one in init order
* @param servletType XMLObject specifying the servlet configuration
* @param servletMappings Map of servlet name to set of ServletMapping strings for this web app
- * @param securityRoles security roles in the web app
- * @param rolePermissions RolePermissions for the roles this servlet needs to access
* @param moduleContext deployment context for this module
* @return AbstractName of servlet gbean added
* @throws DeploymentException if something goes wrong
*/
private AbstractName addServlet(AbstractName webModuleName,
- Module module,
- AbstractName previousServlet,
- ServletType servletType,
- Map<String, Set<String>> servletMappings,
- Set<String> securityRoles,
- Map<String, PermissionCollection> rolePermissions,
- EARContext moduleContext) throws DeploymentException {
+ Module module,
+ AbstractName previousServlet,
+ ServletType servletType,
+ Map<String, Set<String>> servletMappings,
+ EARContext moduleContext) throws DeploymentException {
String servletName = servletType.getServletName().getStringValue().trim();
AbstractName servletAbstractName = moduleContext.getNaming().createChildName(webModuleName, servletName, NameFactory.SERVLET);
GBeanData servletData;
@@ -1033,8 +1017,6 @@
String runAsRole = servletType.getRunAs().getRoleName().getStringValue().trim();
servletData.setAttribute("runAsRole", runAsRole);
}
-
- processRoleRefPermissions(servletType, securityRoles, rolePermissions);
try {
moduleContext.addGBean(servletData);
Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6-builder/src/main/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilder.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6-builder/src/main/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilder.java?rev=649325&r1=649324&r2=649325&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6-builder/src/main/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilder.java (original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6-builder/src/main/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilder.java Thu Apr 17 16:01:59 2008
@@ -347,8 +347,6 @@
configureBasicWebModuleAttributes(webApp, tomcatWebApp, moduleContext, earContext, webModule, webModuleData);
try {
moduleContext.addGBean(webModuleData);
- Set<String> securityRoles = collectRoleNames(webApp);
- Map<String, PermissionCollection> rolePermissions = new HashMap<String, PermissionCollection>();
webModuleData.setAttribute("contextPath", webModule.getContextRoot());
// unsharableResources, applicationManagedSecurityResources
GBeanResourceEnvironmentBuilder rebuilder = new GBeanResourceEnvironmentBuilder(webModuleData);
@@ -423,8 +421,6 @@
throw new DeploymentException("Could not load javax.servlet.Servlet in web classloader", e); // TODO identify web app in message
}
for (ServletType servletType : servletTypes) {
- //Handle the Role Ref Permissions
- processRoleRefPermissions(servletType, securityRoles, rolePermissions);
if (servletType.isSetServletClass()) {
String servletName = servletType.getServletName().getStringValue().trim();
@@ -462,8 +458,6 @@
}
}
- // JACC v1.0 secion B.19
- addUnmappedJSPPermissions(securityRoles, rolePermissions);
webModuleData.setAttribute("webServices", webServices);
@@ -483,7 +477,7 @@
String policyContextID = moduleName.toString().replaceAll("[, :]", "_");
securityHolder.setPolicyContextID(policyContextID);
- ComponentPermissions componentPermissions = buildSpecSecurityConfig(webApp, securityRoles, rolePermissions);
+ ComponentPermissions componentPermissions = buildSpecSecurityConfig(webApp);
earContext.addSecurityContext(policyContextID, componentPermissions);
//TODO WTF is this for?
securityHolder.setSecurity(true);